Same VLAN on Multiple Interfaces?
-
My pfSense router (an industrial PC with 4 ports) has 4 interfaces:
em0 = WAN, em1, em2, em3
em1 is wired to my office for work and network admin
em2 is wired to my living room for entertainment
em3 is wired to my basement, for security cams & ZoneMinder NVRI want to create VLANS for IoT, Cams, and basically general use LAN.
That said, can I create the same VLANS for each interface? So in essence: the same 3 VLANS x 3 parent interfaces.
And if so, do I do DHCP or static IP for each OPT3, OPT4, etc?
Here's a pic of what I doing but I don't know if I'm going down the right path
-
@diynonsense said in Same VLAN on Multiple Interfaces?:
That said, can I create the same VLANS for each interface? So in essence: the same 3 VLANS x 3 parent interfaces.
Generally that should be possible, but why wants someone do that?
This will not connected the VLANs with same IDs automatically.
To connect both virtual network interfaces you have to bridge them anyway regardless if the VLAN IDs are the same or different. -
@diynonsense Yes you can using bridges but why, pfSense isn't a switch ?
Create a LAGG with the 3 interfaces and put the VLAN on the LAGG.
Then create a LACP bond of the 3 interfaces on your switch.
Personally I don't think you need 3 interfaces, you just need 3 vlans on em1.
Also you can just drag the screenshot into the compose window :)
-
Thanks
I'm most concerned with security for the camera network - plus I will need a VPN for it as well. Would I be better off using subnets (IoT, CAMs/NVR, LAN) instead of VLAN's?
-
@diynonsense said in Same VLAN on Multiple Interfaces?:
Would I be better off using subnets instead of VLAN's?
So native untagged vs tagged.. Makes no difference really - how you isolate the layer 2 makes little difference be it you do it with vlans or physically..
If you want network A on interface X and network B on interface Y on pfsense or you want both X and Y on the same interface and isolate them via tags (vlan)..
I have both setup, where some networks run on their own interface on pfsense, and then where multiple networks run on the same interface (vlans). But even the networks on their own interfaces are still vlans on the switch.. Its just that pfsense doesn't know anything about these vlan tags because it never sees them.
The networks/vlans that have the most inter network traffic have their own interface on pfsense and uplink from the switch. The networks that really don't talk to each other and don't use that much bandwidth anyway because they are wireless share an interface (uplink from switch to pfsense) and are vlans (tagged that pfsense sees)..
-
@johnpoz Thanks
