VLAN Support? Will this setup work?



  • Hi guys/girls,

    Will this work?

    [40 computers in non-VLAN switch] –-[VLAN switch]–-[pfSense Box with VLANs, VLAN DHCP, Multi-WAN]

    lets say my non-VLAN switch where all the 40 computers will be connected is some normal 10/100 3Com Switch without VLAN support in any way.

    then my VLAN switch is a Cisco 2960

    pfSense will be the DHCP for the different VLAN's

    Will the VLAN's work?



  • Yes this should work without problem.
    Just make sure you set the port going to the pfSense to tagged and the port(s) going to the non-VLAN switch(es) to untagged.



  • Gruens, you're a real hero.

    One last n00b question before I start tinkering with the GUI-less Cisco 2960 switch:

    Since I'll be creating a bunch of VLAN's with different subnets (192.168.1.0, 192.168.2.0, 192.168.3.0 etc.),

    what Default Gateway must be assigned to the DHCP clients in those different subnets? Their respective VLAN interface IP's?



  • Yes you use the ip of the pfSense.



  • On the Cisco 2960:

    Port 3,4: VLAN11, 192.168.1.0/24. I plug Room-1's unmanaged switch here.
    Port 5,6: VLAN12, 192.168.2.0/24. I plug Room-2's unmanaged switch here.
    Port 7,8: VLAN13, 192.168.3.0/24 I plug Room-3's unmanaged switch here.
    Port 9,10: VLAN14, 192.168.4.0/24 I plug Room-4's unmanaged switch here.
    Port 11, 12: VLAN15, 192.168.5.0/24 I plug Room-5's unmanaged switch here.
    Port 13, 14: VLAN16, 192.168.100.0/23 I plug employee pc's unmanaged switch here.

    Remaining ports on switch: not configured for VLAN

    Where do I plug the pfSense LAN ethernet cable?



  • Plug it into any other port, and set it as being tagged. You don't need to specify the VLAN tag as it will be various VLANs and the tag on the traffic will tell the switch.



  • i have successfully configured the Cisco 2960 switch to do VLAN's.

    pfSense is also configured for the VLAN switch. Now it's successfully DHCP-ing per subnet :)

    Physical LAN on pfsense is 192.168.1.1.

    I tried connecting my laptop to a VLAN port in the switch. I got a DHCP address of 192.168.2.254, Default Gateway of 192.168.2.1, which means the DHCP is working for the VLAN.

    However, I am still able to access pfSense Web Configurator by typing 192.168.1.1 on my browser. Is this normal?



  • @stramato:

    However, I am still able to access pfSense Web Configurator by typing 192.168.1.1 on my browser. Is this normal?

    It's probably because you have firewall rules allowing cross VLAN traffic. It's also could just be because it's another IP on the pfSense box and so it's just automatically allowed.


Log in to reply