Basic pfsense/vlan/network question
-
I have my pfsense in a home setup. My endgoal is to have the LAN and Wifi in the same subnet because of airprint (non routable) and my printer is wired. I also would like 2 additional vlans available on the first floor. pfsense should do the routing.
I have my pfsense downstairs and another smart switch on my first floor. On my first floor I would like 2 additional subnets but also the LAN network.
Can somebody give me some advise how I can accomplish this? I was thinking of creating a trunk, however I don't know if that will work with my lan/wifi bridge.
Is there a better way to get lan and wifi in the same subnet without creating a bridge?Kind regards,
Mark
-
What AP(s) do you have? If you want your AP on your lan just put them on your lan..
What I found as a better/easier solution to the airprint thing was to just put the printer on the wlan network, mine is via a wire but its on the same vlan as the wlan. Wired devices have no problem printing to this printer - they don't use "airprint" ;)
Yes you can have as many vlans as you want, I currently have multiple wifi segments.. Where the native vlan is my normal wlan segment, and then a psk and guest ssid are on their own vlans. I then use this same interface in pfsense to isolate my son's ps3 to its own vlan. Then a another native lan segment with no vlans on it.
Yes a "trunk" is how you carry multiple vlans over a connection. So for example the connection to my em2 (wlan and other vlans) is trunked. I also have a trunk out to my other switch, which an AP is connect to in that part of the house.. And then a trunk to an AP from that switch.
-
Hi,
Thanks for the reply,.
The part that I don't understand how to configure:
I create two vlans. eg vlan id 100: 192.168.100.1/24 and vlan id 200: 192.168.200.1/24
My LAN/Wifi bridge is already configured with network address 192.168.100.1/24.
My goal is to have LAN and wifi both in the same 192.168.100 network, but also get a trunk working on the LAN interface with the 100 and 200 vlan.
How can I accomplish this? Looking for some configuration guidelines. Where to put the network address. How to configure dhcp. What to do with the bridge. etc
Thanks,
Mark
-
Interfaces > Assign
Go to VLAN tab.
Add your VLANs to the LAN interface (this will make it a "trunk")
Back to Interfaces > Assign, and assign new OPT interfaces virtually to the new VLANs.
Handle these new interfaces just like they would be regular nics, set dhcp, firewall rules, whatever. -
"What to do with the bridge."
I get rid of it.. Bridges have very limited use cases, really limited.. Why do you have your wifi and lan bridged? Don't you have external AP?? if you want that on your lan network, why not just connect your AP(s) to your switch? Ports on pfsense are router ports not switch ports..
-
Hi,
Thanks again. I don't have an external AP. Just my Pfsense appliance with wireless.
I configured a wifi/lan bridge cause I need both interfaces in the same subnet. I would like to configure the LAN port as trunk port so I can send multiple subnets to my first floor but also the LAN subnet.
So the challenge I'm facing is the 192.168.100.0/24 network. It is now configured as the network address of the bridge. But I would like to have it tagged upstairs as well (so part of my trunk port).
I cannot configure it on a vlan cause it tells me it is already in use,So how can I get the LAN port as a trunkport. With multiple vlans, but also the 192.168.100.x vlan and still have both the LAN interface and the wifi interface in that vlan as well?
-
You can not put a vlan on a bridge AFAIK… why would anyone ever want to do that?? You put the vlan on the physical interface..
-
I understand that i cannot put the vlan on the bridge. i would like to put the vlan on the LAN interface (physical).
So if I create vlan 100 on LAN. I assign it and I configure network 192.168.100.1/24. How can I configure my Wifi interface in that same vlan?
-
huh?? Your wifi is already on the lan with your bridge… How you can not be in 2 networks at the same time.
Didn't you already create a bridge? And your wifi and lan are on the same network 192.168.100/24
You stated
"My goal is to have LAN and wifi both in the same 192.168.100 network,"What does that have to do with vlans?? why don't you draw what your trying to accomplish.. Currently you have 1 network 192.168.100.0/24 this is connected to both your wire and wifi via a bridge.. So what do you want to do with these vlans? Create your vlans and assign them to physical interface that is connected to the switch you want to use these vlans on.. You would then trunk that switch port.
-
Hi,
Thanks again for helping me. I attached an ugly mspaint drawing which I hope clears up what I'm trying to acchieve.
Hope it can be done.Kind regards,
Mark
 -
why would your computer need both 20 and 100 vlans?
And since your bridge network is 192.168.100/24 then that would just be your native vlan.. What exactly do you want vlan 20 for? You show no devices in vlan 20 other than your computer that is also in vlan 100??
-
The computer is a hyper-v host. I have 2 of those. Is the configuration how I drew it possible? And if it is, how should I configure it?
Thanks!
-
Again u dont create a vlan that is the same as your native network. Seems all u need is vlan 20 and then u would trunk port to tour vm host i run an esxi vswitch contected to the trunk port in sim fashion as what your wanting to do
-
Thanks John. That did the trick. I just assigned vlan20 to my LAN interface and it started working right away.
I think I was thinking a little to difficult. I'm a little new with networking devices in general.Thanks again for your patience and help today. I'm happy that I got it working.
-
Once u get vlans they are not that difficult understanding native and tagged vs untagged and different switch makers use terms a bit different but if you understand the basics just need to know what switch your dealing with
