Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to add vlan on pfsense FreeBSD 6.2-RELEASE-p11 i386

    Scheduled Pinned Locked Moved General pfSense Questions
    2 Posts 2 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L Offline
      lp_code
      last edited by

      Hi,

      kindly help me out with this
      Got attached network but have a pfsense as a router and i dont know how to route those planned VLAN as shown on picture to pfsense…(gatway ip 192.168.3.1)

      I want to be sorted with this:
      0.Add vlans on pfsense
      1.All VLAN should be able to access /reach file server and web server
      2.VLAN 6 should be able to access application server
      3.There are two types of accessing internet,how to maintain this after VLAN
        one throught proxy server-a server listen to port 3128 and need to set  on user web browser and it allow accessing (limited website)to some site and some web can not viewed ,also user ip   added on proxy
       second bypassing proxy which means ip address of user added on pfsense as a router and having unlimited access to internet
      4.How to make say  VLAN2  to communicate with say VLAN3

      alternative u can suggest a nice open source router and how vlan a routed
      thanks very much

      J
      pfsense_team.JPG
      pfsense_team.JPG_thumb

      1 Reply Last reply Reply Quote 0
      • D Offline
        dszp
        last edited by

        pfSense supports VLANs natively, you have to create them under Interfaces->(assign)->VLANs and then you create a new interface using Interfaces->(assign)->Interface assignment and select the VLAN you created as "NIC" for the Interface. Then you save and configure that new interface from the Interfaces menu with an IP address as needed. At that point, you go to the firewall rules, click the tab for that interface, and add rules to allow traffic. pfSense handles the routing automatically. Keep in mind that pfSense always filters traffic by applying rules to traffic coming "in" the interface the rule is for. So interface VLAN10 for example would have rules that applied (allowed or blocked) traffic whose source was the VLAN10 interface.

        By default, interfaces on pfSense allow NO traffic so you will need to add allow rules as necessary to allow inter-VLAN routing and access to the Internet. Floating rules and Interface Groups (which hold a set of interfaces that you can create rules for all at once) may help reduce the number of rules you need for a large number of VLANs.

        You'll need to set up the VLANs on the switches of course to be tagged correctly so they all reach pfSense and are tagged on the port that plugs into the pfSense interface where you create the VLANs.

        Alternately you could do your routing in a Layer 3 switch, or with an open-source routing platform like Vyatta, or using a Microtik Routerboard device, and have pfSense just firewall the route from the router to the Internet connection(s).

        David Szpunar

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.