4. Help with a simple (really simple) VLAN

Help with a simple (really simple) VLAN

  • D

    I'm new to PfSense as well as VLANS and could use some help.  My needs are very simple.  I have a managed switch (Ubuquiti edgeswitch lite 24 port).
    It will be connected to PfSense, and the PfSense will go to the web.

    All I need is to segregate blocks of switch ports to keep several departments separate, and all share the printer.

    My thought is:  PfSense LAN is 192.168.1.1  DHCP 192.168.10 - 192.168.200  The only static IP's would be for file server and shared printer

    The switch will plug into PfSense em0 ( LAN )

    So, on the switch, I would have VLAN1 (default), port 24 will be used as the trunk port
                                    VLAN10 (Printer, File server) ports 1-4
    VLAN20 (clinical staff) ports 5-15
    VLAN30 (case management) ports 16-20
    Ports 21, 22, 23 not assigned yet

    All need internet access.

    So if I assign VLANS all on the same network, but assign specific ports to VLANS, How does that work when I configure PfSense VLANS?
    Or do I mess with VLANS on PfSense at all?

    Thanks for any assistance

    0
  • K

    You have to use different non-overlapping subnets on each of the VLANs or nothing will work, a VLAN is nothing but yet another network interface to pfSense. You can think the VLAN set up as if you were adding one or more physical NIC(s) to the system, the only difference is that with a VLAN the physical transport of the VLAN is by an existing real network interface.

    0
  • D

    kpa,

    So, I create three VLANS in PfSense (VLAN10;VLAN20; VLAN30) assigning them to LAN (em0)
    Then,
    I create and structure the VLAN's on the router?  PfSense will not care what port on the switch they are, not will it care what it is called, as long as the titles match correct?

    Or saying this another way, I create the VLANS and port assignments on the managed switch, making sure all works as it should, then, on the PfSense box, create VLANS on em0 to match what is on the switch.

    Then all devices will pass traffic from/to the web.

    Did I understand this correctly?

    0
  • Netgate

    The names don't matter. The VLAN tag/id is what matters. The number.

    0
  • K

    Yes, the switch doesn't care or even know what the VLANs are called in the pfSense setup, it only identifies the VLAN ethernet frames by the raw number in the VLAN tag part of the frame.

    0
  • D

    Thanks for all of your patience regarding my ignorance of this topic.  I have finished watching a really great series on VLAN's on YouTube, and I am getting a better understanding.
    I will watch them one more time, and taking your responses and assistance as tools, I  will attempt to build the VLANs I have used as examples in previous posts.

    I'll post either a success story or durges of a flame-out when the experiment is finished.  Thanks again to all of you!

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy