Messages

Why don't you want to let switches do the switching and turn OPNsense into your "core switch" instead?

Thanks for the quick response.

I thought the overhead wouldn't be that big of an issue and it looked neater, physically, instead of chaining it together. Although, thinking about it one more time I could have realized that performance in dedicated switches must be a lot better. I will change the physical layout so I only use one physical LAN port. It will make the configuration a lot easier as well.

So I started to configure my OPNsense device last week and currently stuck on some core principles, regarding VLANs and bridges. My physical layout looks like in the attached image. 1 router with 4 NICs, 1 WAN port and the other three ports go to different switches/AP.

My initial idea was to create one bridge over the three physical ports and then add the different VLANs I want on top of the bridge. This didn't work, no tagged frames are picked up by the router. After searching the forum it is mentioned several times that FreeBSD does not support VLANs on top of Bridges. For example:

Physical --> Lagg --> VLAN --> Bridge

The FreeBSD network stack works only this way.

So to my questions:

• If I want VLAN 10 to be accessible on all 3 LAN ports do I need to add VLAN 10 to the three physical ports and then bridge the three VLAN interfaces? (3 interfaces for the physical port, 3 interfaces for VLAN 10 on each physical port and 1 bridge interface) or do I bridge one VLAN 10 interface with two other physical interfaces?
• Is it enough to just add VLAN 10 interface for each physical port without the bridge?