Single Port Firewall Using VLANs (NOOB QUESTION)



  • I have a laptop being used for PFSense, obviously it only has a single NIC. My current USB NIC is not compatible with FreeBSD. I read online that it is possible to set this up using a single NIC with VLANS.

    Here is my setup:
    D-Link DGS-1100-16 (Switch with VLAN tagging)
    EnGenius EAP350 AP (Two SSIDs w\ VLAN tagging)
    Comcast Business Gateway

    What I am trying to accomplish:

    The AP will produce two SSIDs that get tagged with separate VLANs. This travels across a single CAT7 line to the switch. At the same time I have several devices attached to the switch and are tagged to a single VLAN. Then this all goes to the firewall (which also provides DHCP) and then to the Comcast gateway.

    The idea is to provide an "open" AP for guests while keeping business traffic separate. PFSense will be providing all networking services for the local network.

    I think this means that I use three VLANs
    1:Gateway
    2:Private
    3:Public

    I am thinking that both PFSense and the AP get attached to "trunk ports" and the rest are attached to the appropriately assigned ports on the switch. Then in PFSense I just need to tell it that all three VLANs are for the single NIC, set VLAN1 as my WAN, VLAN2 as private network with DHCP, and VLAN3 as public network with DHCP.

    This is my first try at VLANs and am looking for direction. Looking forward to learning, please don't feel like I am asking for step by step directions (though they would be appreciated).



  • Yes, your thinking is correct. You can even use pfSense captive portal on your guest WLAN.



  • Thanks ab0tj, now I can order the last part needed and start muddling through the process. The best way to lean IMO!

    Again thanks for the conformation.


Log in to reply