Thanks Adam. But I shouldn't have to reduce the MTU across the entire network, since I'm really only using the VLAN tagging on ports which exist within the pfsense box, correct? For example, in my diagram, packets which reach LAN switch A and B won't be tagged...at least, I don't think they will be...what I think *should* happen is that the tagging will get added and stripped at the nics which exist in the pfsense boxes.
Additionally, I have two quad port cards, one newer (which I'm not 100% certain supports the additional bytes added by vlans but am hoping to find out) and one older. You seem to imply I only need one port on the newer card to support the inter-pfsense link, but as far as I can tell I'd need it on both pfsense boxes (one port per box) to do what I'm trying to do, since the different networks exist at each end of the trunk, correct? ----- Original Message ----- From: "Adam Thompson" <[email protected]> To: "pfSense support and discussion" <[email protected]> Sent: Monday, December 30, 2013 11:48:12 AM Subject: Re: [pfSense] pfsense <-> pfsense vlans and trunking without the aid of switches On 13-12-30 10:32 AM, Adam Thompson wrote: Any Ethernet card can support VLANs. However, the 802.1q standard specifies that VLAN tags take an extra 4(?) bytes, so more modern cards can actually handle Ethernet frames that are 4 bytes longer than they should be. If your card can't handle the extra length, the maximum packet size will drop by 4 bytes, so you'll have a lower MTU on that link, and you should then take care to Whoops. ...take care to reduce the MTU throughout your entire network, or at least on the pfSense-to-pfSense link. If this happens, it may cause you some issues. The simple solution would be to use the old card for an UN-tagged connection, and use one of the quad ports on the newer card as the inter-pfSense link. All the ethernet ports on each system are interchangeable - there's nothing magic about one being on-board, or anything like that. In fact, you should probably use the "best" NIC in each system (for varying definitions of "best") as the trunk port, since it'll have to work the hardest of anything. FWIW, almost any open-source UNIX-based system can act as a bridge, and will support what you're doing: building a switch using software and general-purpose hardware, instead of just buying a fixed-function hardware device. There's no requirement to use pfSense on the left-hand system, in your diagram. (It will do a fine job, however.) -- -Adam Thompson [email protected] Cell: +1 204 291-7950 Fax: +1 204 489-6515 _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
