Bridge or other way to have a VLAN on two Ports (DEC2752)

[th3voic3]

Hi,

I recently got the DEC2752 which I'm very happy with so far.

My switch is a Unifi 16 PoE Lite which has no SFP+ Ports and only Gigabit Ports.
Before getting the DEC2752 my plan was to use the SFP+ Ports to connect my Server and my main desktop PC with a 10Gbit connection by getting two PCIe cards with SFP+ ports. So far so good. Concerning the server that is not a problem, since it's the only device on my management VLAN, so I can just switch the management VLAN from my trunk port going to the switch to the AX0 Port (SFP+ on the DEC).

Now my main desktop is in the trusted VLAN (and I want to keep it there). The trusted VLAN though still needs to be in the trunk Port but I would also like it to be on the AX1 (second SFP+ port).

As far as I can see I need to create a bridge for this. I'm no stranger to bridges in general, but concerning the implementation in opnsense I have some questions:
Do I need to create the bridge containing the trusted VLAN and the AX1 Interface? (since I need that VLAN specifically) or do I need to take the physical ports interface?
And I'm guessing I would then have to redo any firewall rules for that VLAN?

[Patrick M. Hausen]

You cannot have tagged subinterfaces on an interface that is a member of a bridge. So to have a VLAN tagged on one port and untagged on another one bridge the VLAN (tagged) and the additional untagged port.

Make 100% sure you set the two tunables from step #6 of the documentation.

No, you do not need to redo the rules - just change the assignment of the logical interface from the VLAN to the bridge interface and IP address and rules will follow.