Hi all,
I want to re design my home network with 3 VLANs
VLAN 1 trusted devices (PCs, alptops)
VLAN 2 guest/untrusted devices (Phone both ours and guest’s and guest laptops)
VLAN 3 IOT
I have a mini PC with 6 NICs running PFSense
I would like to configure 1 NIC as WAN and the rest 5 as LAN
At the moment they are all in one bridge but I can;t find how to associate VLANs to it
I try to connect the network as described in the picture attached, Each switch directly to the pfsense and some more PCs also direct to it, how can I achieve it without “spending” lots of IPs on the PFSense NICs?
This I understand, I meant that the two switches are both on VLAN1 and also PC2 and I wonder if all the NICs on the PFsense can have the IP on each VLAN or do I have to daisy chain the switches and route all the traffic to a single LAN NIC on the PFsense?
Thanks for the answer,
Both of my switches are managed, how do I configure a trunk on the PFsense? I saw there LAGG and LACC but no trunk… and for trunk I can associate VLANs? (more than one on each NIC)?
I might have misunderstood what you are asking… You generally only setup on IP interface per subnet in pfsense. I think what you might want to do is setup bridges if you need the vlan on multiple Ethernet ports…
So you would have a VLAN1 bridge that would have the ports that SW2 is plugged into, and the VLAN 1 traffic (tagged or native) from SW1; a VLAN2 bridge that has the port PC2 is plugged into, the the VLAN2 traffic from SW1; Then it looks like you can just have a straight VLAN3 interface from the port SW1 is plugged into…
You are correct, a managed switch ASIC will greatly outperform software bridges and would be preferred…But for the scenario you diagrammed can work…
You go into Interfaces > Interface Assignments > VLANs to vlan interfaces…In the case diagrammed you (I’m making the assumption all three all the vlans are tagged, native vlans would be handled at the root interface level) would add the interface SW 1 is plugged into, vlan tag 1; add another for vlan tag 2; add another for vlan tag 3…the interface SW2 and PC2 are plugged into look like they would not have tagged packets, so nothing needs to be done there…Create the bridges (Interfaces > Interface Assignments > Bridges) and then use the bridge as your IP interface on pfSense…
No, you can configure bridges and other techniques to make your diagram work…I’ve done it many times where there is only one or two “extra” devices to plug in and we don’t what the extra overhead of a switch at a location (I work in electric, water and wastewater utility communications, remote sites many times only have a few devices). That’s where Netgate’s method of placing a switch ASIC to manage onboard HW interfaces makes a lot of sense.
