OPNsense Forum
English Forums => General Discussion => Topic started by: toxic on March 15, 2021, 09:44:36 am
-
Hello,
I will setup about 10 VLAN on my opnSense firewall, and I'm not sure if I should declare the VLAN on the physical NIC, the LAG or the bridge level.
To be clear, I want to use
- 3 1gb/s NIC as LAG to my switch for bandwidth increase between several clients, servers and VLANs.
- 1 10gb/s virtual NIC to my VMs
There will be a VLAN that should live across those 4 interfaces.
I was thinking I should bridge the lag and the vNIC into an big LAN and then create a VLAN on the LAN Bridge.
But I could also create the VLAN on the LAG and on the vNIC and then create a bridge of these 2 VLAN.
I could even VLAN on each NIC and then LAG the VLANs and then bridge...
Not sure if it's clear for you, hope you can provide insight on what should be the best way for performance.
Since I plan to create several VLAN, creating them directly on the bridge I see the only advantage that it will require less declaration in VLAN, only one for each VLAN instead of 3 for each VLAN (LAGG, vNIC then bridge them)
Thanks in advance for your kind help.
-
Physical --> Lagg --> VLAN --> Bridge
The FreeBSD network stack works only this way.
-
Thanks a lot. This will force me to create more bridges that I would have liked but thanks for the information! Somehow I couldn't find it somewhere else.
But in fact that will allow me to bridge together the VLAN ID10 on the LAGG to the vNIC interface without any VLAN since my vNIC does not really need VLAN, all of my VMs should be on the same network, only bridged to my VLAN10 to be on the same network as my physical servers...
Thanks again.
Best regards.