RB wrote: > well to set it as a trunking interface also. By using "switchport > access", you're telling the switch to drop tagged packets and place > any untagged ones on VLAN 101. This is right for end-point ports - it > is unwise to allow your client devices to freely tag however they see > fit.
you also want "switchport nonegotiate", otherwise the switch will automagically change to allow .1q packets in, thus allowing DMZ to defeat your multi-lan security! --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
