Using Vlans and configuration
-
Hi,
I have never used vlans before but i am looking at using vlans on my network so can separate traffic and create a guess network.
I have just got some zyxel managed switches that allow vlans and never configured vlans before.
If i configure the vlan's on the switches to do the following, must i also configure pfsense to use the separate vlans and if so how easy is it to do this.
switch 1
pfsense in port1 to be able to communicate with all devices on 4 switches
wifi port 2 - guest network internet access only
wifi port 3 - media and mobile devices via wifi - internet plus media server only
port 4 - switch 2
port 5 - switch 3
port 6 - vdsl modem for monitoring - only has access from pc on port 7 on switch 3switch 2
port 1 - switch 1
port 2 - media player
port 3 - wifiswitch 3
port 1 - switch 1
port 2 - switch 4
port 3 - wifi
port 4 - media server
port 5 - NAS1
port 6 - NAS2
port 7 - pc
port 8 - work pc - access only to internetswitch 4
port 1 - switch 3
port 2 - wifi
port 3 - pc
port 4 - pc
port 5 - pcI will be later looking at switching out the separate AP's to ceiling AP's which allow vlan tagging.
i will also be changing some of the network so the pc's can only communicate with themselves, the media server and internet.
thanks
-
Work out what devices you want on what subnet, choose a vlan number and try to use that as your 3rd octet in the IPv4 & IPv6 subnet
I've set mine up like this :-
LAN 172.16.1.1 2a02:xxxx:yyyy:1::1 < VLAN 4093 untagged
USER 172.16.2.1 2a02:xxxx:yyyy:2::1 < VLAN 2 tagged
GUEST 172.16.3.1 2a02:xxxx:yyyy:3::1 < VLAN 3 tagged
IOT 172.16.4.1 2a02:xxxx:yyyy:4::1 < VLAN 4 tagged
DMZ 172.16.5.1 2a02:xxxx:yyyy:5::1 < VLAN 5 tagged
VOICE 172.16.6.1 2a02:xxxx:yyyy:6::1 < VLAN 6 taggedOne of the vlan's will more than likley need to be untagged, if your going to get a Ubiquity AP you'll need an untagged vlan for the AP & CloudKey.
I made the LAN interface my untagged network management subnet.
Creating vlans in pfSense is dead easy :-
-
Interfaces ->Interface Assignments
-
VLANS
-
+Add
-
Select the Parent Interface, add the vlan number & Description
-
Configure the IP info on the interface
I've also renamed my interfaces from OPTx to their function.
Remember you need to carry all the vlans required on the edge switch across the interlink
-
-
cheers
i have my current lan on 1.1 with gateway .254 and my ipv6 is set to tracked interface via wan.
I was looking at getting a zyxel ap at later date, currently i'm using a mixture of tplink, bthh and sky router for ap's
so as test if setup the following
vlan1 is default - 1.1
vlan2 is wifi - 2.1
vlan3 is pcs - 3.1
vlan4 is servers - 4.1
vlan5 is guest - 5.1configure these on the switches and then add them in pfsense
must i reboot between each add on pfsense as have seen this on thread/youtube video that you need to reboot pfsense when configuring each vlan
must i then do anything else on pf so vlan3 can talk to vlan4 and internet, vlan5 can only talk to internet or will the vlan configuration on the switches sort this bit out
also you mention an edge switch? I assume you mean pfsense?
ie my network is as follows
VDSL modem (HG612) -> pfsense (WAN using PPPoE and DHCP login) -> switch 1 (lan) which then connects to the other switches and access points
pfsense only has 2 nics and configured wan and lan interfaces
-
cheers
i have my current lan on 1.1 with gateway .254 and my ipv6 is set to tracked interface via wan.
I was looking at getting a zyxel ap at later date, currently i'm using a mixture of tplink, bthh and sky router for ap's
so as test if setup the following
vlan1 is default - 1.1
vlan2 is wifi - 2.1
vlan3 is pcs - 3.1
vlan4 is servers - 4.1
vlan5 is guest - 5.1configure these on the switches and then add them in pfsense
must i reboot between each add on pfsense as have seen this on thread/youtube video that you need to reboot pfsense when configuring each vlan I didn't need to reboot my router
must i then do anything else on pf so vlan3 can talk to vlan4 and internet, vlan5 can only talk to internet or will the vlan configuration on the switches sort this bit out Add pass/deny firewall rules on each pfSense interface as required
also you mention an edge switch? I assume you mean pfsense? Nope I mean switch 2 3 & 4
ie my network is as follows
VDSL modem (HG612) -> pfsense (WAN using PPPoE and DHCP login) -> switch 1 (lan) which then connects to the other switches and access points
pfsense only has 2 nics and configured wan and lan interfaces The parent interface for the vlans will be the lan interface