shdesignsPowered By Infinite Improbabilty DrivePremiumReviews:
Stone Mountain, GA
Port 26 would be set to tagged, all others untagged.
Ports 1- 4 would have PVID set to 1
Port 24 would have PVID set to 2.
Port 26 is set to "tagged". That passes the VLAN info to the pfsense box.
The PVID adds a tag to the incoming ports so it gets put in the proper VLAN.
Data coming in ports 1-4 have PVID of 1 added to the packet. If they go out again though 1-4, the tag is removed (ports are set as untagged.) If they go out port 26, this tag is left on so the pfsense box can decode it.
Similar for port 24.
The pfsense box would be sending tagged packets. Port 26 would see that and put the packets in the appropriate VLAN.
What is not clear is incoming packets. Your switch seems to have just "tagged" or "untagged" for each ports. Other switches have this separate as options in a list:
1. accept tagged packets only
2. accept untagged packets only
3. accept both
1 send tagged
2. send untagged
I have a pfsense box using an Alix board. It only has 1 ethernet port so I use VLANs the same as you are (except I have about a dozen ports in each VLAN.)
Embedded Systems Consultant,
SHDesigns home - DIY Welder
JahntassaWhat, I can have feathersPremium
|reply to zacron |
You need to create VLAN IDs via that screen that match the VLAN IDs you're creating in pfSense. Then on Port 26, make sure each one of those VLANs is set to tagged. Voila, trunked port.
Then on your switch, if you aren't using VLAN sensitive gear, you need to go to each VLAN ID via the drop-down, set the ports you want on that network to Untagged. Then, go to the PVID list, and set the PVID for those ports to that same VLAN ID.
The Netgear does sort of have the options that shdesigns is referring to, but it does it on a VLAN by VLAN basis. If you have a port set as Untagged for one VLAN, and 'Not Member' for every other VLAN, it will only pay attention to untagged traffic, and ignore any VLAN tags coming into it. Similarly, it will not send any VLAN tags.
If you have a port that is Untagged for one network (with matching PVID), and set another VLAN to be tagged, it will send both the tagged and untagged packets, as well as accept both. This would be useful if you have a VOIP phone with a computer on the passthrough port. The VOIP could be on its separate VLAN, while the computer is on its own network.