No video
How To Setup VLANS With pfsense & UniFI. Also how to build for firewall rules for VLANS in pfsense
Рет қаралды 468,364
Күн бұрынOur Most Current pfsense Tutorials lawrence.techn...
Connecting With Us
---------------------------------------------------
+ Hire Us For A Project: lawrencesystem...
+ Tom Twitter 🐦 / tomlawrencetech
+ Our Web Site www.lawrencesy...
+ Our Forums forums.lawrenc...
+ Instagram / lawrencesystems
+ Facebook / lawrencesystems
+ GitHub github.com/law...
+ Discord / discord
Lawrence Systems Shirts and Swag
---------------------------------------------------
►👕 lawrence.video...
AFFILIATES & REFERRAL LINKS
---------------------------------------------------
Amazon Affiliate Store
🛒 www.amazon.com...
UniFi Affiliate Link
🛒 store.ui.com?a_aid=LTS
All Of Our Affiliates that help us out and can get you discounts!
🛒 lawrencesystem...
Gear we use on Kit
🛒 kit.co/lawrenc...
Use OfferCode LTSERVICES to get 5% off your order at
🛒 lawrence.video...
Digital Ocean Offer Code
🛒 m.do.co/c/85de...
HostiFi UniFi Cloud Hosting Service
🛒 hostifi.net/?v...
Protect you privacy with a VPN from Private Internet Access
🛒 www.privateint...
Patreon
💰 / lawrencesystems
@mattcero1 2 жыл бұрын
This guy's good! He blew Network Chuck's VLan video out of the water for sure. I'll be watching this again indeed when I'm in front of it all.
@decepti0n 2 жыл бұрын
Just started running pfsense in front of my home equipment. This video is extremely useful. Thank you Tom from 2017!!
@omgwtfbbqpwnages 2 жыл бұрын
I'm an absolute networking noob, and this was fantastic. Absolutely amazing that you do this work, and thank you so much for making this available.
@davidtoddhoward 6 жыл бұрын
The information you share on pfsense (and other topics like FreeNAS) is so, so helpful. I'm following much of what you what you do for my own personal development at the moment, and really appreciate all that you do. It's awesome that you dedicate so much time to openly share knowledge. It really helps engender trust and confidence in your company and skills. If I need expert services in the future, I'd have no hesitation in taking my business to you guys. Thanks so much Tom, and team.. :-)
@LAWRENCESYSTEMS 6 жыл бұрын
+Todd Howard thank you, it means a lot to me.
@myozone 6 жыл бұрын
+1
@haimsadia 5 жыл бұрын
@@LAWRENCESYSTEMS How do you do your testing of PFsense within your network? I would like to set up a box and test it before I go live and take down the main router/internet connection.....if that makes sense?
@JCrossMsM 4 жыл бұрын
@@haimsadia Late reply, but this may help future viewers. pfSense works great as a VM. You could create a small scale, virtual lab on your main computer with the pfSense VM as the gateway. Replicate the settings of your production pfSense to the VM, and then test whatever settings/features you wish.
@Crystawth 4 жыл бұрын
I had been struggling to understand how vlans work and how to use them with unifi and your videos are wonderful. You break it down in a way that makes it very manageable to learn.
@camf33 Жыл бұрын
Thank you very much.. I have a background in telecommunications and networking but it’s been decades I haven’t touched vLans, definitely what a refresher with pfSense. Kudos to the way you explained it and broke it down, what an excellent presentation!
@blackryan5291 Жыл бұрын
5 years later this is still schooling people. Thanks for making this. Also...I would like to wholeheartedly thank the person that setup VLAN 69. If they did it on purpose or not don't matter. That port assignment makes me giggle
@KILO993 6 жыл бұрын
Dude, I just found your channel and all your vids are information gold. Where have you been all my life haha. Keep up the good work :D
@jimmytopete2077 3 жыл бұрын
Learned a lot here. Now I got a clear picture of how to start a homelab with vlans. Now to tinker.
@memyself6857 7 ай бұрын
Always informative, clear, and detailed! Thanks for all the effort you put into your videos!
@LAWRENCESYSTEMS 7 ай бұрын
Thank you
@Impractical_Engineer 6 жыл бұрын
This is invaluable and really saved me some time trying to figure it out myself! Well put together, super helpful and really easy to understand. For some reason I thought I would need a physical separate port on PFSENSE dedicated to each VLAN, Silly me haha.
@enderst81 6 жыл бұрын
heh how the hell did you know I was trying to get this same setup working yesterday? it's a Christmas miracle! Thanks lol
@Dorff_Meister 2 жыл бұрын
I bought a pair of Unifi APs (my first Unifi products) so I could add an 'Internet Only' SSID for my IOT devices (and guest network and such) with my pfSense. Setup has been a snap with your help. Thanks!
@foquismo6076 2 жыл бұрын
Its one of those days when your glad to know about this guy..
@esrtek5754 5 жыл бұрын
Many thanks! ordered a PF-Sense sg1100 (direct) but used your Amazon link for the rest.. 8 port Unifi Switch and a AP-AC-Lite all thanks to your suggestions and awesome vids!!
@SteveFunk 2 жыл бұрын
Great guide, I use opnsense (similar enough) with a Unifi AP and this guide worked perfect. I appreciate you putting this together. I used it to get my VLAN knowledge from nothing to actually setting up my first IoT VLAN which I've been wanting to do for months now.
@piperjohn_3 2 жыл бұрын
Thank you so much for this---it really helped me get the VLANs, switch, and AP wifi networks finally playing together nicely and it's really satisying! I actually know what I'm doing now. I have to say maybe the hardest part was getting the Unifi Controller software running on an older linux laptop without breaking it. I tried the neglected docker image but no go even after sshing into the AP. The Dutch guy's excellent script referenced in the Unfi forums was where I should have gone first!
@mdd1963 6 жыл бұрын
Given the high quality of your tutorials, I have decreed 100% forgiveness/pardon for the man-bun! Well done tutorials! Keep 'em coming!
@user-pd3zd7is1v 5 жыл бұрын
Given the high quality of his tutorials I want his man buns
@robersonsoliveira 3 жыл бұрын
You're simply the best. Better than any course out there. By the way, I'm from Brazil. I appreciate all your knowledge and everything you've taught us rich things like that.
@reubx 6 жыл бұрын
Very helpful video, thank you. Question: When defining the second firewall rule (~8:00) why do you select the source of "any" rather than just "IOT net" ?
@steelrides4462 3 жыл бұрын
Thank you for your clear explanation! I've been trying to get this to work for hours. I just needed to switch the Unifi switches from the default Lan profile to All and it pushed the DHCP address right through. Thanks.
@tbeehler 6 жыл бұрын
I've always had issues with VLAN's and understanding them, and this video just make it "click" in my head. Awesome job!
@Preview43 4 жыл бұрын
I heard the clicks too... but it turned out it was just the gears stripping in my head
@electricdorito 4 жыл бұрын
If anyone is following along and is trying to get traffic passing through a Cisco managed switch, in the switch settings you have to add the VLAN # in VLAN Settings. Then under Port to VLAN, change the filter to list VLAN # membership. Make sure whichever port you have the pfSense device plugged into is Tagged and then the device(s) that you want to be a member of that VLAN is Untagged. I spent hours troubleshooting because this was my first time setting up a VLAN. But what I didn't realize was that when I selected Tagged, it was tagging it as the Trunk which is what the pfSense device needs to be, and devices you want to add to that VLAN need to be Untagged so they are a member but not the Trunk and all other ports remain as Excluded.
@jphillips5700 6 жыл бұрын
This is awesome! Was pulling my hair out trying to get VLANs to cooperate with PFsense and my 24 port UNIFI switch. Thank you thank you thank you! Is there a video on how to create a VLAN to separate Open VPN traffic on certain ports such as NordVPN or similar. I've created certs etc. Just want to apply it to certain ports that machines are running on. Thanks again this was incredibly well done. Subscribed!
@aaronsharp3858 4 жыл бұрын
Great video helped me alot..... Anyone running hyper v and can't get this working me neither took me hours too get this working, hyper v cannot does not allow trunking of vlans on a virtual switch without running a special powershell command Google vlans pfsense hyper v you will find the command you need as soon as I ran the command my setup worked perfectly
@MrTCard91 3 жыл бұрын
You are amazing. Please don’t ever stop these videos.
@cesarcuellar6540 2 жыл бұрын
Thanks a lot for your videos. Greetings from Troy!
@muhammadbutt7994 3 жыл бұрын
In the example above, what FW rules we need to set up on the LAN (igb0) interface? In my understanding, the LAN (igb0) is going to be connected the Switch1 and only use for getting traffic from the switch. All VLANs are set up on the same port igb0. Thank you. All of your videos are incredible.
@tesla2115 Жыл бұрын
Thanks this is very helpful and useful information. Good job!
@cbremer83 6 жыл бұрын
If anyone has issues getting internet to work on your VLANs, check DNS settings. I smashed my face on my keyboard for a while before getting to the point of just looking everywhere. That is when I noticed on LAN was highlighted in the DNS page. Added my VLAN and now it connects to the outside world. I never tried to ping just an IP outside. Only a URL. The thought never even occurred to me up to that point. Simple thing to overlook.
@237311 5 жыл бұрын
I have the same problem as you, client on VLAN cannot connect to the internet, neither ping PFsense router. Could you please explain here in details how did you fix the issue. What do you mean LAN was highlighted in the DNS page? Thanks!
@cybrnook 6 жыл бұрын
Loving the content guys, you are hitting the perfect sweet spot for tech enthusiasts like myself. Also a fellow metro-detroit resident here in the process of building out my server rack at home, and you guys just so happen to be using all the same equipment and features I am at home (Pfsense, Unifi, IPS, VLANS, Virtualized etc.....), so you have been a great help. Keep up the great work, and good luck with the business. Shop looks great, real inviting and you guys seem to have everything you need. EDIT: Maybe I missed it, but you run your Unifi controller on a CK or a VM?
@LAWRENCESYSTEMS 6 жыл бұрын
+Hans Geiblinger thank you ;)
@LAWRENCESYSTEMS 6 жыл бұрын
In a VM
@user-il6ei7mh5o 5 жыл бұрын
And.. subscribed. As someone new to PFSense, this was clear as day to myself. I completely forgot about my old USG VLAN10 I setup for IoT :)
@rickabrams3422 5 жыл бұрын
thank you so much for these videos. i can see the benefit of having IOT on vlans. i'll set this up on my own network and see what i all break :)
@anthonyscott2368 2 жыл бұрын
Great vid. Easy to follow along
@ColbyPerry 6 жыл бұрын
Thank you Tom for making this video, I think it just solved a problem I have..I'm not the smartest person in the world when it comes to networking.
@VajiraLasantha 3 жыл бұрын
Just what I was looking for while setting up my Omada system. Thank you.
@LAWRENCESYSTEMS 3 жыл бұрын
Glad it was helpful!
@joachimdahl3831 4 жыл бұрын
Hey nice video. But i dont understand why you first create a rule to allow all to all then more rules to block. by default pfsense is block all so why not just create a rule that says from vlan to wan allow. that way you dont have to create the block rules as all is blocked by default. you only have to create rules for what you want to allow. (i dont know pfsense but i was looking in to it when i stubled across your nice video) pleas correct me if i am wrong
@mnoble247 3 жыл бұрын
I just do intervlan routing on the switch and only send traffic to the pfSense box as needed. If you are doing a GBe or multiple, or even 10GBe you can't get the backplane bandwidth that you get keeping data plane on the L3 switch itself.
@amosgiture 5 жыл бұрын
That is simple enough and detailed enough at the same time
@r7_guy941 9 ай бұрын
Very good explanation thanks a lot. I am going to build a home network with netgate and unify,, but I do not know how to connect a voip/dect phone to the router and how this works. Is it possible for you to explain this ?
@BayAreaTechPros 6 жыл бұрын
What an excellent guide and commentary. Thank you so much for this. Although I was looking for a guide on something different your explanations of your actions have helped me achieve exactly what I wanted. Thanks again this is very helpful!
@jrnmadsen2710 5 жыл бұрын
Great video, thanks. Textbook example of a well designed network. One question,- I'm a big fan of pfSense,- but what is the reasons not to keep a "clean" Unifi setup,- using a UniFi Security Gateway? As far as I can tell, a UniFi Security Gateway could do the job. Same vlans, NAT''ing, DHCP and firewall rules Is it to counter any future orders from the customer, pulling the more advanced features of the pfSense? Another reason,- perhaps you want to use ssh tunneling for management?
@wheresmyspanner 6 жыл бұрын
Thanks a lot for this tutorial, finally been able to setup VLANs on my network thanks to this! One question - I have a PiHole running as a DNS server on my 'management' (.5) VLAN. Any idea on how can I get my intranet (.10) VLAN to talk to the pihole for dns lookups? Right now can't seem to suss out how to get internet accesss on the intranet VLAN whatsoever, even when setting DNS to 1.1.1.1 on the DHCP server. Thanks for your help!
@tschaderdstrom2145 4 жыл бұрын
Without VLAN capability, I would recommend using the guest network on the home router if it has one as a solution to separate IoT/smart home stuff from your 'production' network. To me, it seems pretty dumb that ISPs rent out these all-in-one modem/router units and just give one network for everything for home users, despite all of the evidence and advice from little organizations like, say, the DoD, NSA, et. al. to segment your networks, even at home.
@RichardBuckerCodes 4 жыл бұрын
This was a great primer. I was able to apply these rules to my edgerouter X with little advanced knowledge. However there is one missing link. I have an odd shaped house and getting my amplifi wifi in bridge mode in the middle of the house for a more "average" coverage... and then there are IOT that are wired and wireless. So while my router is happy and I have my vlan configured I cannot actually use it. Any ideas on how to approach this?
@DoBaMan77 3 жыл бұрын
Hi, awesome video and everythings works flawlessly. One thing I did not find out yet ist how to define a "Master" Device which is able to coltroll different Vlan-devices without changing the Wireless Network. And of course there ist the question of security. Maybe I am searching the iNet for the wrong subject?
@stuartwilson2277 6 жыл бұрын
Thanks, great explanation. You Clarified the connection between pfsense and unifi for me. Turns out it's not complicated at all :)
@pandabrain 4 жыл бұрын
The DNS block is only working on devices that either receive the DNS server address via DHCP or have it already set up. If a device would be set up to use a different one, the DNS lookup would just fail. That's why i redirect the target of DNS to my opnsense box in the firewall. That way, DNS always works for any client and the reply always comes from my own DNS server. Works like a charm with plain DNS requests.
@KingLouieX 5 жыл бұрын
Thanks for the video, just jumped on the PfSense bandwagon and this saved me from buying another NIC..
@krzychaczu 5 жыл бұрын
11:10 Please note that you allowed all IOT devices to access anything anywhere on the Internet. So they can still be used for cryptomining, be part of the botnet, or a Tor gateway...
@r8cobra 4 жыл бұрын
You should want to run a Tor node anyways ;)
@skrueger0 3 жыл бұрын
Thank you, Lawrence! I just got my IoT network setup for my secure devices.
@LAWRENCESYSTEMS 3 жыл бұрын
😎
@fbifido2 6 жыл бұрын
Can you add a different captive portal for each VLAN? Can you make a UniFi AP give out different SSID for the different captive portal on each VLAN in pfSense? without using a USG?
@lalala987 3 жыл бұрын
Thank you for the video! Great information!
@LAWRENCESYSTEMS 3 жыл бұрын
Glad it was helpful!
@NatesToob 3 жыл бұрын
@@LAWRENCESYSTEMS Hey Tom! Any chance of an updated version of this content now that it's been a few years? With the new Unifi interface, it's not quite step by step anymore (plus, I tried it today and hit some issues, and want to see what I screwed up. =D )
@wstrater 2 жыл бұрын
When you were setting up DHCP on the VLAN you mentioned that pfSense blocked broadcast by default and you need to allow it. I didn't see you allowed it. I have a VLAN with one fire wall rule to allow any IPV4 protocol from any source to any destination. I still can't get an IP address when connecting to a Unifi WiFi or switched tagged with the VLAN. I can get an IP address for the LAN both wirelessly and wired.
@thomask.9347 2 жыл бұрын
Thank you guys! That is such a good video made in a way even a potato like I am understands it :)
@StructuredChaos 4 жыл бұрын
This video is still relevant. Thanks.
@ilducedimas 5 жыл бұрын
There should be a "double thumbs-up" button for all the videos of this channel.
@podcastbunker 4 жыл бұрын
Home network VLAN Rookie question to Un-confuse me. I’ve had PFSense for years. What other hardware do I need to create a VLAN network ? I Have 2 Unifi AP’s. Can I get by for now with a Ubiquity 24 port switch? Limited budget. Thanks for any info.
@LAWRENCESYSTEMS 4 жыл бұрын
you need a VLAN aware switch and the UniFi 24 is VLAN capable.
@larthack80 5 жыл бұрын
This is a gem! I’m a fairly new subscriber so I’m binging your content and this one is great!
@linuxpc4me555 5 жыл бұрын
Thanks for such a great video. As I am very new to networking I shudder asking this question - You show two switches connected together. switch 2 is connected via port 1 to switch 1 port 5, then switch 1 is connected to wan via port 1. I am guessing switch 1, port 1 is a trunk port. Is switch 2 port 1 also designated as a trunk port?
@davidg4512 6 жыл бұрын
I believe, if I'm not mistaken, that rules are processed from top to bottom. When blocking outside DNS, the "Block all to TCP/UDP 53" should be at the top and the rule that allows DNS to the pfsense router should be just below that.
@cjonesuk86 4 жыл бұрын
Hi Tom, thanks for your all your tutorial videos on VLANs. One thing I would like to know is, how would I create a typical 'IOT' network that is isolated, but I can still have one-way access to these devices from the normal LAN?
@Max34557 6 жыл бұрын
What i did for my IOT VLAN is just created an alias for all RFC1918 networks (Private IP range) and blocked everything from IOT to RFC1918 except for the gateway address of the IOT vlan.
@Topdoozie 6 жыл бұрын
One of your best videos to date
@ring5148 3 жыл бұрын
How about host's physical NIC properties? It has to support 802.1q trunking.
@chazzber 6 ай бұрын
I have a 3100 unit and a unifi ap but no switch, i have followed these steps but i cant seem to get to the internet and i dont know why literally have a headache coz of this, is a switch necessary for this to work? Would like the AP to act as a wireless switch, its directly connected to the pF
@TheRangeControl 4 жыл бұрын
I'm just beginning the video(2:30)... HOWEVER, I have a question that I always seem to land on: As you show the diagrams with switches and talk about ports.... are you talking about assigning a physical RJ45 cable connection point? OR, are you talking about some digital unseen connection?
@neilgreene 6 жыл бұрын
i use this setup and like pfsense in front of my network with Ubiquiti so much better than the USG. It is actually very very simple.
@JCmyBoi Жыл бұрын
If the switch connected directly to the router is unmanaged, will my ap be able to identify the vlans? Like wise for my managed switch behind the unmanaged one?
@pattygq 2 жыл бұрын
A little confused with the following rules. At 10:14 what you're saying is that we'll block all clients on this VLAN from using whatever DNS the client computer is telling itself to use and tell it to use only the DNS servers listed in pfSense at System --> General --> DNS? I'm sure for the simplicity of the video this next statement would be true? This example at 10:14 is simple in that it only assumes DNS uses UDP over port 53. If the DNS packet is larger than 512 bytes (zone transfers and DNSSEC) then it should flip over to sending that via TCP. With the rules described in this video it won't be able to flip over to TCP correct?
@mal798 3 жыл бұрын
You are an inspiration.
@LAWRENCESYSTEMS 3 жыл бұрын
Thanks
@gomez758 2 жыл бұрын
How would I assign different devices ie iot, phones,management,office on the the same SSID but have them get assigned the dhcp ip of their category or vlan? I have the same setup offense as the gateway and a ui 8 Poe switch with 6 lite access point.
@Witzkito 3 жыл бұрын
I finally understood!!! thanksss
@werbeschluessel 4 жыл бұрын
Hi, thanks for the video. I'm still not sure I got it entirely. If you make a VLAN for IOT, can you then still communicate with them (ie an LED stripe)? And if not, what's the point, and if yes, whats the security advantage?
@LAWRENCESYSTEMS 4 жыл бұрын
You create firewall rules that only allow one way communication.
@nicholasbackwell1869 4 жыл бұрын
Perhaps someone already asked this but what's the difference in Unifi under network settings clicking VLAN vs Guest when asked the purpose?
@mikesuter7185 3 жыл бұрын
Great video. Have you experienced both immediate & intermittent network drop-offs when passing "x" amount of data between two VLANS despite Suricata being disabled?
@tylerc5311 5 жыл бұрын
Ok now get this to work with different VLANs and subnets and I'll be impressed.
@mervinmercado4755 6 жыл бұрын
Followed question, I have here 1 typical computer unit installed pfsense 2.4.3 single wan and single NIC do I need to add another NIC? thank you again and hoping on you response many many thanks
@iscariotproject 6 жыл бұрын
really good walk trough,thank you for sharing
@rugo6933 4 жыл бұрын
Hi, could I set up a VLAN with only 1 switch I was only going to plug my PC into hoping to beef up my security The documentation with my Netgear GS108 switch wasn't helpful in describing the various types available, so I wound up scrapping it and buying another Synology AP which I don't think those routers communicate well with switches for whatever reason..perhaps because Synology does not make switches that I am aware of. maybe should just stick to having it as PNP, what do you think? Thanks and keep up the good work and I look forward to your future podcasts.
@JimDumser 6 жыл бұрын
For the IOT firewall rule, why not allow from IOT net to WAN net instead of having to block all the other interfaces?
@LAWRENCESYSTEMS 6 жыл бұрын
You have to Allow from IOT to all then block the others. If you only allow to WAN NET or WAN ADDRESS that only would allow accessing the public IP's but not going passed them as a destination.
@mattbireta 4 жыл бұрын
Lawrence Systems / PC Pickup have you tested that? I’ve seen that as another way. As long as lan initiates the contact then communication would be allowed?
@gh8447 6 жыл бұрын
I learned something today. Thank you.
@LAWRENCESYSTEMS 6 жыл бұрын
\o/
@SyberPrepper 6 жыл бұрын
Great video. I liked how you brought real world issues in. One other issue would be printing. If you only have one (wired) printer and want to use it between your main LAN and a separate VLAN for wireless devices, how would be the best way to allow access to the printer for everyone? Thanks.
@LAWRENCESYSTEMS 6 жыл бұрын
+SyberPrepper create a firewall rules to allow access just to that printer
@SyberPrepper 6 жыл бұрын
Cool beans. I'll give it a try.
@Peza987 6 жыл бұрын
Hi. A topic for an video that would be nice is how to use a LAG (link aggregation) with Pfsense. LAN to a ubiquiti switch. Can't find if you did that already. Keep up the good work Peter
@LAWRENCESYSTEMS 6 жыл бұрын
I have not, but I can add this to my "Videos To Make" list :)
@LostPilotage 6 жыл бұрын
Link Aggregation with FreeNas too please, I did something wrong last time I tried, and had to reinstall FreeNas to gain access to the OS. Last time I messed with those settings 😂
@miketarbox1190 6 жыл бұрын
Tom, great videos, and I greatly appreciate all of the helpful information you put out. Question for you. Do I have to setup manual outbound NAT rules for the VLAN's? Currently my pfsense box is setup with manual, but it almost seems like it should be automatic rules.
@MrXuegui 3 жыл бұрын
Unifi defaults ports to use the "All" port profile. Is there a simple way to change the default profile and then change only the ports needed for specific VLANs?
@SalamAlAhwal 3 жыл бұрын
Hello Is there a way to configure VLANs in VMware Workstation? Is there a virtual switch that can be added just like a "pfsense virtual router"? I have a windows 2019 dhcp server with superscope and it's supposed to distribute IP addresses to 5-subnets in 5-VLANs. I added the pfsense to do the routing, but couldn't do connect to it when I created the VLANs in the router. Is there a way to add a virtual switch or to configure a switch in VMware Workstation? or should I move to ESXi? ALL MY COMPUTERS ARE VIRTUAL IN THE SAME HOST. regard.
@237311 5 жыл бұрын
Great video. I've created VLAN on the pfsense, configured dhcp server with that VLAN interface, Firewall rule to allow all traffic from this VLAN. Ive configured the cisco switch uplink port which is connected to PFsense LAN port as Trunk (allowed all VLANs on this port). Problem: Clients are able to obtained an IP from the DHCP server but cannot connect to the internet. Also, client on 192.168.10.x network cannot ping PFsense (192.168.1.1)
@LAWRENCESYSTEMS 5 жыл бұрын
Sounds like you don't have the proper firewall rules setup for that VLAN
@237311 5 жыл бұрын
Here's a firewall rule settings of that VLAN inteface. Is there any other settings that I need to modify or check? Thanks! States Protocol Source Port Destination Port Gateway Queue Schedule Description Actions IPv4 * * * LAN net * * none Drop traffic to LAN IPv4 * IOT net * * * * none Allow all
@mattbireta 4 жыл бұрын
R L I believe that pfsense will not respond to pings by default. Will it ping 10.1?
@JensHove 6 жыл бұрын
Very well made video! Thank you.
@h4X0r99221 4 жыл бұрын
Great video Tom
@petrslansky6659 4 жыл бұрын
One important case for VLAN is that ONLY ONE Ethernet port is required at router PC. It is easier to get mini PC for your router that has just one ETH port than a PC that has more ETH ports. It is possible to buy small and cheap managed network switch with support for VLAN, like TL-SG105e or TL-SG108e. Such switch can be used to split 1 Gigabit port from mini PC to several network interfaces, RED, GREEN, BLUE, ORANGE, etc VLANs are only between mini PC and network switch. This "advanced" topic is not well documented and most instructions to build DIY internet gateway starts with instruction "buy motherboard with several network interfaces". These days
@StevePatak 5 жыл бұрын
Hi Lawrence Systems, I used this video as a guide for setting up my network (pfsense, UBNT switch, UBNT APs) with a secure lan with a secure wifi vlan, IOT vlan (wifi and cable), guest, server...you get the idea. I also used your other video that goes over aliases to simplify the rules for blocking IOT. I have a question about the DNS blocking. I was trying to replicate what you show on this video, blocking all external DNS by IOT devices but whenever I go through the rule creation as shown above and IOT Rules screen I find that Port never stays on the 53 DNS setting and reverts to *. Any idea what is causing this? TIA!
@LAWRENCESYSTEMS 5 жыл бұрын
I have not see that issue so I am not really sure.
@BarryArendt 6 жыл бұрын
Great video Tom,
@craigcyphers4226 6 жыл бұрын
I do not have a smart switch and will not be having anything connect to my VLAN through ethernet (no computers, etc.). I have a pfSense router and Ubiquiti AP and an unmanaged switch. I've followed all the instructions here. I can connect to my new Wifi point, but get no internet access. Is a managed switch actually required? If so, I'm assuming that if i don't have anything connected hardwired I won't have to assign a port to the VLAN? Almost there.. just a little more help... thanks.
@power-max 3 жыл бұрын
Do you have to create a specific vlan with tag=1 for the basic network or is that assumed with the bare interface w/ a specific hardware port selected?
@jerricho1422 4 жыл бұрын
I am trying to configure essentially the same setup (sg3100 & unifi 24poe switch). As soon as I change my switch port profile to match the vlan, the switch disconnects. Did you have to enable 802.1q VLAN mode?
@nacbk1 5 жыл бұрын
Any chance you can do a video on setting up VLANS on a SG-1100? I understand VLANS but the SG-1100 has me confused. I've looked for documentation but a lot of links just point back to the sg-3100 documentation
@troller4jesus 3 жыл бұрын
Cool ty. And do you know why that Add Tab button might be missing from the Interfaces > Switch > VLANs page?
@2006Agent 6 жыл бұрын
Wow your videos are awesome, I've grown to like pfSense thanks to you, can you perhaps do a video on how to use DHCP Relay with a windows server as DHCP Server perhaps, or point me in the right direction, appreciate all your videos it help me a lot
@LAWRENCESYSTEMS 6 жыл бұрын
DHCP relay is used to relay it over to another Network on a different subnet is that what your goal is?
@bsodmike 6 жыл бұрын
Nicely done Tom - thanks!
Lawrence Systems
Рет қаралды 100 М.
Lawrence Systems
Рет қаралды 259 М.
Garena Free Fire Global
Рет қаралды 9 МЛН
Techno Tim
Рет қаралды 220 М.
Lawrence Systems
Рет қаралды 1,1 МЛН
Dave's Garage
Рет қаралды 641 М.