On 23, Nov2013, at 13:14 , Adam Thompson <[email protected]> wrote:
>> What am I doing wrong?
>
> My best guess is untagged/tagged confusion on your part, but there are other
> possibilities.
>
> I assume VLAN 1 is your "LAN", i.e. the subnet protected by the firewall.
> Presumably ports 5 through 8 are on VLAN 1 as well, and your other devices
> are plugged in there.
> You want port 1 to be an untagged member of VLAN1, and a tagged member of
> VLANs 2, 3 and 4. If your switch talks about "egress" and "ingress" rules,
> port 1 should be configured to *apply* an 802.1Q tag on egress for VLANs 2, 3
> & 4, and to *strip* (or merely not apply, depends on the switch) 802.1Q tags
> on egress for VLAN 1. Similarly, the PVID ("default VLAN") for port 1 should
> be VLAN 1, and it should accept tagged packets for VLANs 2, 3 & 4. Then
> ports 2, 3, and 4 should be configured to strip (or not apply) 802.1Q tags on
> egress for their respective VLANs, and should be configured with a PVID of
> 2/3/4 (respectively) and be set to accept untagged packets.
>
Seems like that was the problem.
Thanks a million.
Ben
_______________________________________________
List mailing list
[email protected]
http://lists.pfsense.org/mailman/listinfo/list
