One point about the VLAN subnet. You said to use private addresses. While that's likely true for IPv4, with IPv6 you may very well have public addresses you can use. For example, I get a /56 prefix from my ISP. This gives me up to 256 /64 prefixes, any of which can be used for any LAN or VLAN interface. In addition, it's possible to use private address too. On IPv6, they're called Unique Local Addresses (ULA), which can be used in the same manner as RFC1918 addresses on IPv4. Also, there are some situations where you want to be able to access one subnet from another. For example, my main LAN can access anything on my guest WiFi VLAN, but not the other way around.

Is it posible to send in syslog the vlan name? I see the vlan ID, but no the vlan name.

How do I put my linux machine in a vlan, please I need to know how have to present a work in college Monday

I just bought a managed switch for my setup. Thanks for the well timed tutorial!

Just curious if your still using pfsense or did you switch to open sense or are you using unifi firewall. I can’t figure it out. I set up the vlans and subnets on my network with proxmox, but some of the cluster nodes and VMS can’t reach the Internet.

How do we take this setup and assign guests on a specific Wi-Fi SSID to the Vlan you setup that does not have access to all private networks. Assume the Wi-Fi is on ap’s plugged into a managed layer 2 switch port that also has the pfsense device on one of the switch ports. Thanks! @RaidOwl

took me a while to figure out vlans but this one video does tick all boxes for me. thank you!

Thanks for the videos! You’re one of the few KZbinrs in this space that has a personality and you’re very entertaining to watch. Even if I’ve seen some LSU stuff in some of your videos, you’re not that bad ;)

Wouldn’t you only want to set an Alias like that on a Guest network? Because not only is that going to block being able to ping devices on another VLAN, but also on the same VLAN as well as access to the Firewall itself. It’s basically a complete black hole.

Thank you for the tutorial, very well done and laid out, Great job as always.

Thanks for the tutorial and it helps alot to understand vlans a little better in pfsense. I do have a question. I have two interfaces LAN and WAN and I setup my Asus wireless router as an Access Point with its own VLAN on the LAN interface for my wireless devices. Enabled DHCP on the VLAN and added the DNS rule. But now for some reason my wireless devices are being handed out DHCP addresses from the DHCP server on the LAN interface instead of the VLAN I created. What am i doing wrong? Thanks.

Thanks for the walkthrough, wonderfully explained! Am I correct in assuming that without a managed switch, this setup is not feasible? My current setup involves a pfsense, & a primitive, ISP provided wireless AP among other things. This AP probably cannot differentiate between one or more VLANs...

Great into to pfsense VLANs. I want to setup an isolated VLAN (IoT) that I can access from my LAN network. I've got it setup where I can ping the IoT from LAN, but can't connect to an HTTP service on the IoT. What I am missing?

How do you determine what device is on the VLAN? I didn't understand that part.

Perfect explanation to VLANs! I use aliases on my servers & IoT VLAN so that I have to provide an IP in the alias to allow it to have access to anything. That way, if anything happens and some one gets access to my proxmox server or anything on it, just any DHCP address cannot get out to the internet. I also use Pihole for all of my VLANs except the server VLAN so that a lot of traffic is blocked on the other networks and especially the IoT VLAN.

What is the difference between configuring VLANS on pfsense vs VLANS on switch and do we need both?

Nicely done video & Very Informative. Thank You!

12:50 what is testVLAN address mean? You didnt have to specify the IP address?

Many thanks. Exactly what I needed to create separate network for noisy IOT devices

Thank you - I have VLANs implemented and they are correct as proved in your video. They do what the firewall is letting them. The problem I have with active VLANs, and could not find any solution, is on adding Zenarmor pfsense. As soon as I activate in Zenarmor the Interface where I have VLANs on, I can't reach any device on the VLANs. The other interfaces provide no problems. The same problem I had before when I was trying to have dual wan with failover in pfSense implemented. Any hint?

This VLAN walk-through is awesome. I appreciate all the insight and your teaching method.

Oh man this is super well explained. Thanks so much.

this guide doesn't show how to determine which IPs are your private IPs, so I won't be able to make any use of it until I figure that out

Great video! Thank you for the explanation

I couldn't get DNS to work on the VLAN until I added an Access List under the DNS Resolver for the new VLAN network. Under Services / DNS Resolver / Access Lists, add a new one for the VLAN.

I blocked traffic from LAN -> VLAN25, from VLAN25 -> LAN, and allowed VLAN25 -> Internet. But from LAN, I can ssh a host in VLAN25 (should not happen).

Thank you for such a great walk through... Some of the fields are now named differently because of the updates to PF Sense.. Can you throw up some text updates on top of the video to account for the mismatch of selection settings..?

i would like to set up 3 VLANs... 1 for wifi/devices, 2 for my unraid server, and 3 for my cameras... however i need a docker on unraid to recieve rtsp from the cameras, but i dont want the cameras hitting the WAN, and I want any PC I want to access the Unraid Server (for back up purposes), but keep my server or pc safe if one got attacked the other would be safe.... does that make sense? like could i maake a rule where vlan3 (cameras) only talks to VLAN:8991 to give rtsp data?

Thanks for the video. I want to use an old PC with a dual port network card one WAN and one LAN, pfsense installed on SSD drive. I do have the house wired with cat 6 with at least one ethernet outlet per room. The LAN port configured on the pfsense box goes directly to an 24 port managed switch to connect all the wired network. I do not know how to setup VLAN, as in do I configure VLAN on pfsenese or do I use VLAN setup on the 24 port managed switch? Any help?

Do you have a video explaining how you run certain devices on your network through a VPN? Not sure if you have a video on this already, if you do please send me the link. This video was super helpful by the way as someone whose a totally new to pfsense.

Can you explain how to set up Nginx Proxy Manager in a DMZ with Pfsense? I'm running a virtualized Pfsense in Proxmox with two dedicated NICs. I want to use Nginx Proxy Manager in a LXC on the same host to make some services available to the public but with proper security.

Man, you help me A LOOOOOOOOOOOOOOOOOOOOOOT Iwas blocked around like 30 days on a problem, I'm using pfsense too and my VLAN cannot reach my LAN and with ur video I understand why now! Thanks a lot bro!

ottimo video, Grazie!

I'm late to this party, but MAN!! I thank you. This was the slow breakdown I needed.

I created my whole network set of rules thanks to this video, something that I'm still blasting my head off is when I want to isolate my iot network to prevent the devices seeing each other :/

Awesome tutorial 😊

Why pfsense cant create a vlan tagging on USB interfaces ?

I've come back to this video a couple times. Great resource. thanks!

Very good tutorial. Concise, no fluff, straight to the point. Well done.

Video helped me a lot to achieve setup what I wanted. Keep it going!

Good video, explained a lot. Thanks

Nice presentation of the procedure. I have the problem that the machine connected to the newly created vlan is being assigned with an ip address of the vlan's segment but it has no internet access, cant ping it's gateway and of course can t ping the LAN. At the last part where you create a rule for the dns I suppose it would also work if would have destination any and not udp 53. Still doesn t work though. It might have something to do with outbound NAT which you didn t show on the video. There are 4 options for the outbound NAT. It would be more complete if you would have shown that as well (what rules you created or had been created by default). Of course I still can t figure out why it doesn t work (My outbound NAT is set as Manual Outbound - third of the four options) Any thoughts? PS I used a specific port from pfsense device (it is qotom one with 4 ports). What I mean by that is the igb0 is the wan coming from the modem, the igb1 is for the lan connected to a microtik switch and igb2 transfers vlan20 (only since i didnt used the igb1 which has also the lan).Via a physicala cable it ends up in the last port of the switch where it transfers it untagged to port 23. So I connect port 23 with a laptop for instance it takes an ip of that segment (so eerything is good up until now) but no internet access. Properties of the network card of the laptop shows for all services (DHCP/DNS/GATEWAY) 192.168.20.1

Thank you for this video.

If we add all private network subnets on the alias, won't it also block the vlan interface's own private IP addresses as well? What if I need to place a few web servers on the vlan and want them to connect internally via private IPs?

Please make a tutorial to make pfSense to intercept all traffic behind it with my own SSL cert

very good video thank you :)

❤❤❤

great video, cheers

great vid!

Thank you.

thank you

Thank you

I tried this once before, but I couldn't get my unifi access point to use the new vlan. Is there a trick to adding WiFi devices?

Poor adio volume