VLAN config

[smccloud]

Ok,
Since I'm new to the whole world of VLANs, I just want to make sure I'm thinking properly (i.e. it will work how I think it will).
I am thinking of the following VLANs.

• 2 - 10/100 Traffic
• 3 - Gigabit Traffic w/o Jumbo Frames
• 4 - Gigabit Traffic w/ Jumbo Frames
• 5 - WiFi
• 6 - Guest WiFi
• 7 - WiFi for Belkin NetCam (due to the DHCP storm it causes)
• 4095 - Disable guest computer access when needed

All but 6, 7 & 4095 will be able to route between each other (hopefully) using pfSense to perform said routing. Each VLAN will also have its own DHCP server (other than 4095). Mostly this is a learning experience, but it will also help me keep certain traffic completely off my "important" stuff (i.e. my FreeNAS box).

 

[nry]

From what I am aware jumbo frames can't be enabled for only a single VLAN.

Based on what you have provided I'd just have a normal traffic VLAN with gigabit and 10/100 devices combined. Then your WiFI/Guest access as you have defined.

 

[smccloud]

I know I can only enable or disable it on my switch, wasn't sure about enabling it on a VLAN in pfSense. To be honest, the VLAN documentation for pfSense is horrible (i.e. almost non-existant).

 

[legen]

I know I can only enable or disable it on my switch, wasn't sure about enabling it on a VLAN in pfSense. To be honest, the VLAN documentation for pfSense is horrible (i.e. almost non-existant).

I am using pfsense vlans in our server room build. Using vlans will enable you to use one DHCP server on each vlan. I can probably answer any questions if you want to try pfsense vlans and get stuck.

We use it to separate our subnets, forcing all traffic going between subnets through our firewall. This gives us good control on the traffic flow. We need this since our subnets have different security requirements. Works quite well so-far.

 

[smccloud]

I am using pfsense vlans in our server room build. Using vlans will enable you to use one DHCP server on each vlan. I can probably answer any questions if you want to try pfsense vlans and get stuck.

We use it to separate our subnets, forcing all traffic going between subnets through our firewall. This gives us good control on the traffic flow. We need this since our subnets have different security requirements. Works quite well so-far.

Thanks. I found the following that I am going to use as a start. Only VLAN I need to prevent access to the rest is the guest VLAN. But that shouldn't be hard to do. How To Create And Configure VLANs In pfSense | iceflatline

 

[smccloud]

Ok, got them configure and getting IPs. No Internet access at all though. I am more than likely doing something wrong.

1. VLAN10 - 172.16.10.0
2. VLAN20 - 172.16.20.0
3. Default VLAN - 172.16.6.0

If you need any more info to find the mistake I made, please let me know.

 

[vegaman]

Looking at that I'd say it's because you're only allowing TCP, so DNS queries are being blocked.
Change the protocol of your rules to 'any'.

 

[smccloud]

Looking at that I'd say it's because you're only allowing TCP, so DNS queries are being blocked.
Change the protocol of your rules to 'any'.

That was it, thanks.

 

[Diavuno]

Looking at that I'd say it's because you're only allowing TCP, so DNS queries are being blocked.
Change the protocol of your rules to 'any'.

ill remember that!