VLAN clarification please

  • Hello All!

    OK, I've been reading on how to use VLANS with pfsense and need clarification for my puny brain housing group to assimilate the docs.
    What I am reading (I think), is pfsense does not govern or set up VLAN's.  A managed switch does that, and, pfsense just accepts what the managed switch has configured?
    Or am I reading this wrong?
    I have several small departments in one office that need to share the internet ( 1 connection DSL) and I need to keep all of them separate, but allow the printer to be shared across all 3 departments.
    So, I'd have VLAN 100 for dept 1; VLAN 200 for dept 2; and VLAN 300 for dept 3.  VLAN 1 (main trunk) would be where the printer is.

    Does that sound right?  Once all of this is working correctly, I can configure my pfsense box (1 LAN, 1 WAN) to accept the VLANS from my managed switch?

    Thanks so much for any help on this

  • LAYER 8 Netgate

    You create VLANs in Interfaces > (assign). If you assign a pfSense interface to VLAN XXX on eth0 it will be tagged with that VLAN on eth0.

    You need to understand tagged vs. untagged ethernet ports to be able to successfully administer this.

    If you want VLANs 100, 200, and 300 on pfSense you can:

    Put separate ethernet interfaces into untagged switch ports on VLANs 100,200,300.

    Create pfSense VLAN interfaces on 100,200,300 on one interface and patch that to a tagged switch port.

    Any combination of the above.

  • Yes, you create the VLAN's in pfsense and use a (smart) managed switch to channel them. For example you could create a VLAN only for your printer give it's own port on your managed switch and set the firewall rules in pfsense so that it that can accessed by the other VLAN's.

  • LAYER 8 Global Moderator

    Its not so much that either pfsense or switch create the vlan, they both need the vlan info to be able to work together.. If the vlan is untagged pfsense has no clue that its in a vlan, just traffic it sees you control what untagged vlan that interface pfsense sees in the switch.

    If your sending tagged vlans to pfsense interface, then yes pfsense needs to know what IDs are which..

Log in to reply