Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can we control two LAN interfaces independent of each other?

    Scheduled Pinned Locked Moved L2/Switching/VLANs
    7 Posts 2 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      getk
      last edited by getk

      I've installed pfsense in an old NUC and works perfectly. The only issue is , the NUC had two cable ports (1 used for WAN and other for LAN) and its working perfectly. I wanted to extend the LAN to have one or two more by adding a USB to LAN adapter and then attach to a wifi emitter. The diagram below explains and the one in red colour is what I wanted to put as NEW

      pfsense_2nd_lan.drawio.png

      • Is this possible and and if yes how do do? Create a new VLAN etc?
      • Can I then control the finer settings of this new LAN output from pfsense? For instance wanted to install ad-free pfBlockerNG or piHole just for the new LAN?
      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @getk
        last edited by johnpoz

        @getk You can add a usb interface - not really recommended. But if the usb comes up (pfsense/freebsd) has driver for it. Then sure you can add another network - wouldn't really be a "vlan" It would be another network, just like lan untagged on whatever interface comes up for your usb nic.

        USB nics and freebsd, therefore pfsense not really a great track record. You might be better off just using a vlan capable switch and setting up a vlan on your lan interface..

        But sure once you bring up another network or vlan - you could connect your AP to this new network/vlan

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        G 1 Reply Last reply Reply Quote 1
        • G
          getk @johnpoz
          last edited by

          @johnpoz said in Can we control two LAN interfaces independent of each other?:

          You might be better off just using a vlan capable switch a

          thank you for the reply.
          Do you recommend a vlan capable switch?

          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @getk
            last edited by johnpoz

            @getk what a specific make or model? What sort of budget are you thinking? How many ports do you want/need.. It would be possible to just get a little vlan capable switch, or you could replace your whole switch if it has lots of ports, etc.

            vlanswitch.jpg

            Example - that could be done with just a 5 port vlan switch... Where everything on the downstream switch is on some vlan X, and your AP is on vlan Y.

            5 or 8 port gig vlan capable switches can be had for under $40 for sure..

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            G 1 Reply Last reply Reply Quote 0
            • G
              getk @johnpoz
              last edited by getk

              @johnpoz
              thank you again. In the above design, would we be able to configure/block-ads etc for per vlan? i meant can we control finer details per vlan?

              johnpozJ 1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator @getk
                last edited by

                @getk yes once you create the new vlan/network you could allow/block communication between these networks at pfsense.

                You could block vlan X from going to xyz on the internet, while allowing vlan Y, etc.

                You would be able to have as much control as you want on where either of these networks could go, within the limits of what pfsense can do of course.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                G 1 Reply Last reply Reply Quote 1
                • G
                  getk @johnpoz
                  last edited by

                  @johnpoz thank you and much obliged

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.