Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    vlan creation through pfsense shell or other scriptable mean

    L2/Switching/VLANs
    3
    5
    600
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      skullnobrains
      last edited by

      hello

      i'm trying to automate a number of vlan creations through the pfsense shell

      i have 2 goals

      • make sure the opt numbers match across master/slave setups
        ... this could also be achieved by creating interface groups with matching names on the fly
      • deploy many matching vlans across multiple different firewall pairs without hassle

      i worked throught the following

      • i managed to successfully create opt interfaces and map them to the required VLAN
      • i'm using opt1000+vlan_number. i'm unsure i can safely reserve those opt numbers
      • i failed to create the actual vlans by writing to $config['vlans'] w/o using a fixed array key : the vlans make their way into the XML config but are not actually created nor visible in the GUI
      • i have not tried to create the required CARP vips yet
      • i have not yet tried to setup dhcp automagically

      any hints ?

      thanks for your time

      alexis

      1 Reply Last reply Reply Quote 0
      • S
        skullnobrains
        last edited by

        update : i managed to create the vlan as well.
        need to write to $config['vlans']['vlan'][] rather than $config['vlans'][] . silly me.

        i also managed to get the interface to be created by using rc.reload_all
        but there must be a way to achieve that goal without reloading everything, preferably through the pfsense shell thater than freebsd's

        1 Reply Last reply Reply Quote 0
        • S
          skullnobrains
          last edited by

          update

          i have a working pfsense shell script for the above requirements

          if anyone stumbles upon this thread, i'm still looking for an easy way to inject my script over ssh without messing with expect and cleanly apply changes without reloading the whole thing.

          i'll probably turn this into a sync script from one firewall to another that would leave existing configs alone but inject and possibly update some values

          i'll provide the script as a demo / startup point if anyone else has similar goals. feel free to ask for it

          V 1 Reply Last reply Reply Quote 0
          • V
            valr @skullnobrains
            last edited by

            @skullnobrains I'm just getting started with pfsense and would like to automate this process, also. I'd be interested in your scripts. Thanks. -Val

            M 1 Reply Last reply Reply Quote 0
            • M
              mauropc @valr
              last edited by

              @skullnobrains , its possible share your script in github? Thanks!!!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.