VLAN - Multiple Trunk Ports

[d40]

I've been reading through the forums (perhaps I didn't dig deep enough) and couldn't find an definitive answer on how to configure multiple trunk ports.

GOAL:
ETH 04 = tagged VLAN 10 & VLAN 20
ETH 03 = tagged VLAN 10 & VLAN 20
ETH 02 = untagged VLAN 10

VLAN10 = Internal
VLAN20 = Guest

I appreciate any advice on this!

[d40]

I've attached a diagram to understand the configuration a bit.

[Patrick M. Hausen]

OPNsense is not a switch. So there is no internal concept of a VLAN 10 on some forwarding plane. There is no forwding plane. It's all software on the one and only CPU.

VLANs are really just tagged subinterfaces like with all routers, e.g. Cisco IOS. Though the lines are blurred a bit by the proliferation of "layer 3 switches."

So VLAN 10 on ETH 04 and VLAN 10 on ETH 03 and ETH 02 without VLAN have by default no connection in OPNsense. if you are aiming for wire speed performance, the general recommendation is to buy a switch.

If your network speed is 1G or below and you can live with achieving "only", say 80-90 percent of that depending on the CPU of your appliance, you can do this in OPNsense by configuring bridge interfaces.

So you need:

- bridge 1: VLAN 10 on ETH 04, VLAN 10 on ETH03, ETH 02 (without VLAN)
- bridge 2: VLAN 20 on ETH 04, VLAN 20 on ETH 03

My recommendation: just try it and if the performance is not what you expect, consider buying a small managed switch. If the performance is ok - great!

[d40]

I hadn't considered control plane vs data plane, I appreciate the insight! It's a very good point about line speed and using a managed switch.

The bridge(s) that you suggest is similar to what I attempted, but bricked the box.  Certainly a misconfiguration on my end and will attempt again.

Thanks Patrick!

[d40]

Just wanted to pop back on and confirm that the multiple bridge interfaces worked well.

Thanks again.