Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense VLANs w/ Cisco 2960S and Windows DHCP Server

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 4 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      capn783
      last edited by

      So I run a small homelab/homeserver environment. pfSense is my router. Verizon FIOS is my ISP. Basic network infrastructure below:

      ONT (Cat5e) –> pfSense WAN Port(DHCP) --> pfSense LAN Port (192.168.1.0/24 Static) --> Cisco Catalyst 2960S PoE+ WS-C2960S-24PS-L (Trunk) --> Servers, Aps, Verizon Router, Clients, Services, etc.

      I have a couple connections in my cisco that go to ethernet drops in two bedrooms upstairs (my homelab stuff is in basement). All wiring in the house is Cat6. The bedrooms have regular unmanaged switches right now but today I am getting two Ubiquiti Unifi switches (US-8-150w for my bedroom and US-8 for the other) to replace them. DHCP is handled by my Windows Server 2016 domain controller as is DNS. I want to start setting up vlans for learning and for the performance/bandwidth benefits. I read some posts here and watched some videos and I believe I understand how to set the vlans up in pfSense and I know how to set them up in the Cisco switch. My question is how to make it so my windows dhcp server is in charge of handing out the ip addresses? I know how to do it if my cisco switch was doing layer 3 (you just use helper addresses) but 2960s isn't a layer 3 switch (i thought it was but checked on cisco's site and it isn't).

      Also, I am curious as to how you guys setup your home vlans. Like I was thinking the following: network equipment (router, switches, etc.) Vlan 1 (Native LAN),  servers Vlan 10, wired Vlan 20, wireless Vlan 30, fios tv Vlan 40, and cctv Vlan 50. I am curious as to whether I should get really specific and like separate game consoles into their own thing, printers (even though I only have 1 right now lol), etc. etc.

      I would appreciate any help if there are others who have done a setup like this. Thank you for your time.

      1 Reply Last reply Reply Quote 0
      • M
        mhertzfeld
        last edited by

        Are you planning on routing traffic between vlans using pfSense?

        If so you may want to group together hosts that will exchange a lot of data between one another.

        For example if you have a NAS and transfer a lot of data between that and your desktops you should consider putting them on the same vlan.  Otherwise you may run into performance issues with sending all that data to pfSense for inter vlan routing.

        IMO printers should be on their own vlan. cctv should be on its own vlan.  Probably FIOS on its own vlan too, but there maybe some caveats with setting that up.

        1 Reply Last reply Reply Quote 0
        • C
          capn783
          last edited by

          Yea so I actually have to postpone this because I thought my 2960-S was layer 3 and its not. So I have to find a good layer 3 switch now because my intention is that the 2960 would act as my core and handle all the inter vlan routing and external would be handled by pfsense. Thank you for your reply mhertzfeld

          1 Reply Last reply Reply Quote 0
          • M
            marvosa
            last edited by

            My question is how to make it so my windows dhcp server is in charge of handing out the ip addresses? I know how to do it if my cisco switch was doing layer 3 (you just use helper addresses) but 2960s isn't a layer 3 switch (i thought it was but checked on cisco's site and it isn't).

            Enable the DHCP relay service and bind it to all your LAN/VLAN interfaces.

            Also, I am curious as to how you guys setup your home vlans. Like I was thinking the following: network equipment (router, switches, etc.) Vlan 1 (Native LAN),  servers Vlan 10, wired Vlan 20, wireless Vlan 30, fios tv Vlan 40, and cctv Vlan 50. I am curious as to whether I should get really specific and like separate game consoles into their own thing, printers (even though I only have 1 right now lol), etc. etc.

            My environment is:
            Cable Modem -> PFsense –-Transit Network---> Cisco WS-C3750X-48T-S (L3 Enabled with VLANS) -> LAN

            Similar to capn783's setup , my DHCP and DNS are served from a virtual Server 2016 DC and I have separate VLANS for everything:

            Workstations
            Servers
            Management
            Wireless
            Printers
            Liftmaster Internet Gateway

            I have no need to firewall my VLANs and I'm a performance junky, so my VLANs are terminated on my switch instead of PFsense.  I don't want anything hitting my firewall unless it's going out to the internet.

            1 Reply Last reply Reply Quote 0
            • W
              Wolf666
              last edited by

              My setup:

              Modem–-pfSense(DHCP, NTP, DNS, VPN, NAT)---<trunk>---Cisco SG350 (L2 Mode)---Clients:

              VLAN 1 Management (Laptop, iPhone, iPad)
              VLAN 100 Trusted WiFi (Wife iPhone and iPad, Kindles, Smart Scale, Home Lights & Sensors)
              VLAN 200 Guest WiFi
              VLAN 666 Media (NAS, Media Players, PS4, TVs, Workstation)
              VLAN 935 Voice</trunk>

              Modem Draytek Vigor 130
              pfSense 2.4 Supermicro A1SRi-2558 - 8GB ECC RAM - Intel S3500 SSD 80GB - M350 Case
              Switch Cisco SG350-10
              AP Netgear R7000 (Stock FW)
              HTPC Intel NUC5i3RYH
              NAS Synology DS1515+
              NAS Synology DS213+

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.