Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VLAN "virtual" interface not bound to a physical NIC possible?

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 3 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gravyface
      last edited by

      I'd like to have pfSense (2.0.2) behave like a layer 3 switch: I want to use two physical NICs as a VLAN trunk, to two separate switches, with VLAN tagging on each pfSense NIC:

      [switch 1] ===== VLAN 10/20 Tagged === [ [em0] pfSense [em1] ]===== VLAN 10/20 Tagged ==== [switch 2]

      Ideally I'd be able to create a virtual VLAN interface that's not bound to a particular NIC, such as when configuring a virtual VLAN interface on a layer 3 switch, it doesn't really "care" about the physical ports.  pfSense doesn't appear to support this, as follows:

      Through the GUI, when you create the VLANs, you assign them to parent NICs as follows:
      VLAN 10: em0
      VLAN 20: em0
      VLAN 10: em1
      VLAN 20: em1

      However, when you go to Assign Interfaces and add a new interface, it appears as though the new VLAN interface is bound to a NIC (VLAN10 on em0).

      So going with what the GUI is allowing, let's say I create the following interfaces:

      V10Interface (VLAN10 on em0):
      192.168.10.1

      V20Interface (VLAN20 on em0):
      192.168.20.1

      Now, on switch #1, devices on VLAN 10 and 20 should be able to see both interfaces.  But devices on VLAN 10 and 20 on switch #2, will they see V10Interface and V20Interface?

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        If you have the interfaces assigned in the normal way you would end up with 4 separate subnets which is probably not what you're looking for.
        You could, perhaps, bridge the VLAN10 interfaces together and the VLAN20 interfaces and assign them as type 'none'. Then assign the bridges as static IPs in the correct subnets so that pfSense will route between the VLANs.

        Steve

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          @stephenw10:

          If you have the interfaces assigned in the normal way you would end up with 4 separate subnets which is probably not what you're looking for.
          You could, perhaps, bridge the VLAN10 interfaces together and the VLAN20 interfaces and assign them as type 'none'. Then assign the bridges as static IPs in the correct subnets so that pfSense will route between the VLANs.

          ^^ That.

          You must assign all of those VLAN interfaces, set type to 'none', then bridge the individual VLANs (a bridge for em0_vlan10 to em1_vlan10, and a separate bridge for vlan 20, etc) and then it will do what you're after. After adding the firewall rules of course.

          If you want pfSense to act as a gateway/router then you assign the bridge interfaces, put the IPs there, and configure any services (DHCP, etc) on the assigned bridge interfaces.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • G
            gravyface
            last edited by

            Thanks fellas.

            That's what I ended up doing.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.