>Here's what I do using the same setup as you have: > >I assign the WAN(em0) and the LAN(em1), to configure the conectivity >to the internet, I connect to the web interface, create some basic >rules(so I can access my adsl modem), then I go to the assign option, >then to the VLAN tab and I add it assigning it to the em1 interface, I >reboot the box, connect to the webinterface again then I go to the >assign option and add a new interface using the VLAN I just created, >then I go to the newly interface, I rename it(DMZ) and add the IP >address and the subnet, remember to save changes in every step you >make of the setup, create the pertinent rules(very important) then to >test it I just go to the DHCP service and I use a short range so I can >connect to the newly subnet using my laptop. > >hope it helps.
Thanks everyone! Sorry for the bad description, I'm not thinking all that clear atm:) So I do only have two interfaces, and the switch is vlan capable and has multiple vlans setup. The production lan is untagged on (1) on all ports (not my setup) and there is a second vlan that I am interested in (3) that is tagged on the LAN interface of the pfSense box. So I need to access hosts and forward traffic to hosts on vlan3 through LAN interface from both my lan and wan interface. So I assigned a vlan (3) on parent interface (lan) and rebooted. I then created a new interface opt1 on the vlan interface above and gave it an ip on vlan 3's subnet. I then added rules for testing allowing all traffic from opt1->* as lan has the lan->* rule already. Every step was saved but I must still be missing something. The switch most certainly is allowing tagged traffic into vlan3 on the port the lan interface is on. What have I missed, I still can't see hosts on vlan3 from the lan. jlc
