Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Segmenting a network with Subnets and VLANs

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 3 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A Offline
      Atreides
      last edited by

      If I have a router that has multiple extra ports, but I do not have a managed switch, is it possible for me to just use the router and the extra nics to set up the VLANs?

      If it is not possible, and I want to segment my network, do I basically need to plug in all the different ethernet ports connected to the areas of the network I want to connect to into separate switches, and then plug them into the different nics?

      1 Reply Last reply Reply Quote 0
      • johnpozJ Offline
        johnpoz LAYER 8 Global Moderator
        last edited by

        if you do not have smart switch that does vlans then yes you would need multiple switches.

        While you could just plug all your interfaces into the same dumb switch and run different networks.  This would be running multiple layer 3 over the same layer 2 and that is a BORKED configuration.

        So get as smart switch that can do vlans, and then yes you can put all your different nics on your router in different vlans.  Or use multiple dumb switches plugged into your different nics and you can provide separation that way.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • A Offline
          Atreides
          last edited by

          Awesome, guess I need a smart Switch.

          1 Reply Last reply Reply Quote 0
          • A Offline
            Atreides
            last edited by

            So if i'm looking at buying a smart or fully managed switch, would my best bet be to buy a smart switch and let the pfSense do the routing between vlans?

            Would that mean I would connect the smart switch to just a single interface of the pfSense? Or is it a better idea to use multiple interfaces?

            1 Reply Last reply Reply Quote 0
            • JeGrJ Offline
              JeGr LAYER 8 Moderator
              last edited by

              @Atreides: That depends on how you want to structure your network. If you want to achieve something like a "core" concept (e.g. a bigger level 3 switch as switching and routing central normally with a big trunk towards the firewall), you'd need a fully managed switch.
              Pro: you can normally route on the core much faster than on a filtering firewall
              Con: complexity, quite often the "filtering" those switches do are not nicely configurable (bad GUI or CLI and complex rules necessary if you do want to filter between networks)

              Normally in anything less than a bigger corporate network, you can go with a smart switch that can do VLAN and do the routing/filtering in pfSense. I'd doubt you would need the performance and complexity of a level 3 switch :)

              Greets

              Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

              If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

              1 Reply Last reply Reply Quote 0
              • A Offline
                Atreides
                last edited by

                Well I found a slightly used tp link 24 port L2 managed switch for $240, VLAN heaven here I come!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.