VLAN question (routing and NetBoot)

    We have PFSense 2.0 on a PC (Celeron 2.0 GHz and 3 GB of RAM) and we are using 3 NICs, one on board for WAN1 and 2 Intel Gigabit NICs (fxp). In one of these two NICs (gigabit), there is a VLAN that connects two ADSL lines. In the second (which is the LAN i/f), we need to create another VLAN to provide a different range of DHCP addresses (for isolation). \


    1. How do we filter traffic between VLAN and LAN? We need specific ports to go through.
    2. We need to implement a MacOS X Netboot system. We can set one of the MacOS X Server NICs to the specific VLAN, nut we need something called "helper address" for proper Netbooting. Is there some option in VLANs DHCP?
    3. Do you think that there will be performance issues with this scenario? Shall we think of using a different pfsense pc only for this?

  • Answer to the Vlan filtering is that interfaces regardless of being a real interface or virtual (VLAN) it still shows in the firewall as a separate interface so you just setup your rules. With V 2.0 you just need to go to assign interface then the vlan tab. Once creating the Vlan you will be able to add as a new interface.

    The way I run DHCP is just on each interface vlan or not setup a DHCP server on there. Far easier than helpers. PFsense supports adding your own codes etc.

    We have a more powerfull machine routing 200Mb/s and get 12% CPU so I doubt you would have much of an issue.

    In the second (which is the LAN i/f), we need to create another VLAN

    It's unclear to me from this whether your LAN interface is VLAN or not. However it seems unlikely since you are using a seperate gigabit interface for it. A diagram might be helpful here.

    You should be aware that you should avoid having both VLAN tagged traffic and untagged traffic on the same NIC, it can cause problems. Instead use VLANs for both interfaces on that NIC.


  • Thank you all. I will post a diagram soon.

    I have only VLANs in this NIC (tagged traffic)



