On 13-12-30 11:09 AM, John Wells wrote:
Thanks Adam.
But I shouldn't have to reduce the MTU across the entire network,
since I'm really only using the VLAN tagging on ports which exist
within the pfsense box, correct? For example, in my diagram, packets
which reach LAN switch A and B won't be tagged...at least, I don't
think they will be...what I think *should* happen is that the tagging
will get added and stripped at the nics which exist in the pfsense boxes.
Additionally, I have two quad port cards, one newer (which I'm not
100% certain supports the additional bytes added by vlans but am
hoping to find out) and one older. You seem to imply I only need one
port on the newer card to support the inter-pfsense link, but as far
as I can tell I'd need it on both pfsense boxes (one port per box) to
do what I'm trying to do, since the different networks exist at each
end of the trunk, correct?
Umm... yes, I think. I've deleted the message that contained the link
to your diagram, so I'm going by memory now.
From what I recall, in your network, only two ethernet NICs need to be
able to fully support VLAN tagging in hardware: the trunk port on each
pfSense box that connects to its peer. So, yes, use one port on each
quad-port NIC (one per pfSense machine) as the 802.1q-tagged, trunking,
inter-pfSense-instance link.
The ports connecting to the non-VLAN-aware switches do not need to
support VLAN tagging in hardware, as they will not be transmitting or
receiving any VLAN-tagged frames at all.
--
-Adam Thompson
[email protected]
_______________________________________________
List mailing list
[email protected]
http://lists.pfsense.org/mailman/listinfo/list
