Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Single VLAN

    Scheduled Pinned Locked Moved Routing and Multi WAN
    2 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      cal2600
      last edited by

      We have been running PFSense for a while (3 years) connected to the internet through a dsl connection. Soon we will be upgrading the connection so our ASA will send traffic to a switch port connected to the WAN interface of our PFSense box.  The LAN interface is connected to a wireless AP. The traffic to that switch port will be tagged with a VLAN ID so we can keep traffic separated.
      Does the PFSense box need to be configured with a VLAN or since the tagging will occur between the switch and ASA should I leave the config as it is?
      I am new to VLANS on PFSense so if this is a dumb question please excuse me. Thank You

      1 Reply Last reply Reply Quote 0
      • L Offline
        louis-m
        last edited by

        Soon we will be upgrading the connection so our ASA will send traffic to a switch port connected to the WAN interface of our PFSense box.  The LAN interface is connected to a wireless AP. The traffic to that switch port will be tagged with a VLAN ID so we can keep traffic separated.

        i'm unsure as to what you mean there? do you mean ASA > pFsense > Wireless only?

        if you are using vlans, the pfsense port will need to be configured with the vlans in use.
        generally, the pfsense port would include all the vlans that you are using as in most cases it's the router and it has to route traffic on the vlans to other networks eg the internet etc
        the switch behind pfsense is usually where you configure what ports are members of what vlans.

        For example

        Pfsense:
        WAN PORT = untagged > internet
        LAN PORT = vlan2 = PRIVATE, vlan3 = PUBLIC

        The LAN port is plugged into say PORT 24 of the switch.

        Switch:
        PORT 24 = member vlan 2(private) & 3(public)
        PORT 1 = member vlan 2(private) = plug private PC in here
        PORT 2 = member vlan 2(private) = plug private PC in here
        PORT 3 = member vlan 2(private) & vlan 3(public) = plug wireless access point in here

        Wireless access point:
        SSID = PRIVATE = vlan2
        SSID = PUBLIC = vlan3

        the above setup will allow anybody connecting wirelessly on the PRIVATE network to connect to all of the PRIVATE pc's because it is on vlan 2 and also go to the internet if you have configured pfsense to do this.
        Anybody connecting wirelessly via SSID PUBLIC (vlan3) will be isolated from the PRIVATE network (vlan2) and will go out to the internet if you have that configured.

        It's also worth remembering to put a rule in the firewall to prevent inter vlan traffic ie block if source is vlan & destination is vlan.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.