This is a fantastic video on configuring VLAN with pfSense and other devices, including comprehensive guidance on firewall rules. Thanks a lot for this video, it's much easier to understand and implement!
Great Tutorial. I've always wanted to create disparate WiFi networks for each different VLANs and route each via a different outbound VPN tunnel. You've got me 75% there. One thing to note is that the firewall cannot block communication between systems on the same subnet. This is purely broadcast communication.
Thanks mate! You are 100% right regarding the firewall rule and some people already raised the same point. The reason I created that rule is because for some reason when I add the RFC1918 block rule, it blocks the default gateway for within their own subnet. That was the only workaround I could come up with. But, mate if you know a better way, please let us know as I am always keen to learn new things. That subnet rule always bugged me to be perfectly honest.! Again, thanks for the comment and for watching! :)
thank you this made so much sense. using dlink managed switch. i assumed it worked like this but when i went to start i quickly got mentally overwhelmed with the other options and backed out.
Dude. This is great! Best video I came across about this. All the other videos missed half of magic needed to understand this. Thanks! (Zoom the screen on your browser, please. 🙂 )
Great thanks so much, very informative and easy to understand. I also want to secure my own network, exposing too many sensors on my network been freaking out. Thanks
Great videos! I have a question when interface assignment of vlans to pfsense LAN ports. - Can I connect my wireless AP point directly to pfsense 2.5 GbE port, by having two LAN ports in pfsense . - one lLAN port to connect my manage 1GbE switch - 2nd LAN port for my wireless AP
Wow, you were amazing! You explained the material thoroughly and passionately, and I learned a lot from you. Thank you so much for the great content - I can't wait to see your next video. I have a question regarding VLAN setup. Since my Asus router doesn't support VLANs, I bought a Ubiquiti UniFi U6 Pro access point (standalone) and a TP-Link TL-SG108E managed switch. Most of my devices use WiFi, and I've been trying to configure the UniFi U6 Pro, TP-Link switch, and Protectli Vault, but it hasn't worked. I tried to set up VLANs on the multi-SSID options for both the 2.4GHz and 5GHz bands, but I'm still having issues. Do you have any suggestions on how I can get this VLAN setup working properly in my home network? I really appreciate your help and the great work you're doing.
Sir thanks for the help. That zyxel UI has been a headache for me. Do you have a discord server that can be joined to ask some questions? Thanks! Keep it up!
Would love to know if I can set up multiple access points. Also, for simple home office, family of 6 (older kids), and starting to add more IoT devices, what are the advantages of setting up VLAN vs the mesh routers I have now?
Great video. Getting ready to introduce VLANs to my local network. However, for my wifi, I'm using Linksys Velop mesh, which doesn't look it supports VLANs. I typically use it in bridge mode and let my router to the DHCP. With VLANs, the linksys will assign IP on the VLAN tag that it connects to the managed switch, corrrect? Meaning, I won't be able to associate different SSIDs to different VLANs using my linksys velop.
Iv never used VLANs previously as I never quite understood them on PFSENSE - but now you make it so simple - Thank you so much for such a clear explanation. Im going to test this out today but I just need to ask you some thing pls... Im going to setup 3 VLANS on our Network. today..1(Access Point for mobile devices)) 2 (All the PCS) 3 (VOIP Phones) The 6 Voip Phones are powered with a small 8 port unmanaged POE switch. This POE Switch connects to our main 48 PORT MANAGED switch with a LAN cable to port 48. DO I just set Port 48 as a VLAN for the VOIP Phones... or do I have to configure more ports since we using 6 phones?? Thank you once again - God Bless!
Thanks for the great tutorial. Just a question, why didn't you simply remove source any to Dest. any rule on the interfaces for each VLAN/Subnet to prevent all connectivity and then add rules to only allow the type of traffic you want to come in and leave? Wouldn't that be more ideal? E.g. You could have removed the default source any to Dest. any rule on VLAN 10 and only allow ICMP ping to its Default Gateway only and same for the other interfaces/networks? You could add port 80/443 to be allowed from any source on VLAN 10 to any Dest. for the internet and 53 for DNS, I guess it would be "This Firewall" as the destination.
This is exactly what I was looking for! Many thanks for the detailed guide, please keep up the good work. I'm planning to recreate my home network, and felt completely lost how to move from a classic router configuration to VLAN's and more. I have a ton of IoT devices already but I really wish to move to a more secure solution and separate LAN traffic. Is there a way to add as an example adguard on all traffic for each VLAN? Can you maybe recommend what device will be good for pfsense if I would like to go for a 2.5G LAN network speed (editing photos over network, Plex, from NAS, Frigate, NVR and more)? Should I look for a hardware that support 2.5G LAN for pfsense, or as long as I'm not planning to transmit over 1gig between VLANs I'm good with a gigabit router interface for pfsense? Just trying to avoid having a bottleneck in my LAN network on long run. :)
Lovely video! I am still trying to understand what do purpose PVID indicate? you set PVID 20 on port 1, and VLAN 20 is set as untag, wont setting the VLAN 20 Untag always default to that VLAN Network even if i do not set PVID? For example, in the video you did not set PVID for port 4 to 40, would it make a difference? Also For Port 10, why us VLAN 10 set as untag and PVID10? cant we just set all to tagged like what you did for VLAN 20,30.. etc Sorry if my question is trivial, i am very new to the concept. Thanks in advance!
Awesome! Easy to follow. Thank you for your help. I have a similar pfsense router. I would like to use another 2.5 gb port for iot and server. Can I still connect to them if I’m on my lan port ?
Thanks for the great video. Just a small question, if i dont want to use vlan dhcp in vlan? I mean if i have a dhcp server ( example on synology nas) and if i want to use as dhcp this server, how can i continue? note: Synology will not in the same vlan with devices
Thanks for the wonderful guidance and inspiration to enter the world of pfsens. I have a doubt where and how to connect Unraid Nas/Server. Whether to create a separate Vlan or not and what are the settings in Switch. Should it have a fixed IP address or should it be DHCP so I can assign it in pfsense. Thanks in advance.
Thank you for the support! :) You can definitely create a separate VLAN for your NAS, especially if you want to keep it out of the reach of other networks. Just don't forget to put in the necessary firewall rules. I would set a fixed IP address for the NAS for sure, because you don't really want to be reconfiguring the clients at the whim of the DHCP server! You can either set it static on the NAs itself (if you have a reserved lease in the DHCP) or just use the NAS Mac address and set it in the DHCP Server, so that it assigns always the same IP to it. Totally up to you, both methods are legit IMHO! :) Good luck mate! :)
@@DigitalMirrorComputing I finally understood what is my problem. In your video, what is at the address 192.168.10.20, is it on a VLAN or a separate port on the Switch, or something else?
Thank you so much for the video. However, I am a bit confused. I understand the VLAN concept when directly plugging into the switch or all wifi devices working when connected to the AP, according to being ports assigned. But how does the WiFi devices going to work? Say for example, in VLAN ID 20, how would an Amazon Echo be connected? Sorry if this is a stupid question.
It's not a stupid question at all mate! Have a look at the bit where I talk about the AP network config. So you need to create the VLAN in the AP as well and then assign it to a SSID. You want a one to one configuration for the vlan and the ssid. So for vlan 20 just create a SSID (e.g. MySSID_20) and assign vlan20 to it. Then connect your amazon device to that SSID and check it's ip. it will be in the range you assigned to vlan 20. I hope that helps! and thanks for watching! :)
Hehe, as soon as I posted this question, it suddenly dawned on me that you actually talked about that during AP section, but just that I don't have Unifi AP, I didn't really pay attention. So, looks like I need AP that supports VLAN? I just have a simple mesh Wifi system. Also your tutorial was by far the most easiest to understand. Thank you again.
Nice question! I will add a link to the description! Yes U6 enterprise and Zyxel Multi-Gig 12-Port Web Managed Switch. I will add a link to the description!
This is a fantastic video on configuring VLAN with pfSense and other devices, including comprehensive guidance on firewall rules. Thanks a lot for this video, it's much easier to understand and implement!
Super excited to watch the channel grow and learn more IT. Thank you so much!! 🙏
thank you mate for watching and supporting with those kind words! Much appreciated it! :))
This is by far the best walkthrough I’ve seen. Thank you!
aww thanks mate! Glad I could help! :)
need more! a lot more!!! give me more!!!!!!!!!!!!
Nice I will have to rewatch this several times
Great Tutorial. I've always wanted to create disparate WiFi networks for each different VLANs and route each via a different outbound VPN tunnel. You've got me 75% there. One thing to note is that the firewall cannot block communication between systems on the same subnet. This is purely broadcast communication.
Thanks mate! You are 100% right regarding the firewall rule and some people already raised the same point. The reason I created that rule is because for some reason when I add the RFC1918 block rule, it blocks the default gateway for within their own subnet. That was the only workaround I could come up with. But, mate if you know a better way, please let us know as I am always keen to learn new things. That subnet rule always bugged me to be perfectly honest.! Again, thanks for the comment and for watching! :)
This is reeeeally useful, thanks for making this very clear! 👌
Glad you enjoyed it mate! :D
been using pfsense for quite sometime, but it only make sense when i found your channel..new subs here, thanks for great videos!!!
Excellent Tutorial - Thank You!
Dude, This is a Great Video, also awesome explanation. Thank you so much I needed this. Great Job to you Sir!
My pleasure mate! Thanks for watching! :)
thank you this made so much sense. using dlink managed switch. i assumed it worked like this but when i went to start i quickly got mentally overwhelmed with the other options and backed out.
This was perfect since I also have a pfsense firewall as well as a managed Zyxel switch. Thank you!
woohoo!! :)) AWesome mate!
On the same boat here. Ui on the zyxel is kind of weird so i never completely understood the tagging.
Dude. This is great!
Best video I came across about this. All the other videos missed half of magic needed to understand this. Thanks!
(Zoom the screen on your browser, please. 🙂 )
Thanks matey!! :) Will do! Still learning this youtube thingy! :D
@@DigitalMirrorComputing You already winning bro.
very good tut.
Excellent tutorial - clear, helpful and really well paced.
thank you mate! :)
Great thanks so much, very informative and easy to understand. I also want to secure my own network, exposing too many sensors on my network been freaking out. Thanks
Great video. Waiting for the next one 😊
Thanks dude!! :D
Great content. Keep up the good work. Subscribed!
Thanks for the support mate! :)
Awesome video. So clear to understand.
Thank you so much, your video just came on the right time. Thanks again
Really glad you enjoyed it! Thanks for watching!! :D
Great Video! Thank you for sharing
Subbed! very helpful
Unifi controller 😮 I have also an unifi access point but I didn’t till that video that I need the unifi controller to create vlans!
You can install the software version, or the docker container! Both work great! thanks for watching!
Great videos!
I have a question when interface assignment of vlans to pfsense LAN ports.
- Can I connect my wireless AP point directly to pfsense 2.5 GbE port, by having two LAN ports in pfsense .
- one lLAN port to connect my manage 1GbE switch
- 2nd LAN port for my wireless AP
Great video, thanks a lot... can you make please some more videos with pfsense, vpn, adguard etc.
Thank you mate!! I will for sure! It's on my backlog! :)
Thank you!
Wow, you were amazing! You explained the material thoroughly and passionately, and I learned a lot from you. Thank you so much for the great content - I can't wait to see your next video.
I have a question regarding VLAN setup. Since my Asus router doesn't support VLANs, I bought a Ubiquiti UniFi U6 Pro access point (standalone) and a TP-Link TL-SG108E managed switch. Most of my devices use WiFi, and I've been trying to configure the UniFi U6 Pro, TP-Link switch, and Protectli Vault, but it hasn't worked. I tried to set up VLANs on the multi-SSID options for both the 2.4GHz and 5GHz bands, but I'm still having issues.
Do you have any suggestions on how I can get this VLAN setup working properly in my home network? I really appreciate your help and the great work you're doing.
thanks so much mate! Really appreciate the kind words! :) thanks for the support!
Howdy, great video, glad i found your channel. Should you setup vlans on pfsense (protecli box) or set vlans up on tve switch behind it instead?
nunca vi nada + facil. keep it simple
Sir thanks for the help. That zyxel UI has been a headache for me. Do you have a discord server that can be joined to ask some questions? Thanks! Keep it up!
Would love to know if I can set up multiple access points.
Also, for simple home office, family of 6 (older kids), and starting to add more IoT devices, what are the advantages of setting up VLAN vs the mesh routers I have now?
Great video. Getting ready to introduce VLANs to my local network. However, for my wifi, I'm using Linksys Velop mesh, which doesn't look it supports VLANs. I typically use it in bridge mode and let my router to the DHCP. With VLANs, the linksys will assign IP on the VLAN tag that it connects to the managed switch, corrrect? Meaning, I won't be able to associate different SSIDs to different VLANs using my linksys velop.
Iv never used VLANs previously as I never quite understood them on PFSENSE - but now you make it so simple - Thank you so much for such a clear explanation. Im going to test this out today but I just need to ask you some thing pls...
Im going to setup 3 VLANS on our Network. today..1(Access Point for mobile devices)) 2 (All the PCS) 3 (VOIP Phones) The 6 Voip Phones are powered with a small 8 port unmanaged POE switch.
This POE Switch connects to our main 48 PORT MANAGED switch with a LAN cable to port 48. DO I just set Port 48 as a VLAN for the VOIP Phones... or do I have to configure more ports since we using 6 phones??
Thank you once again - God Bless!
Awww thanks mate for such a lovely comment!
Thanks for the great tutorial. Just a question, why didn't you simply remove source any to Dest. any rule on the interfaces for each VLAN/Subnet to prevent all connectivity and then add rules to only allow the type of traffic you want to come in and leave? Wouldn't that be more ideal? E.g. You could have removed the default source any to Dest. any rule on VLAN 10 and only allow ICMP ping to its Default Gateway only and same for the other interfaces/networks? You could add port 80/443 to be allowed from any source on VLAN 10 to any Dest. for the internet and 53 for DNS, I guess it would be "This Firewall" as the destination.
thanks.
This is exactly what I was looking for! Many thanks for the detailed guide, please keep up the good work.
I'm planning to recreate my home network, and felt completely lost how to move from a classic router configuration to VLAN's and more. I have a ton of IoT devices already but I really wish to move to a more secure solution and separate LAN traffic. Is there a way to add as an example adguard on all traffic for each VLAN?
Can you maybe recommend what device will be good for pfsense if I would like to go for a 2.5G LAN network speed (editing photos over network, Plex, from NAS, Frigate, NVR and more)? Should I look for a hardware that support 2.5G LAN for pfsense, or as long as I'm not planning to transmit over 1gig between VLANs I'm good with a gigabit router interface for pfsense? Just trying to avoid having a bottleneck in my LAN network on long run. :)
That's amazing! Thanks for the support 😊
Очень интересно записывай еще
Lovely video! I am still trying to understand what do purpose PVID indicate? you set PVID 20 on port 1, and VLAN 20 is set as untag, wont setting the VLAN 20 Untag always default to that VLAN Network even if i do not set PVID? For example, in the video you did not set PVID for port 4 to 40, would it make a difference?
Also For Port 10, why us VLAN 10 set as untag and PVID10? cant we just set all to tagged like what you did for VLAN 20,30.. etc
Sorry if my question is trivial, i am very new to the concept. Thanks in advance!
Awesome! Easy to follow. Thank you for your help.
I have a similar pfsense router. I would like to use another 2.5 gb port for iot and server.
Can I still connect to them if I’m on my lan port ?
If I understood correctly I would say it's ok! Just make sure you have that port on the same subnet (if that's what you are after!) :)
Couldnt you have just bought a firewall device with a couple more ports and just saved the whole cost of the Managed Switch?
I can not see my VLAN in the DHCP Server. I only see LAN. Can someone help me please?
Thanks for the great video. Just a small question, if i dont want to use vlan dhcp in vlan? I mean if i have a dhcp server ( example on synology nas) and if i want to use as dhcp this server, how can i continue? note: Synology will not in the same vlan with devices
Thanks for the wonderful guidance and inspiration to enter the world of pfsens. I have a doubt where and how to connect Unraid Nas/Server. Whether to create a separate Vlan or not and what are the settings in Switch. Should it have a fixed IP address or should it be DHCP so I can assign it in pfsense. Thanks in advance.
Thank you for the support! :) You can definitely create a separate VLAN for your NAS, especially if you want to keep it out of the reach of other networks. Just don't forget to put in the necessary firewall rules. I would set a fixed IP address for the NAS for sure, because you don't really want to be reconfiguring the clients at the whim of the DHCP server! You can either set it static on the NAs itself (if you have a reserved lease in the DHCP) or just use the NAS Mac address and set it in the DHCP Server, so that it assigns always the same IP to it. Totally up to you, both methods are legit IMHO! :) Good luck mate! :)
@@DigitalMirrorComputing I finally understood what is my problem.
In your video, what is at the address 192.168.10.20, is it on a VLAN or a separate port on the Switch, or something else?
I love pfsense
It's really awesome right! :D
Thank you so much for the video. However, I am a bit confused. I understand the VLAN concept when directly plugging into the switch or all wifi devices working when connected to the AP, according to being ports assigned. But how does the WiFi devices going to work? Say for example, in VLAN ID 20, how would an Amazon Echo be connected? Sorry if this is a stupid question.
It's not a stupid question at all mate! Have a look at the bit where I talk about the AP network config. So you need to create the VLAN in the AP as well and then assign it to a SSID. You want a one to one configuration for the vlan and the ssid. So for vlan 20 just create a SSID (e.g. MySSID_20) and assign vlan20 to it. Then connect your amazon device to that SSID and check it's ip. it will be in the range you assigned to vlan 20. I hope that helps! and thanks for watching! :)
Hehe, as soon as I posted this question, it suddenly dawned on me that you actually talked about that during AP section, but just that I don't have Unifi AP, I didn't really pay attention. So, looks like I need AP that supports VLAN? I just have a simple mesh Wifi system. Also your tutorial was by far the most easiest to understand. Thank you again.
Which model are the Zyxel switch and are you using the U6 Enterprise unify access point?
Nice question! I will add a link to the description! Yes U6 enterprise and Zyxel Multi-Gig 12-Port Web Managed Switch. I will add a link to the description!
aahhh forgot to press record, I'm a radio DJ, never happened to me, honest ;)
hahah it's a classic! :D