I am currently using an old desktop with a dual port PCI NIC as a pfSense router. Interface em0 is assigned to the WAN interface, and em1 is assigned to the LAN interface, as well as 3 VLAN interfaces as shown below.
All interfaces shown go through a single cable to a trunked port on my switch. From there, ports are assigned VLANs according to what net the device is supposed to be on. The current LAN network is unused, and is waiting to assign IP addresses to VLAN 1 on my switch (which is not used). Since the LAN interface is not used, I would like to disable it, or remove it all together, and have just VLAN traffic between the router and switch. However, whenever I disable or remove the LAN interface in pfSense, everything on the network loses connectivity and I need to restore a recent config in the pfSense console. I can't seem to figure out why this affects the VLAN traffic that is also supposed to be going through the same port. I have not posted my switch config since I have no reason to believe the issue is on the switch side, but I can post it if necessary. Ideally I would like to remove the LAN interface and still have my VLAN networks be able to communicate. Any ideas?
Best Answer
This has to do with how FreeBSD (the source OS for pfSense) handles interfaces. What you are labeling as "LAN" is the "VLAN parent interface" and when you perform a shut or "if down" on that interface (or uncheck "Enable interface" and "Apply Settings",) it does just that. What you are not anticipating is shutting down the parent interface shuts down its child interfaces.
It's actually fine--you just need to not interact with that interface at all and things will work the way you expect them to. The challenge is removing the config you don't want and still winding up with your VLAN interfaces up.
You can remove the interface completely (this will shut down your VLANs naturally) but you can also leave it with no IP assignment and that will allow you to monitor bandwidth over that physical (parent) interface--even though it has no IP. If you remove the interface, you can not.
So how do you get the VLAN's back up? With the configuration changed, you can reboot the device. You can also do it from the command line.
But the big takeaway is that you should expect any "up" or "down" you apply to that parent interface will take the whole group down.