Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Help with a simple (really simple) VLAN

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 3 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      detox
      last edited by

      I'm new to PfSense as well as VLANS and could use some help.  My needs are very simple.  I have a managed switch (Ubuquiti edgeswitch lite 24 port).
      It will be connected to PfSense, and the PfSense will go to the web.

      All I need is to segregate blocks of switch ports to keep several departments separate, and all share the printer.

      My thought is:  PfSense LAN is 192.168.1.1  DHCP 192.168.10 - 192.168.200  The only static IP's would be for file server and shared printer

      The switch will plug into PfSense em0 ( LAN )

      So, on the switch, I would have VLAN1 (default), port 24 will be used as the trunk port
                                      VLAN10 (Printer, File server) ports 1-4
      VLAN20 (clinical staff) ports 5-15
      VLAN30 (case management) ports 16-20
      Ports 21, 22, 23 not assigned yet

      All need internet access.

      So if I assign VLANS all on the same network, but assign specific ports to VLANS, How does that work when I configure PfSense VLANS?
      Or do I mess with VLANS on PfSense at all?

      Thanks for any assistance

      1 Reply Last reply Reply Quote 0
      • K
        kpa
        last edited by

        You have to use different non-overlapping subnets on each of the VLANs or nothing will work, a VLAN is nothing but yet another network interface to pfSense. You can think the VLAN set up as if you were adding one or more physical NIC(s) to the system, the only difference is that with a VLAN the physical transport of the VLAN is by an existing real network interface.

        1 Reply Last reply Reply Quote 0
        • D
          detox
          last edited by

          kpa,

          So, I create three VLANS in PfSense (VLAN10;VLAN20; VLAN30) assigning them to LAN (em0)
          Then,
          I create and structure the VLAN's on the router?  PfSense will not care what port on the switch they are, not will it care what it is called, as long as the titles match correct?

          Or saying this another way, I create the VLANS and port assignments on the managed switch, making sure all works as it should, then, on the PfSense box, create VLANS on em0 to match what is on the switch.

          Then all devices will pass traffic from/to the web.

          Did I understand this correctly?

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            The names don't matter. The VLAN tag/id is what matters. The number.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • K
              kpa
              last edited by

              Yes, the switch doesn't care or even know what the VLANs are called in the pfSense setup, it only identifies the VLAN ethernet frames by the raw number in the VLAN tag part of the frame.

              1 Reply Last reply Reply Quote 0
              • D
                detox
                last edited by

                Thanks for all of your patience regarding my ignorance of this topic.  I have finished watching a really great series on VLAN's on YouTube, and I am getting a better understanding.
                I will watch them one more time, and taking your responses and assistance as tools, I  will attempt to build the VLANs I have used as examples in previous posts.

                I'll post either a success story or durges of a flame-out when the experiment is finished.  Thanks again to all of you!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.