How (and why) to create a management VLAN?
-
Currently, the only devices on my LAN segment (10.1.1.1) are my router, switch, 2 WAPs, and the Omada controllers for the WAPs. Everything else is on one of a handful of VLANs - Business VLAN, Guest WiFi VLAN, Phone VLAN, POS VLAN, etc.
Based on that, is there any real need for a mgmt VLAN? And if I do create one - and I'd like to use the same IP segment - that would mean I'd have no LAN segment. Do I need a LAN segment?
If it's a good idea to create a management interface anyway, could someone please link me to something that explains the process (and things to watch out for)?
If I should just leave things as they are, can I safely rename the LAN interface to MGMT? (Again, I would have no "LAN" interface.)
-
@ErniePantuso There is no “special” management VLAN entity. A management VLAN is merely a normal VLAN where you have defined Firewall rules on all pfsense Interfaces to block access to that particular VLAN/Interface.
PFsense has no dependence on special interface naming, so you can just rename your LAN to MGMT if that makes sense to you according to the firewall setup. -
@keyser said in How (and why) to create a management VLAN?:
@ErniePantuso There is no “special” management VLAN entity. A management VLAN is merely a normal VLAN where you have defined Firewall rules on all pfsense Interfaces to block access to that particular VLAN/Interface.
@keyser Got it. Thank you! I'm using the !RFC1918 rule on all my VLANS (with pass rules above it as necessary) so I think I pretty well have that covered.
PFsense has no dependence on special interface naming, so you can just rename your LAN to MGMT if that makes sense to you according to the firewall setup.
Cool. Thanks very much for the expertise and help!