• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

VLAN - Need configuration guidance and recommendation

Scheduled Pinned Locked Moved Routing and Multi WAN
2 Posts 1 Posters 3.2k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A
    asterix
    last edited by Aug 11, 2011, 8:08 PM

    pfSense
    Netgear GS108Tv2 smart switch - 8 Port
    AP - VLAN aware

    pfSense has dual gigabit ports. One port is dedicated to WAN (directly connected from Modem) and the other is for 4 VLANs (connected to Netgear switch)

    VLAN 1 - LAN [10.0.1.x - 255.255.255.0] (All PCs, Macs, Printers, NAS..etc)
    VLAN 2 - VoIP [10.0.2.x - 255.255.255.0] (All VoIP ATA's, WiFi Cell Phone connections)
    VLAN 3 - Video [10.0.3.x - 255.255.255.0] (TVs, BluRay Players)
    VLAN 4 - InternetTV [10.0.4.x - 255.255.255.0] (Couple of SetTop boxes that need only internet connection)

    Netgear GS108Tv2
    Port 1 (T) - pfSense (connecting 4 VLANs through this port)
    Port 2 (T) - AP (VLAN aware) - Connects wireless clients to the right VLAN based on their SSIDs
    Port 3 thru 7 (U) - PCs, Macs, NAS (Port based VLAN 1 members as stated above)
    Port 8 (U) - VoIP ATA (Port based VLAN 2 member as stated above)

    I do not need any communications between VLANs as each VLAN member only needs to communicate to the internet (WAN) or with members in the same VLAN. So a PC in VLAN1 cannot see or even ping members of other VLANs except for VLAN1 members. Same goes for other VLANs.

    Default "LAN" rule is created by pfSense after install as below.

    Proto Source Port Destination Port Gateway

    • LAN net * *                 *     *

    I removed the default LAN rule and added rules for LAN VoIP, Video and InternetTV as follows. Took advantage of Alias to define all VLAN networks (10.0.x.0) as (LAN- L, VoIP- Vo, Video- Vi, InternetTV- I)
    Proto Source           Port Destination Port Gateway

    • LAN net              *         !VoViI              * *
    • VoIP net              *         !LViI             * *
    • Video net         *         !LVoI                * *
    • InternetTV net *         !LVoVi              * *

    The updated rules have helped me isolate all the 4 VLANs and none of the VLANs can talk to each other.

    Now my question is that the pfSense dashboard only shows traffic coming in or going out of WAN to the specific VLANs. There is extremely heavy network traffic within each VLAN, especially VLAN 1 - LAN as it consists of PCs and NAS doing data transfers all day long. How can I monitor intra-VLAN traffic?

    1 Reply Last reply Reply Quote 0
    • A
      asterix
      last edited by Aug 12, 2011, 5:14 AM

      I got my answer from another post…

      "VLAN to VLAN traffic is handled entirely within the smart/managed switch and doesn't get to the router"

      1 Reply Last reply Reply Quote 0
      2 out of 2
      • First post
        2/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received