Friday, April 27, 2007

.:: Pfsense : How To Setup Vlans ::.

Requirements:

• 1 unit of Soekris or pc install with Pfsense

Setting Vlans On Pfsense

Now we setup the vlans on the pfsense

1. Login to Pfsense
2. Go to Interfaces(assign)
3. Click on the Vlans Tab
4. Click the little + sign to create a new vlan

Now we have some settings like this :

Parent Interface: sis0 (or whatever your LAN)
VLAN Tag: 10
Description: VLAN10

Parent Interface: sis0 (or whatever your LAN)
VLAN Tag: 20
Description: VLAN20

Parent Interface: sis0 (or whatever your LAN)
VLAN Tag: 30
Description: VLAN30

Assign Vlans Interface At Pfsense

Now return to pfsense, and reboot it. Everything should work, we’re just enabling the vlans.

Now login to the pfsense again, go to interfaces(assign), go to interfaces tab, then click the + sign.

You should have:

LAN: sis0
WAN: sis1
OPT1: VLAN 10 on SIS0 (VLAN10)
OPT2: VLAN 20 on SIS0 (VLAN20)
OPT3: VLAN 30 on SIS0 (VLAN30)

Click save. Reboot the pfsense again.


Figure1 : Assign Vlan Interface at Pfsense

Now login to the pfsense again, and change the interface name from OPT1 to VLAN10, and then assign it the ip range 10.0.10.1/24 and click save. Do the same for VLAN20 (10.0.20.1/24) and VLAN30 (10.0.30.1/24)

Now go to the DHCP Server section on the pfsense, and you’ll see a new VLAN10, VLAN20 and VLAN30 at the top, which you can configure.

Make sure it is enabled, then click “Apply Changes”


Figure2 : DHCP Server For Vlan10


Figure3 : DHCP Server For Vlan20


Figure4 : DHCP Server For Vlan30

Setting Up Vlan Routing at Pfsense

After you have done that you will want to configure your firewall rules on the pfsense setup. In this example, Vlan10 can access to Vlan20 and Vlan30. Same as Vlan20, it can access Vlan10 and Vlan30. But for Vlan30, it just can access Vlan20 only.


Figure5 : Vlan10 Rules


Figure6 : Vlan20 Rules


Figure7 : Vlan30 Rules

And now, i'm finish with setup Vlans on Pfsense. U can try it by yourself.

36 comments:

Francisco Javier said...

ok, good information but i need share the internet connection wan to all vlans, how to configure the pfsense box on wan onterface or some like that, thnks..

Cristiano Santos - Analista de Projetos said...

Francisco,

It's a good and simple post. Thanks!
:)

Ovais said...

Fantastic !
Precise and to the point.
Thanks for the post.

Rhett Shafer said...

I wish all of these pfsense tutorials were like this. Just past the screenshot explain just a little bit and done.

Chanda said...

Hi, I am having problems with Pfsense firewall settings. It seems to be blocking vlans broadcasting of emails with attachments.

Chanda said...

Any help to my post will be highly appreciated.

Frank said...

Hi, in your firewall-rules for every VLAN your firewall-address is 10.0.0.1. Why is it not 10.0.10.1 for VLAN10, 10.0.20.1 for VLAN20 and 10.0.30.1 for VLAN30? Or am I missing something?

Anonymous said...

Hi

Your guide works between the VLANS, but how do you add rules to allow internet access with your already established rules ?

dmitchell said...

Thank you so much for this! I am now routing traffic among 6 VLANs thanks to pfSense.

Anonymous said...

hello im going in this configuration i like speake 3vlan i have switch HP

Ulf said...

I've done this, I somehow cant get it working on my switch thought.

I have a 2510-24 switch. I tag port 24 with all VLANs (and connect it to the firewall).

Then I tag like port 1-5 with VLAN20.

Somehow I get No IP when i Connect to these ports. But I get an IP when I connect to the "standard LAN/Untagged".

Some who knows whats wrong?

Thank you in advance.

Anonymous said...

Someone necessarily lend a hand to make significantly articles I would state.
This is the very first time I frequented your web
page and so far? I surprised with the analysis you made
to create this actual post amazing. Great activity!
Also see my web site: porntube

Anonymous said...

I have read so many content regarding the blogger lovers but this article is truly a fastidious piece of writing, keep it up.
Feel free to visit my homepage :: porn dvd uk

Anonymous said...

Wow that was strange. I just wrote an extremely long comment but
after I clicked submit my comment didn't show up. Grrrr... well I'm not writing all that over
again. Regardless, just wanted to say wonderful blog!
Visit my site ; Please Don’t Expel Me

Anonymous said...

Great goods from you, man. I have understand your stuff previous to and you're just extremely great. I really like what you've acquired here,
really like what you're saying and the way in which you say it. You make it entertaining and you still take care of to keep it sensible. I can't wait to read
far more from you. This is really a great website.
Stop by my blog post ; Young And Tasty

Anonymous said...

An impressive share! I have just forwarded this onto a friend who had been doing
a little homework on this. And he in fact ordered me lunch simply because I found it for him.
.. lol. So let me reword this.... Thanks for the
meal!! But yeah, thanks for spending time to discuss this topic here
on your website.
Here is my site ; Orlando contractor

Anonymous said...

good for a starter, many comments and questions, but as like most other sites, questions are never answered.
Make me think if you haven'y just coppied and posted this and have no understanding yourself !

Anonymous said...

Generally I don't read article on blogs, but I would like to say that this write-up very pressured me to try and do it! Your writing taste has been amazed me. Thank you, very great article.
Here is my webpage where can I find the best proform treadmill

Anonymous said...

Hi Dear, are you genuinely visiting this site regularly, if so then you will definitely obtain pleasant knowledge.
My web page onlinetreadmillreviews.com

Anonymous said...

Malaysia & Singapore & brunei greatest internet blogshop for wholesale & supply korean accessories,
earrings, earstuds, choker, rings, bangle, hair & bracelet add-ons.
Promotion 35 % wholesale discount. Ship Worldwide
Here is my web page : stitching wire jakarta

Anonymous said...

Malaysia & Singapore & brunei ultimate on-line blogshop for wholesale & quantity
korean accessories, accessories, earstuds, pendant, rings, bangle, hair & bracelet accessories.
Promotion 35 % wholesale markdown. Ship Worldwide
my page > locksmith salt lake city ut

Anonymous said...

After we evaluate the meaning of the word really enjoy, not only in regards to a close romantic relationship utilizing one more, yet as being a sense that may be engendered when you've got miltchmonkey an improved relationship on your own very * or simply as the feeling of better oneness family members or even humanity , it then results in being substantially more superior that each one someone is looking for in life is certainly really enjoy.

Anonymous said...

I think the admin of this web page is actually working hard
in support of his web page, because here every stuff is quality based material.
Feel free to surf my weblog : AV

Anonymous said...

top [url=http://www.c-online-casino.co.uk/]www.c-online-casino.co.uk[/url] hinder the latest [url=http://www.casinolasvegass.com/]las vegas casino[/url] free no deposit perk at the foremost [url=http://www.baywatchcasino.com/]free casino
[/url].

Anonymous said...

We stumbled over here from a different web address and thought I might as
well check things out. I like what I see so now i am following you.
Look forward to finding out about your web page repeatedly.
Review my blog post :: weight loss doctors in Miami

Anonymous said...

It's fantastic that you are getting thoughts from this article as well as from our dialogue made at this place.
Here is my weblog :: Click This Link

Anonymous said...

I have read so many content on the topic of the blogger lovers however this
piece of writing is actually a good piece of writing, keep it
up.
Also visit my page ikea furniture assembly service

Mega I.T Support said...

very nice, thanks for helpfull information

vishu said...

Hi,

I need you PfSense Guru Gyan(Knowledge)
I have following sample IP Structure given by the ISP, and i need to configure my PfSense box

WAN Pool: 1.1.1.0/30
TCL end WAN IP: 1.1.1.1/30------------------------------------------------ to be configured at provider router interface allocated for particular customer
Customer end WAN IP: 1.1.1.2/30---------------------------------------- to be configured at customer end router WAN interface(interface facing provider, connecting provider link/cable)

LAN Pool: 2.2.2.0/28
Customer router LAN Interface: 2.2.2.1/28----------------------------- to be configured at customer end router LAN Interface(interface facing customer LAN/switch)

Customer LAN equipments: 2.2.2.2/28----- to 2.2.2.14/28---------- to be configured at customer equipments/servers etc

Un-usable IPs: 1st & last: 2.2.2.0/28 & 2.2.2.15/28
Customer LAN Gateway: 2.2.2.1/28
In router, LAN Pool to be routed towards provider end WAN IP: 1.1.1.1/30

Above are the sample concept used for IP routing for WAN/LAN or static routing.
How to acheive this in PfSense i fail to understand, please help me out.

Regards
Vishal Gupta

Anonymous said...

I think the admin of this site is genuinely working hard in favor of
his web page, since here every information is quality based stuff.


Feel free to surf to my homepage: salt lake city locksmith
my website :: locksmith salt lake city ut

Anonymous said...

Nice howto, found out that to enable wan acces you have to create deny/drop rules exs: guest wirelss - > LAN deny and then new rule with wireless guest allow any. then wan access works, atleast that workes for me.

Anonymous said...

For most up-to-date information you have to pay a visit the web and on internet I found this
site as a best website for hottest updates.

Also visit my homepage ... Http://xxx-video.org/

Anonymous said...

Thanks for sharing your thoughts on uk hardcore porn. Regards

My blog post ... sexy girl chat

Anonymous said...

Howdy! This is my 1st comment here so I just wanted to give a quick shout out and say I really enjoy reading your articles.
Can you suggest any other blogs/websites/forums that cover
the same topics? Thanks for your time!

Have a look at my webpage - http://www.free-videos-xxx.net/category/340/self/

Anonymous said...

What's Going down i'm new to this, I stumbled upon
this I've discovered It absolutely useful and it has aided me out loads. I am hoping to give a contribution & aid other users like its helped me. Great job.

Here is my web blog cool pissing xxx clips tubes (http://dansksextube.dk/article_detail/ladies-and-females-pissing-out-doors-spot-and-hidden-video-camera-1718.html)

Anonymous said...

Nice job on the article. It helped me figure out a few simple routing issues that I couldn't get working and getting quite frustrated about it. Turned out that I did not reboot pfsense after adding my vlans, etc. Didn't think that was really necessary, but low and behold, once I rebooted it, and changed nothing else, everything worked tickitey-boo!