Understanding Native VLAN with pfSense and Unifi

I’m a classically trained Cisco guy. I recently bought a Netgate SG-1100 and a Unifi 24 port switch and LR-6 for home/ lab use.

I’m trying to divide up the network into 3 segments LAN, Guest and IOT. The issue I’m having is with tagging the LAN VLAN in both pfSense and Unifi.

In Cisco they teach you that the default Native VLAN is “bad” and you should change it and not assign anything to it.

So, per that teaching I’m trying to tag the LAN traffic with a VLAN but I’m running into issues.

— I have been able to tag the Guest and IOT VLAN’s fine, but I am having issues with the default LAN. I’m doing something wrong, but I’m not sure what.

My question is, is it even worth it to try and separate out the Native traffic from the LAN or is setting up VLAN’s for the other two networks enough?
If it is worth separating out, what ways do you do it? Or recommend?

I do plan to have rules in place to prevent communication between the networks. But at this point I’m just trying to get the tagging correct.

You can use the native LAN and the only real risk is that on native LAN you could potentially tap into the traffic of the VLANs.

Okay, that’s what I was thinking, and in a home network if they are on my LAN then I have bigger problems anyways!

1 Like