Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VLAN tag on PFSense

    Routing and Multi WAN
    2
    4
    7.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      extacy1
      last edited by

      hi All,
      I need your expertise in configuring VLAN.

      Scenario ;
      Wan–>PFsense interface 2----> Switch Vlan 2----> Host
      Same Wan--->Pfsense interface 3 --->Switch Vlan 3--->Host

      Vlan 2 configuration  > 192.168.2.1/25 with TagID 2 and  DHCP enabled and connected to any ports on switch  between 2-24
      Van 3 configuration > 192.168.3.1/25 with TagID 3  and DHCP enabled and connected to any ports ports on switch  between 25-48

      OK, my question, when host connects his computer to a port, I have to configure its vlan ID on network preferences , as soon as I enter corresponding Vlan ID, he can access internet.

      But I need plug and play configuration like in LAN, I mean host should be able to plug and get the DHCP address without manual VLAN tag configuration

      If you kindly address, what configuration do I need to do ?


      1 Reply Last reply Reply Quote 0
      • H
        heper
        last edited by

        you generally don't want "client" pc's to have to select what VLAN they get into.

        you can set each port on your switch in different VLANS, Each port can be set in T(Tagged) or U(untagged).
        Tagged=Network driver needs to add/read a Vlan-id to/from your packets
        Untagged=The switch strips the vlan-id before it goes TO the device (device does not receive packets with VLAN-id)

        Your physical pfsense interface should be connected to a port on a switch that has ALL vlans in T(Tagged) Mode.

        Your clients pc's should be connected to an U(Untagged) port on the correct VLAN.
        Setting your port Untagged is not the only thing have todo to get this to work !!!
        There is also something called a "PVID" (name may be different). If a client device sends packets through the switch WITHOUT a VLAN-id, but you need your device in a specific vlan, then the switch ADDS the VLAN specified in the PVID.

        So the PVID of the port should also be set to the correct VLAN.

        I hope this makes sense for you. The problems you are experiencing have nothing todo with pfsense itself but all with the way Layer2 switching works.
        There are some good tutorials @ google for more info

        Enjoy

        1 Reply Last reply Reply Quote 0
        • E
          extacy1
          last edited by

          Thank you for your reply.

          I had another way of doing that, instead of creating Vlans on pfsense, I just created Lan interfaces on PfSense and created untagged Vlans on switch.
          So I have 3 Lans on Pfsense and 3 Untagged Vlans on Switch side.I created blocking rules to prevent routing between Vlans,

          Seems working so far, but when network expands and it comes to trunking , I have to change this back Tagged Vlan, I guess.

          1 Reply Last reply Reply Quote 0
          • H
            heper
            last edited by

            using untagged you "waste" physical interfaces on your pfsense, other then that that could work

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.