    I'm trying to add an additional IP with VLAN to a pfsense box and I'm somehow doing it wrong.

    Currently I have a server with 2 x NICs (WAN/LAN)

    The LAN nic is connected to a cisco 2960x switch, the port is in access mode with VLAN 11 however the pfsense does not have any VLANs configured and everything is working fine.
    I want to add an additional IP address/interface to the LAN card to allow another VLAN that is already configured on the network to be routable to the WAN (currently it is just a VLAN that is used for testing between servers)

    So I done the following

    Created two VLANs on the pfsense, VLAN100 (new vlan) and VLAN11.
    I created a new interface and attached VLAN100 to the new interface
    I attached VLAN to the existing LAN interface
    Applied the changes and instantly lost connection (which I was expecting at this point)
    I then changed the switch configuration to change the port to a trunk port which allowed both the VLANs.
    I waited for STP to do its thing but after 30seconds I still couldn't even ping the interface.

    I rebooted and it resulted in the same situation. In the end I had to revert to a previous configuration to get access to the box.

    I'm assuming I've done something wrong here but I've no idea what. I'm fairly to new to using Pfsense so please bare with me.

  • Your description sounds good, so there is some problem in the detail of the implementation.
    You should be able to leave LAN as an ordinary port, and the VLAN switch having the port to pfSense being in VLAN11 but untagged. Then also add VLAN100 as a tagged VLAN on that VLAN switch port. That will keep LAN working while you get VLAN10 to happen. Hopefully then you will find out exactly how to configure it all and can then do similar for LAN.

  • I had the same problem.  I connected via the serial port and backed out of the change.

    I temporarily made my WAN a static address and used it for configuration, I changed everything over to VLANS on the interface that was once the LAN, now I don't have a "LAN" interface per se, but a physical interface with several VLANs using it as the parent interface.

    I had to add the VLAN interfaces to the DNS forwarder to have them all work correctly.

