How to use pfSense w/ Layer 3 switch running 5 VLAN / Subnets.



  • I'm struggling with designing our new network and reaching out for some help.

    We bought a layer 3 switch in an effort to break up our otherwise congested network into manageable VLANs.  But now that I am not using pfSense behind our old layer2 switch, I am totally confused as to the proper way to build this out?

    The layer 3 switch has routing turned on, and when I created VLANs, I had to assign an IP Address for the switch within those VLANs. I decided to use x.x.x.1 as the switch IP across all VLAN networks to keep things consistent.

    Now I am looking for guidance as to where I will place pfSense on the network, and then what configuration settings I will need to turn on/enable to allow my switch to forward all outbound traffic through pfSense to the internet???

    What I am looking for:

    VLAN 101:  Switches, Firewalls ???
    Network:  10.10.1.0 /24
    Switch IP: 10.10.1.1

    VLAN 102:  Wired Data
    Network:  10.10.2.0 /24
    Switch IP:  10.10.2.1

    VLAN 103:  Wired Data 
    Network:  10.10.3.0 /24
    Switch IP:  10.10.3.1

    VLAN 116:  VoIP
    Network:  10.10.16.0 /24
    Switch IP:  10.10.16.1

    VLAN 120:  WiFi
    Network:  10.10.20.0 /24
    Switch IP:  10.10.20.1



  • VLAN 101:  Switches, Firewalls Huh
    Network:  10.10.1.0 /24
    Switch IP: 10.10.1.1

    1. assume ur pfsense has wan ip x.x.x.b/zz and wan gateway is x.x.x.a/24 and lan ip is 10.10.1.10
    2. connect lan into access port belongs to VLAN101 make sure it is not trunk port
    3. create another gateway having ip 10.10.1.1 named LANGW
    4. create static route of 10.10.2.0 /24 using gateway LANGW I.E FOR ALL OF YOUR VLAN
    5. open firewall nat click Manual Outbound NAT rule generation and SAVE
    6. after generating automatic rule add similar rule for all vlan networks

    hope u will get internet from lan
    let me know


Log in to reply