Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How (and why) to create a management VLAN?

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 1.2k Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E Offline
      ErniePantuso
      last edited by

      Currently, the only devices on my LAN segment (10.1.1.1) are my router, switch, 2 WAPs, and the Omada controllers for the WAPs. Everything else is on one of a handful of VLANs - Business VLAN, Guest WiFi VLAN, Phone VLAN, POS VLAN, etc.

      Based on that, is there any real need for a mgmt VLAN? And if I do create one - and I'd like to use the same IP segment - that would mean I'd have no LAN segment. Do I need a LAN segment?

      If it's a good idea to create a management interface anyway, could someone please link me to something that explains the process (and things to watch out for)?

      If I should just leave things as they are, can I safely rename the LAN interface to MGMT? (Again, I would have no "LAN" interface.)

      keyserK 1 Reply Last reply Reply Quote 0
      • keyserK Offline
        keyser Rebel Alliance @ErniePantuso
        last edited by

        @ErniePantuso There is no “special” management VLAN entity. A management VLAN is merely a normal VLAN where you have defined Firewall rules on all pfsense Interfaces to block access to that particular VLAN/Interface.
        PFsense has no dependence on special interface naming, so you can just rename your LAN to MGMT if that makes sense to you according to the firewall setup.

        Love the no fuss of using the official appliances :-)

        E 1 Reply Last reply Reply Quote 2
        • E Offline
          ErniePantuso @keyser
          last edited by

          @keyser said in How (and why) to create a management VLAN?:

          @ErniePantuso There is no “special” management VLAN entity. A management VLAN is merely a normal VLAN where you have defined Firewall rules on all pfsense Interfaces to block access to that particular VLAN/Interface.

          @keyser Got it. Thank you! I'm using the !RFC1918 rule on all my VLANS (with pass rules above it as necessary) so I think I pretty well have that covered.

          PFsense has no dependence on special interface naming, so you can just rename your LAN to MGMT if that makes sense to you according to the firewall setup.

          Cool. Thanks very much for the expertise and help!

          1 Reply Last reply Reply Quote 1
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.