How To Add and Use Taggged and Untagged VLANs Trunks on pfSense Router Interfaces

(Complatible and tested with Cisco switches)
Updated May 13, 2018: Configuration can be done completely within the pfSense GUI
Objective:
Using VLANs and Trunking to provide subnet 
192.168.10.0 tagged on interfaces em3 & em4
to trunked interfaces on switches.

Requirements:
Available Interfaces
em2 (OPT1), em3 (OPT2), em4 (OPT3)
3 subnets each on it's own router interface to its own switch
192.168.10.0 on em2 (VLAN10)
192.168.20.0 on em3 (VLAN20)
192.168.30.0 on em4 (VLAN30)

Note:
192.168.10.0 on em2 will be untagged
192.168.10.0 on em3 will be tagged
192.168.10.0 on em4 will be tagged
192.168.20.0 on em3 will be untagged
192.168.30.0 on em4 will be untagged

This was developed on pfSense
2.4.3-RELEASE (amd64)
built on Mon Mar 26 18:02:04 CDT 2018
FreeBSD 11.1-RELEASE-p7

(Click on screenshots to zoom, back buttion to return)


Configure Interfaces via pfSense GUI

Interfaces -> OPT1
Check Enable interface
IPv4 Configuration Type: IPv4
IPv4 Address: 192.168.10.1/24

Click Save

Interfaces -> OPT2
Check Enable interface
IPv4 Configuration Type: IPv4
IPv4 Address: 192.168.20.1/24

Click Save

Interfaces -> OPT3
Check Enable interface
IPv4 Configuration Type: IPv4
IPv4 Address: 192.168.30.1/24

Click Save
Click Apply Changes


Create VLANs via pfSense GUI

Interfaces -> Interface Assignments -> VLANs

Click Add
Parent Interface: em3
VLAN Tag: 10
VLAN Priority: <leave as is>
Description: vlan10

Click Save

Click Add
Parent Interface: em4
VLAN Tag: 10
VLAN Priority: <leave as is>
Description: vlan10

Click Save

Created VLANs


Interfaces -> Interface Assignments
Available network ports: From drop down box choose new em3 VLAN created
(Assuming OPT5)

Click Add



Interfaces -> Interface Assignments
Available network ports: From drop down box choose new em4 VLAN created
(Assuming OPT6)

Click Add



Click on Interface associated with em3 VLAN (Assuming OPT5) 


Check Enable interface 
Change Description: OPT5 to em310

Click Save


Click Apply Changes



Click on Interface associated with em4 VLAN
(Assuming OPT6)

Check Enable interface 
Change Description: OPT5 to em410


Click Save

Click Apply Changes




Create Bridge via pfSense GUI

Interfaces -> Interface Assignments -> Bridges
Add

Member Interface: OPT1, em310, em410
Click Save

Note name of bridge created


Interfaces -> Interface Assignments
Available network ports: From drop down box choose new bridge created
(Assuming BRIDGE0)

Click Add


Click on Interface associated with bridge
(Assuming OPT7)


Check Enable interface
Change Description: OPT5 to BRIDGE0


Click Save


Click Apply Changes


VLAN and Bridge setup complete


Add firewall rules for BRIDGE0 via pfSense GUI

Firewall -> Rules
Add
Save
Apply Changes
(As needed)


That's it. Assuming your switches are set up and connected.

Switch interfaces configuration:
switch connected to em2: Access, VLAN10 untagged
switch connected to em3: Trunk, VLAN10 tagged, VLAN20 untagged
switch connected to em4: Trunk, VLAN10 tagged, VLAN30 untagged

These are 3 separate independent switches, do not connected
these 3 interfaces to the same switch or any combiantion of 2
of these interfaces to the same switch.

If anything was missed or there are questions, errors,or 
discrepancies please email me at:
pfs (at) curtronics (dot) com

*