vlan question

  • do i need to have a manage switch if i do vlan on pfsense?

  • @ravegen
    Depends on what you wanna do on which hardware.
    If you're talking about the latest pfSense hardware with built-in Marvel switch then maybe not.
    If you're talking about an external switch then yes, absolutely.

  • I mean, can I do vlan without any managed switch, just thru pfsense and unmanaged switches.

  • LAYER 8 Netgate

    Not really.

    Why sweat it? Switch ports are pretty cheap. How many switch ports are you talking about?

    What problem do you expect VLANs to solve for you?

  • LAYER 8 Global Moderator

    You could use dumb switches if your going to physical isolate your networks.. Ie different dumb switch into different interfaces on your pfsense router that are not tagged.

    Here is the thing if your going to do vlans, then you need vlan capable switch(es).. You can if you need to connect dumb switches downstream of a smart switch if everything on that dumb switch is going to be in the same vlan you setup on that vlan capable switches port its connected to.

    If your going to connect a device that does vlans directly to a pfsense interface you can get by without a switch. For example a esxi host or something where you can setup the vswitch with vlan port groups... Or say an AP that will put vlans on its different SSIDs

    But yes if you want to use vlans in your network as Derelict already stated you need a vlan capable switch. They are not expensive these days. You do not need a 1K dollar enterprise fully managed layer 3 cisco nexus for example... Any of typical home switch players.. dlink, netgear make entry level smart switches that can do vlans. Shoot I have seen the 8 port gig models for less than their dumb models sometimes.

  • VLANs without a VLAN aware switch are hard to use because then all of your client system have to be aware of the VLAN tags in the ethernet packets directed to them. Depending on the systems you have this might be very inconvinient.

    Don't go cheap, get a VLAN capable switch, they are not so expensive anymore at entry level.

  • i dont need much managed switch functionalities. i just need them to be logically separated. i tried it but i have no network traffic even ping.

  • LAYER 8 Global Moderator


    Well do you have a vlan capable switch? How did you configure it - what make model do you have? Did you create the firewall rules on your vlans to allow what you want. Only lan has default any any rules. And new interfaces or vlans you create will need firewall rules

  • @johnpoz

    I dont have any vlan capable switches. although those switches might be cheap on your side but its not cheap on my side. so i am thinking how to possibly use pfsense and unmanaged ordinary switch for doing vlan. like i said, i dont need the functionality of thosw managed switch but i just want to logically separate my users if that is achievable.

  • LAYER 8 Netgate

    No. It is not possible. Get a dot1q switch.

  • LAYER 8 Global Moderator

    Cheap on my side? Where are you located? A simple smart switch that can do vlans is like 30$ no real difference than a dumb switch.

    As Derelict stated if you need to do vlans - then you need a vlan capable switch our only other option is to do it with physical isolation where you have multiple interfaces on the router and connect multiple different switches for your different networks..

    I for the life of me can not see how that would be a cheaper option.

  • It sounds like you do need the functionality of a managed switch. I recently went through this myself. I'm not a professional network engineer but I do understand networking reasonably well. I can help translate what the pros here are saying because I'm not one of these guys .. they know their stuff.

    What might help this discussion is to understand your needs a bit more clearly.

    • How many VLANs do you anticipate?
    • How many clients/ports do you need to support per VLAN?
    • How are you running pfSense? Is it a Netgate appliance, home built, in a VM?

Log in to reply