Inter VLAN

4RR3N

Hi,

I'm just wondering about Inter VLAN communication from the switch\Access Point side of things.

Primarily when a switch and Access Point is turned on and pfSense box is off, does all the connected devices onto the managed switch and Access Point are able to communicate with each other ?

I came across a claim that I would need to disable Inter VLAN on the managed switch and Access Point themselves but from what I personally know, all the firewall rules are handled by pfSense which in this scenario is turned off.

So, which is it and how do I prevent all devices connected to the switch or AP from communicating with each other once pfSense is off ?

Thanks

Jarhead

@4rr3n First, why would pfSense be off?

As long as pfSense is handling the layer 3 portion the vlans will not be able to communicate to each other. Layer 2 is handled by the switch so anything connected to it will still communicate with each other.

So vlan10 devices will talk to other vlan 10 devices, vlan 20 devices will talk to other vlan 20 devices, but vlan 10 won't talk to vlan 20 and vice versa.

4RR3N

@jarhead said in Inter VLAN:

@4rr3n First, why would pfSense be off?

Things happen, power cuts, kids or animals etc.

As long as pfSense is handling the layer 3 portion the vlans will not be able to communicate to each other. Layer 2 is handled by the switch so anything connected to it will still communicate with each other.

So vlan10 devices will talk to other vlan 10 devices, vlan 20 devices will talk to other vlan 20 devices, but vlan 10 won't talk to vlan 20 and vice versa.

So, from the example you have provided, is that the case when PFSense box is turned off or on ? My concern is what happens when the layer 3 (pfsense in this case) is not present but switch/access point is still turned on.

the other

@4rr3n
hey there,
well, as said:
in ONE network, it will work fine with pfsense off (except it is off when turning your machine on, getting an IP address might turn out a bummer (?) :)

Meaning: if everything is up and running when pfsense turns on > off, you could still reach every other machine in the same network (first three blocks of your IP are the same).
If a machine is in another network (VLAN, subnet, WAN, Internet), then no, you cannot reach that machine. For that you need routing (to enable traffic crossing network boundaries). This is done on Layer 3 which is done by a router (=pfsense). No pfsense, no routing, no network besides the one your machine in front of you is in.
It is (as always) a little bit more complicated in real life, but...that should give a small idea.
;)

Just make sure your pfsense box is stored safe and secure, put it in a small network closet...no kids, animals or upsies...and if it breaks, well...that can happen to every device at some moment in time. Have a plan, what to do then. :)

Jarhead

@4rr3n said in Inter VLAN:

@jarhead said in Inter VLAN:

@4rr3n First, why would pfSense be off?

Things happen, power cuts, kids or animals etc.

As long as pfSense is handling the layer 3 portion the vlans will not be able to communicate to each other. Layer 2 is handled by the switch so anything connected to it will still communicate with each other.

So vlan10 devices will talk to other vlan 10 devices, vlan 20 devices will talk to other vlan 20 devices, but vlan 10 won't talk to vlan 20 and vice versa.

So, from the example you have provided, is that the case when PFSense box is turned off or on ? My concern is what happens when the layer 3 (pfsense in this case) is not present but switch/access point is still turned on.

Well, you asked what would happen when it's off, so I wrote what would happen when it's off.
When it's on, all would work as expected.