How it works...
Up to now, we have contemplated networks that correspond to a single network interface. Sometimes, however, we want to decouple logical network groupings from physical interfaces. We may want to have more than one network on a single interface—or, less commonly, have a network span multiple interfaces. We can accomplish this with virtual LANs, or VLANs. By attaching a special header to an Ethernet frame, known as an 802.1Q tag, we can have VLANs. Since the VLAN tag is an integer from 1 to 4094, it would seem that we are limited to 4094 VLANs (or 4093, since we are not supposed to use 1 as a tag), but by using QinQ tagging, we can nest VLAN tags, making it possible to have a much greater number of VLANs on our private network (in fact, a much greater number of VLANs than we would probably ever need).
In step 5 of this recipe, we referenced the VLAN priority level. This is a feature added to pfSense with version 2.3 that allows you to define a class of service for your VLAN. It is a 3 bit field from 0 to 7. Somewhat counter-intuitively, 1 is the lowest priority level (background), while 7 is the highest, and 0 is best effort treatment, which is one step above the lowest priority level.