VLAN Routing with pfSense, adding Wireless Bridge + QoS for remote VoIP



  • I have a relatively simple network layout (192.168.0.1-192.168.3.254/255.255.252.0), consisting of one large VLAN (e.g. unconfigured) with stack of HP Procuve 10/100 Managed switches (and a couple unmanaged switches thrown in at the edges).  I'm running pfSense as my firewall, which has 3 physical interfaces on it… 1 LAN, 1 WAN, and 1 Point-to-Point connection to a customer network.  I have static routes entered to get traffic on my LAN out to my the machines on my customer network, and have conditional DNS forwarders pointing out the customer DNS servers to make name resolution work.

    The challenge I have, is that we're adding an office across the street.  The new office has no network connectivity, so we'll be adding a Ruckus ZoneFlex 7731 802.11n (with bonded channels to hopefully get 100+mbps).  The remote office also doesn't have phones, so I'll need to add some VoIP handsets out there (the phone system at the main office is all digital, so there have been no VoIP design considerations on this side until now).  The VoIP handsets have been thrown in at the last minute.  Until now, I hadn't considered getting traffic across the wireless bridge to be a problem... just hang the bridge off one of the layer-2 switches, and essentially extend out my same IP range to the new site.  Now however, I need to assure some type of QoS.  So my thinking is to add the new site as a new VLAN (e.g. VLAN3 for instance), add a pair on managed switches on either side of the bridge, and do something on them to prioritize the voice traffic.  What's not clear to me, is how to get traffic routed from the new VLAN (192.168.100.1/255.255.255.0 perhaps), to the main network, and vice-versa. I suspect I can use my pfSense (1.2.3-RELEASE), add a new VLAN (Interfaces>Assign>VLAN>Create a new VLAN tag "3", and assign that to the Parent Interface that represents my physical LAN interface on the firewall (Rl0)?

    Any help you could provide would be appreciated.  The VLAN routing thing isn't clear at all to me, and I need to come up with a solution ASAP.  Any help you can provide would be greatly appreciated.


Log in to reply