Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Need advice for my home LAN

    Scheduled Pinned Locked Moved L2/Switching/VLANs
    3 Posts 2 Posters 303 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Sqvirrel
      last edited by

      After running pfsense for 11 years, its time for some LAN "reinforcement" due to increasing family size and devices.

      My dream setup has always been like this:
      -VLAN for sonos (because sonos is totally unsecure)
      -VLAN for guests (Ubiquiti UAP fixes this)
      -VLAN for IOT (because I dont necessarily trust laundry machines and all the equipment that HAVE to be online...)
      -VLAN for trusted devices (primary home lan)
      -VLAN for servers
      -managed switch

      Ideally, I would like to bridge all these VLANS together on pfsense. Then I have a sentral DHCP managing it all, everything is on the same subnet, everything shares the same broadcast domain, which is a MUST for alot of the pesky IOT-devices (hey, I'm talking to you Sonos!), and I have total firewall-control for everything that traverses the VLANS.

      This sounds absolutely perfect in my ears.
      But I know people say its not... Please help me, explain and make me understsand, why should I avoid bridges that bad? If its correctly configured, does it still not work reliably?

      Do you advice me to set up multiple subnets on all the vlans instead?
      The problem is the mulicast/unicast thing. I would have to set up IGMP proxy / pimd ( https://forum.netgate.com/topic/149909/new-package-pimd ) to allow sonos and alot of other IOT to work. I NEED to have broadcasting work...

      JKnottJ 1 Reply Last reply Reply Quote 0
      • JKnottJ
        JKnott @Sqvirrel
        last edited by

        @Sqvirrel said in Need advice for my home LAN:

        because I dont necessarily trust laundry machines

        Yeah, you wouldn't want them to know all your dirty laundry secrets! 😉

        Ideally, I would like to bridge all these VLANS together on pfsense.

        You don't bridge VLANs. That would be defeating the purpose of them. Give them their own subnets and let pfSense do the routing and filtering as required.

        PfSense running on Qotom mini PC
        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
        UniFi AC-Lite access point

        I haven't lost my mind. It's around here...somewhere...

        1 Reply Last reply Reply Quote 0
        • S
          Sqvirrel
          last edited by

          You don't bridge VLANs. That would be defeating the purpose of them. Give them their own subnets and let pfSense do the routing and filtering as required.

          Well, there will be a firewall between the vlans, with block/deny by default, and in that way seperate them. But the real reason why Im talking about bridging vlans, is because it is absolutely essential to have multicast/unicast traverse the vlans. (sonos and alot of iot depends on that protocoll...)
          But if the community give me good reasons to strongly evade from that idea, I need to come up with something else, like seperate subnets with igmp proxy or pimd, if any of those is known to work.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.