On my pfsense device, I have all trusted devices on the default LAN and untrusted devices on the OPT interface. Are there any advantages or disadvantages to having trusted devices on a separate VLAN on LAN parent interface as opposed to what I have now?
All trusted devices will have still have access to all networks.
Presumably the difference is in the “v”.
Personally I keep the LAN as the means with which to directly access pfSense on the router in case I mess things up from the switch out. My network is segmented by vlans according to my needs.
It’s all about network security and logical separation. If you don’t want devices talking to other devices then create a VLAN and firewall rules that don’t allow traffic. If you trusted network is on LAN and untrusted stuff on OPT then you’re good as long as you have firewall rules to allow traffic properly.
I created all my VLANs on top of the default LAN, and nothing is allowed on my default LAN. I also have DHCP disabled on the default LAN. I am not sure if this is best practice or I just wasn’t smart enough to use the default LAN for my trusted devices? I have a trusted VLAN, as well as several other less trusted VLANs all set up as virtual interfaces on the default LAN, and each VLAN has its own IP range, its own DHCP server, and its own set of firewall rules.
Louie1961,
Yes this is what I was thinking and wanted to see if there are any advantages/disadvantages to this approach. So far no strong opinions either way.
Thanks