Management vlan pfsense question

So I’m new to pfsense and looking to get setup my own home pfsense box. I’m curious as to management vlan am I right in thinking that management vlan is for things like accessing APs, and switches for managing.

I.e.
Management vlan 10
192.168.10.0/24

AP ip address - 192.168.10.2/24
Switch ip address - 192.168.10.3/24
Also what ip address segment should the pfsense box be, also vlan 10 or would the default 192.168.1.1 suffice.

Hopefully this makes sense.

If you are new to setting thing up, moving to a management VLAN might be a big challenge to start with. But yes, you can change via rules on the firewall what network can access the web interface on pfsense.

1 Like

@Mati92, it is very common to isolate the mgmt interfaces of your network devices to a dedicated vlan and limit access to them. When it comes to the default settings for mgmt of the pfSense firewall, I create a new interface for this. You don’t want any end user system to have access to the mgmt ports on any of your gear.

Another question for tagged ports that are carrying all the vlan traffic
Vlan 30 and 40 work and pull an address from pfsense.

Vlan 10 and 20 womt work and dont pull an address from pfsense.

It is probably your member port config. I don’t know what physical ports would run what VLANs, but since they don’t have all VLANs assign to them across the board it is the first place I would look.

1 Like

I was in idiot turned out my vlan 30 and 40 were assigned to the wrong interface. Working now.

2 Likes

Been there many times and probably many more in the future, lol.

1 Like

I got myself a new switch to finally get rid of 2 switches. I’ve got vlans setup and working with pfsense. I left port 1 on vlan 1 but somehow I have managed to lock myself out of the gui. I’ve set my ip to same ip range as switch still nothing. Heading for a reset and resettting everything up I’m thinking untagged port 1 for vlan 1 and port 24 as truck port.

Am I missing something?

Hard to know without knowing your particular switch and port profiles

on that subnet scan for all IP address and see if you can locate your switch. I basically kept my management network without vlan. Is it a good idea ?

I can now get to it dont think its via a vlan now. Now having issue getting to my wireless access point.

I would always avoid running anything on VLAN 1, including management.

2 Likes

Cheers fred going to have a look next at doing a different Vlan for Management.

This is probably a stupid question and i may get laughs, if i have a management Vlan of 10 for instance do i have to physically assign any of my port switches to vlan 10, or can i just use a rule from my vlan 20 network to access vlan 10.

Yes, you need to assign VLAN10 to any port that with have a management interface plugged into it. When it comes to allowing systems from other VLANs access to your management network, I would be very specific on what IPs and ports allowed.

1 Like