The diagram is here: http://i.imgur.com/yGghcOb.jpg
So yes, I think you and I are on the same page. Still, my security questions remain. Thanks, John ----- Original Message ----- From: "Adam Thompson" <[email protected]> To: "pfSense support and discussion" <[email protected]> Sent: Monday, December 30, 2013 12:34:58 PM Subject: Re: [pfSense] pfsense <-> pfsense vlans and trunking without the aid of switches On 13-12-30 11:09 AM, John Wells wrote: Thanks Adam. But I shouldn't have to reduce the MTU across the entire network, since I'm really only using the VLAN tagging on ports which exist within the pfsense box, correct? For example, in my diagram, packets which reach LAN switch A and B won't be tagged...at least, I don't think they will be...what I think *should* happen is that the tagging will get added and stripped at the nics which exist in the pfsense boxes. Additionally, I have two quad port cards, one newer (which I'm not 100% certain supports the additional bytes added by vlans but am hoping to find out) and one older. You seem to imply I only need one port on the newer card to support the inter-pfsense link, but as far as I can tell I'd need it on both pfsense boxes (one port per box) to do what I'm trying to do, since the different networks exist at each end of the trunk, correct? Umm... yes, I think. I've deleted the message that contained the link to your diagram, so I'm going by memory now. >From what I recall, in your network, only two ethernet NICs need to be able to >fully support VLAN tagging in hardware: the trunk port on each pfSense box >that connects to its peer. So, yes, use one port on each quad-port NIC (one >per pfSense machine) as the 802.1q-tagged, trunking, inter-pfSense-instance >link. The ports connecting to the non-VLAN-aware switches do not need to support VLAN tagging in hardware, as they will not be transmitting or receiving any VLAN-tagged frames at all. -- -Adam Thompson [email protected] _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
