Need help understanding VLANs and pfSense
-
@troybdex I was in a similar boat. Check this link out: https://nguvu.org/
It did help me achieve something close to what you want (not exact though), but going through you get few tips about VLANS, separation, and rules. He also has examples of couple switches and how he set up the tagging on them. Note, that in his configuration, pfSense was managing all.I got the external switch to work with those. That said, I am stuck in a different problem (in my post), where I would like to have different ports on the SG3100 to have different VLAN groups using pfSense switch configuration.
-
@smik67 Thank you so much! I will definitely read through those articles. Sorry about your problem. I hope you can figure it out.
Troy
-
@troybdex said in Need help understanding VLANs and pfSense:
@johnpoz is this something that is possible?
What your wanting to do run pfsense on virtual is quite easy, and yes you can have your vlans on both virtual or physical and both, etc.. None of it is overly complicated.
But you do need to understand how tagging works, and how your VM host does it, and how your switches do it. And you need to understand what your trying to accomplish.
I am not sure from what you have provide exactly what your trying to accomplish. If you want to route on pfsense via virtual machine - sure that is fine. is it going to be a downstream router? Your edge router with something else downstream, the only router? And if your going to have more than 1 router, then you need to understand how to connect these routers together with a transit network. And how to route between the two routers.
And you need to understand if you want your vm host to actually handle all the tags or if you want pfsense to do it - or if you want to do a combination where pfsense sees some tags, and other times your VM host does it..
If you do not understand any of this - then yeah its going to be a steep learning curve.. If you want pfsense to see tags and handle the vlans, then with esxi you have to set 4095 as the vlan ID on the port group or vswitch.. Then how you tie that to your switching setup and how you tag or don't tag for your different switch ports. And which physical port in the vm host is tied to which vswitch and or port groups..
The simpler solution would be to just do all the vlans in esxi, and let it handle the tags - and then just create virtual interfaces on pfsense tied to each port group that is in each vlan. The connect those port groups to the correct physical ports in your switching infrastructure.
-
@johnpoz Lucy! You got a lot a readin' to do.
Anyway, thanks for the help. I'll take it all into consideration as I venture onward.
-
Happy to help, I ran pfsense on esxi for many years.. I currently do not have esxi setup here, or any access where I could post screenshots on how it can be done, etc.
But happy to answer questions..
The biggest issues I see new users with multiple routers having is not understanding why they run into problems when they try and have hosts on what ends up being their transit network.
And new users to esxi not understanding how it works with tags, or doesn't work ;)
But when it comes down to it - tag is a tag is a tag.. But tags are only need when you want to carry more than 1 vlan over the same wire.
