Easy VLAN Configuration in PFSense with DHCP, Firewall, and Switch Examples

Рет қаралды 20,082

Күн бұрын

Featured Products: (affiliate links)
Netgate SG-1100... amzn.to/40eFAWY
X10SDV Motherboard... ebay.us/TVC9Yx
CSE-505-203B Case... ebay.us/4fG9R6
Learn to create and manage VLANs on your pfSense router firewall, including those appliances with a built-in switch, such as the Netgate SG-1100. We will also discuss DHCP, configuration on your L3 switch, and creating firewall rules for allowing traffic out of the VLAN.
Chapters:
00:00 Introduction
00:44 New VLAN Interface
02:26 Enabling DHCP
03:35 Switch Configuration
05:28 Netgate Switches
08:12 Firewall Rules
11:36 Conclusions
Contact Info:
Business email is lithiumsolardiy@gmail.com. I am not available for personal project questions or consultation.
Disclaimers and Statements:
► I receive a small commission on purchases made using my affiliated links shared the video description and comments section. The views and opinions expressed here are my own, unbiased, and not influenced by this commission in any way.

Пікірлер: 37

@HomeSysAdmin Жыл бұрын

Netgate SG-1100... amzn.to/40eFAWY X10SDV Motherboard... ebay.us/TVC9Yx (affiliate links) Let me know what other pfsense-related topics you would like to see!

@oscpjourney541 Жыл бұрын

I am deeply grateful, for you have truly been my salvation in this time of strife. Wrestling with the intricacies of this configuration, particularly the VLAN tagging on the pfSense device, has proved most vexing. Yet while many tutorials have demonstrated the process of VLAN creation, not a single one has illuminated the art of managing them or implementing these configurations on the devices of the end users. Thanks again

@HomeSysAdmin Жыл бұрын

Thank you, I'm glad I was able to be of help :) If there's anything else you find unanswered elsewhere that would make a good video/discussion, please let me know. I'm always looking for video topic ideas!

@clarencewiles963 Жыл бұрын

Thumbs up 👍 a more appropriate explanation for the DYI perspective.

@f1aziz 4 ай бұрын

Thank you. Got the vlan to work in 10 minutes.

@HomeSysAdmin 3 ай бұрын

Awesome, glad I was able to help! :)

@PaulBunkey Жыл бұрын

Wow, this was the fist time I've realized that "interfaces" in pfSense is NOT ports, it's VLAN interfaces. This clears a lot of my confusion about pfSense rules.

@oxXHITMANXxo508 7 ай бұрын

This helped me out so much!! I have a netgate device and couldn’t get the clan to work. Thank you!

@nigelholland24 Жыл бұрын

Great video. Just learning vlans. Thankyou.

@souravmukherjee3434 Жыл бұрын

its awesome. Create playlists on it. long time wait for this content

@coolchlo 11 ай бұрын

Is there any chance you can create a video to cover hosting the SVI/RVIs on a switch instead? What differences in configuration do you make on the pfSense?

@korishan Жыл бұрын

I tried doing this with OPNsense and DD-WRT'd router. Crazy part is, after some trial and many errors, I got it working. Then one day, it just randomly stopped working and I can't get it working again :( Not sure what the issue is. Good explanation of the process and walking through the steps.

@ZoSkiLuv Жыл бұрын

Great video man!! I was wondering what brand of cameras are you using. And DVR software. It seems like there's a bunch of confusion over which ones to get and I would prefer Wifi ones.

@HomeSysAdmin Жыл бұрын

I'm using wired Hikvision cameras with the BlueIris software. The wired cameras are nice as you can power with PoE.

@HaoWaiCeng 4 ай бұрын

I'm a newbie and have a question? I saw a different setting from yours in another article. He only used the System --> Routing function. Your tutorial also adds the function of Interface --> Switches. I don't understand what is difference between of both? In addition, I am setting up a basic network at home to simulate the environment of small and medium-sized enterprises, after asking questions on some blogger. Someone asked me why I need to set up DHCP and ACL on the L3 Switch to control the communication between Vlans when there is a firewall. I don't quite understand this question. I am a newbie, but he did not tell me the reason in detail.

@Beaird_IT 6 ай бұрын

Question about the DHCP Server page. I may have missed it, but did you add the Gateway and DNS as well? Very nice explanation. 👍

@HomeSysAdmin 6 ай бұрын

It will use the IP of the interface (pfsense) by default for both the Gateway and DNS. You can override it with something different if you wish, such as that of a dedicated DNS server or maybe a separate L3 switch.

@gngn2973 Жыл бұрын

This is awesome man. I was wondering what the IP camera vlan consisted of because I want to put my cameras on a similar restrictive network.

@HomeSysAdmin Жыл бұрын

Thanks. I didn't have any rules in there originally but got tired of having to change the time twice per year lol.

@gngn2973 Жыл бұрын

@@HomeSysAdmin Yup my cameras have an web API that allows a sync with system time, I just setup a cronjob for that so I wouldn't need anything there. I was killing the internet by setting the DNS to 0.0.0.0 but it keeps getting reset to gateway IP.

@HomeSysAdmin Жыл бұрын

Your cameras don't support NTP? Mine do but it was defaulted to an internet address. All I had to do was change the NTP location to the pfSense IP.

@magesnz Жыл бұрын

@@HomeSysAdmini had a mini machine in the vlan that has a time server that has access to the time server in an other vlan but that was the only thing that has access to the other vlan , I know it’s many vlans but it works well

@luxkarma4258 4 ай бұрын

I have a cisco sg 350 im doing this with and after setting up the trnk port between pfsense and the switch. Carrying all the tagged vlans, and sw the interface to a vlan that is on pfsense. I am unable to get an ip address via dhcp. Might you know why?

@wkm001 Жыл бұрын

8:38 These firewall rules are for traffic inside the vlan, exiting the vlan. For your camera vlan shouldn't the source address be the cameras? Then on the wan allow established connections back in?

@HomeSysAdmin Жыл бұрын

On the CAMERAS tab that I had in the video, you could set the source to "CAMERAS Net" which would match all IPs on that vlan. You wouldn't want to use "CAMERAS Address" though as that's referring to only the address for which pfsense is assigned on that vlan (the gateway address). I opted to just use an asterisk though as the the rules will only be run on the vlan for which they're assigned, so there will never be a non-vlan address as the source on that interface. I hope that makes sense, it's difficult to explain in words lol. Then for the second part of the question, the rules are applying to traffic originating within the vlan/interface. So in my example, the rules are applying to traffic inside the cameras passing out of the vlan. Once it matches one of the rules and is "out of the vlan/network" it does not need to match any rules in the interface for which it's destined.

@bulcub Жыл бұрын

Hello, so the pfsense router can replace my server 2019 dns and dhcp? I setup vlans on my switch and on the server.

@HomeSysAdmin Жыл бұрын

Yes, pfsense has DHCP and DNS with detailed/advanced configuration options for both.

@user-mo5pi2qk7n 6 ай бұрын

Is there an alias for this command? The untagged is showing as an invalid input, to I need to be in operator and not manager? Thanks for the video! This is the only one I could find using the HP 2920

@HomeSysAdmin 6 ай бұрын

The untagged command is pretty much a standard for these switches. You need to be in the context of a vlan though otherwise you may get in invalid command. For example, to set vlan 10 on port 1, you would run - conf terminal vlan 10 untagged 1

@okanerdem Ай бұрын

Thanks for the great video. Just a small question, if i dont want to use vlan dhcp in vlan? I mean if i have a dhcp server ( example on synology nas) and if i want to use as dhcp this server, how can i continue? note: Synology will not in the same vlan with devices

@HomeSysAdmin Ай бұрын

If you have another DHCP server on your network, you can leave it disabled on the pfsense. You can enable it on the Synology and set the gateway address that gets issued as the IP of the pfsense vlan interface.

@okanerdem Ай бұрын

@@HomeSysAdmin I have 3 different vlan on pfsense. in this case how can i continue? I mean i can create 3 different pool on synology pool but, on the synology, i can set only 1 vlan interface as a gateway. Or i should set each pfsense vlan interface for the each different pool? Example 192.168.10.1 (VLAN10) 192.168.20.1 (VLAN20) 192.168.30.1 (VLAN30) Created pool on synology like this; 192.168.10.10 - 192.168.10.254 255.255.255.0 192.168.10.1 192.168.20.10 - 192.168.10.254 255.255.255.0 192.168.20.1 192.168.30.10 - 192.168.30.254 255.255.255.0 192.168.30.1 NOTE: Synology connected to LAN network, no any vlan tag

@okanerdem 24 күн бұрын

@@HomeSysAdmin It's still not clear for me. Example, My synology nas is member default vlan 1, dhcp is working on the synology and if one device is member of vlan 1, synology can assign an ip to the devices. I want to use this synology dhcp for the vlans, i created pools on synology but it's not assign an ip to the vlan devices. Synology and other vlan devices is not in the same vlan

@okanerdem 24 күн бұрын

@@HomeSysAdmin I think i found. It can be possible activate dhcp relay on pfsense. I added synology ip as Upstream Servers in dhcp relay and now it's managing by synology