Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Using VLANs and VLAN tagging aware switch to add more LAN ports?

    Routing and Multi WAN
    4
    9
    3166
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      scottlindner last edited by

      I believe I am just smart enough to say something completely stupid. Apologies in advance if I'm not even that smart. :)

      I'm a home user that recently bought an SG-2200. It has a single LAN port. I host a couple of hobby websites and want to isolate them on a separate LAN. The SG-2200 has a single LAN port. If I were to buy a small VLAN tagging aware managed switch and setup the VLANs in pfSense and add them as interface adaptors, will everything else in pfSense work seamlessly as if I had bought a larger unit with multiple LAN ports? I don't need the horsepower of a larger unit, just one or two more LAN ports for LAN separation.

      1 Reply Last reply Reply Quote 0
      • H
        heper last edited by

        yes, if you manage to get the switch configured correctly

        1 Reply Last reply Reply Quote 0
        • S
          scottlindner last edited by

          Is there some devil in doing so that I am oversimplifying in my head? If I understand it, you setup the VLANs and the tags in pfSesne. On the switch I map the VLAN tags to the ports, and that's pretty much it, right?

          1 Reply Last reply Reply Quote 0
          • C
            costasppc last edited by

            In fact, yes, but traffic flow depending also on your switch.

            I put the trunk port in the OPT of pfsense, and the gateways-routers on the VLANs tagged ports.

            I am attaching 2 screens from a pfsense with VLANs.

            Best regards

            Kostas


            1 Reply Last reply Reply Quote 0
            • johnpoz
              johnpoz LAYER 8 Global Moderator last edited by

              "On the switch I map the VLAN tags to the ports, and that's pretty much it, right?"

              Yup that is pretty much it… But seems users have a devil of a time of it...  Check out this thread for example.. Poor guy just doesn't get it ;)
              https://forum.pfsense.org/index.php?topic=132002.0

              Try as we might.. Like trying to teach a goldfish how to ride a bike ;)

              1 Reply Last reply Reply Quote 0
              • S
                scottlindner last edited by

                @costasppc:

                In fact, yes, but traffic flow depending also on your switch.

                I put the trunk port in the OPT of pfsense, and the gateways-routers on the VLANs tagged ports.

                I am attaching 2 screens from a pfsense with VLANs.

                Best regards

                Kostas

                Can you explain "trunk port" and "OPT of pfSense" a bit? Thanks!

                1 Reply Last reply Reply Quote 0
                • S
                  scottlindner last edited by

                  @johnpoz:

                  "On the switch I map the VLAN tags to the ports, and that's pretty much it, right?"

                  Yup that is pretty much it… But seems users have a devil of a time of it...  Check out this thread for example.. Poor guy just doesn't get it ;)
                  https://forum.pfsense.org/index.php?topic=132002.0

                  Try as we might.. Like trying to teach a goldfish how to ride a bike ;)

                  Thanks for the link. I skimmed it. I already understand the network stuff enough to not be that confused about my objectives. (Hehe.. famous last words.) That link might be enough to help me do what I'm looking for.

                  Right now I use two physical residential "routers" with two physically separate LANs with one behind the other. I forget the technical name for this arrangement. Dual trusted host or something like that? I'm thinking of switching from a LAN behind a LAN that requires two NAT'ing firewalls, to a single NAT'ing firewall (pfSense) and two truly separate LANs (via a VLAN tagging aware switch).

                  BTW.. after an initial learning curve I am loving pfSense and very happy that I purchased the Netgate SG-2200.

                  1 Reply Last reply Reply Quote 0
                  • johnpoz
                    johnpoz LAYER 8 Global Moderator last edited by

                    A trunk port is more of a cisco term for a connection that carries tagged vlans is all.  You can also setup a native vlan on it that is not tagged.

                    An opt interface is just another interface you add to pfsense, could be a physical interface or a vlan riding on a physical interface which will be the case in your sg2220 setup since it only has 2, one for wan and other for your lan side.

                    So you would create your vlan in pfsense, then assign this to an opt interface (which you can then name anything you want).  This opt interface will be the actual interface for pfsense where you setup rules, dhcp server, etc.

                    So you would create vlan interfaces how ever many you need, then create the opt interface and assign your vlan to it.  Then setup its IP and enable or not dhcp server on it, etc.  See attached interfaces of my pfsense as example.  See the wlan interface (opt1) in my case and then all the vlan interfaces that sit on top of the physical interface em2 in my case (opt1) I have just renamed them.  See the add button bottom right that will allow you to add opt interfaces.

                    Any more questions just ask!


                    1 Reply Last reply Reply Quote 0
                    • S
                      scottlindner last edited by

                      Ah. That makes perfect sense. You want to keep all VLAN tagged traffic physically separated for security purposes. Thanks!

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post

                      Products

                      • Platform Overview
                      • TNSR
                      • pfSense
                      • Appliances

                      Services

                      • Training
                      • Professional Services

                      Support

                      • Subscription Plans
                      • Contact Support
                      • Product Lifecycle
                      • Documentation

                      News

                      • Media Coverage
                      • Press
                      • Events

                      Resources

                      • Blog
                      • FAQ
                      • Find a Partner
                      • Resource Library
                      • Security Information

                      Company

                      • About Us
                      • Careers
                      • Partners
                      • Contact Us
                      • Legal
                      Our Mission

                      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                      Subscribe to our Newsletter

                      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                      © 2021 Rubicon Communications, LLC | Privacy Policy