Setting up VLANs in pfSense

34 thoughts on “Setting up VLANs in pfSense”

• Good video, explained a lot. Thanks

• ❤❤❤

• Great into to pfsense VLANs. I want to setup an isolated VLAN (IoT) that I can access from my LAN network. I've got it setup where I can ping the IoT from LAN, but can't connect to an HTTP service on the IoT. What I am missing?

• How do I put my linux machine in a vlan, please I need to know how have to present a work in college Monday

• One point about the VLAN subnet. You said to use private addresses. While that's likely true for IPv4, with IPv6 you may very well have public addresses you can use. For example, I get a /56 prefix from my ISP. This gives me up to 256 /64 prefixes, any of which can be used for any LAN or VLAN interface. In addition, it's possible to use private address too. On IPv6, they're called Unique Local Addresses (ULA), which can be used in the same manner as RFC1918 addresses on IPv4. Also, there are some situations where you want to be able to access one subnet from another. For example, my main LAN can access anything on my guest WiFi VLAN, but not the other way around.

• Very good tutorial. Concise, no fluff, straight to the point. Well done.

• Thank you for such a great walk through… Some of the fields are now named differently because of the updates to PF Sense.. Can you throw up some text updates on top of the video to account for the mismatch of selection settings..?

• Awesome tutorial 😊

• How do you determine what device is on the VLAN? I didn't understand that part.

• 12:50 what is testVLAN address mean? You didnt have to specify the IP address?

• I've come back to this video a couple times. Great resource. thanks!

• Thanks for the walkthrough, wonderfully explained!
  Am I correct in assuming that without a managed switch, this setup is not feasible?
  My current setup involves a pfsense, & a primitive, ISP provided wireless AP among other things. This AP probably cannot differentiate between one or more VLANs…

• Oh man this is super well explained. Thanks so much.

• great video, cheers

• How do we take this setup and assign guests on a specific Wi-Fi SSID to the Vlan you setup that does not have access to all private networks. Assume the Wi-Fi is on ap’s plugged into a managed layer 2 switch port that also has the pfsense device on one of the switch ports. Thanks! @RaidOwl

• This VLAN walk-through is awesome. I appreciate all the insight and your teaching method.

• Is it posible to send in syslog the vlan name? I see the vlan ID, but no the vlan name.

• Poor adio volume

• thank you

• took me a while to figure out vlans but this one video does tick all boxes for me. thank you!

• I blocked traffic from LAN -> VLAN25, from VLAN25 -> LAN, and allowed VLAN25 -> Internet. But from LAN, I can ssh a host in VLAN25 (should not happen).

• Why pfsense cant create a vlan tagging on USB interfaces ?

• great vid!

• Thank you for this video.

• Thank you.

• I created my whole network set of rules thanks to this video, something that I'm still blasting my head off is when I want to isolate my iot network to prevent the devices seeing each other :/

• I'm late to this party, but MAN!! I thank you. This was the slow breakdown I needed.

• Many thanks. Exactly what I needed to create separate network for noisy IOT devices

• Video helped me a lot to achieve setup what I wanted. Keep it going!

• I couldn't get DNS to work on the VLAN until I added an Access List under the DNS Resolver for the new VLAN network. Under Services / DNS Resolver / Access Lists, add a new one for the VLAN.

• Man, you help me A LOOOOOOOOOOOOOOOOOOOOOOT
  Iwas blocked around like 30 days on a problem, I'm using pfsense too and my VLAN cannot reach my LAN and with ur video I understand why now!

  Thanks a lot bro!

• Thanks for the video. I want to use an old PC with a dual port network card one WAN and one LAN, pfsense installed on SSD drive. I do have the house wired with cat 6 with at least one ethernet outlet per room. The LAN port configured on the pfsense box goes directly to an 24 port managed switch to connect all the wired network. I do not know how to setup VLAN, as in do I configure VLAN on pfsenese or do I use VLAN setup on the 24 port managed switch? Any help?

• If we add all private network subnets on the alias, won't it also block the vlan interface's own private IP addresses as well? What if I need to place a few web servers on the vlan and want them to connect internally via private IPs?

• Nice presentation of the procedure. I have the problem that the machine connected to the newly created vlan is being assigned with an ip address of the vlan's segment but it has no internet access, cant ping it's gateway and of course can t ping the LAN. At the last part where you create a rule for the dns I suppose it would also work if would have destination any and not udp 53. Still doesn t work though. It might have something to do with outbound NAT which you didn t show on the video. There are 4 options for the outbound NAT. It would be more complete if you would have shown that as well (what rules you created or had been created by default). Of course I still can t figure out why it doesn t work (My outbound NAT is set as Manual Outbound – third of the four options)
  Any thoughts?

  PS I used a specific port from pfsense device (it is qotom one with 4 ports). What I mean by that is the igb0 is the wan coming from the modem, the igb1 is for the lan connected to a microtik switch and igb2 transfers vlan20 (only since i didnt used the igb1 which has also the lan).Via a physicala cable it ends up in the last port of the switch where it transfers it untagged to port 23. So I connect port 23 with a laptop for instance it takes an ip of that segment (so eerything is good up until now) but no internet access. Properties of the network card of the laptop shows for all services (DHCP/DNS/GATEWAY) 192.168.20.1

Comments are closed.