Best video I've found on this subject! You clearly explain what needs to be done and walk the viewer through the process. Really appreciate the level of detail you went into. Thanks for making this video!
This is a great video!! My question is how did you setup you management vlan. Does it connect to the lan port or to one of the other physical ports? Thanks.
I'm subscribed after you saved me! I had the exact same error you had only I was thinking it was my Nic cards not being vlan aware! Silly me, I guess I thought I did everything correctly but when no dhcp lease IP was given for the newly created vlans that was driving me crazy. "pfSense by default always tells us do not add two gateways,"... well this time it's different. That's a bug that needs to be fixed. I was checking for bad cables, nic card vlan aware, ports connected snugly, and basically not my settings :) Thank you for picking up on this since no other person found this "bug." pfSense V2.6.0-RELEASE (amd64)
One thing I'm confused about is your firewall rule for the SERVERS network. If the first rule allows connections out to everywhere except internal address space why would you need another rule to deny communications to IoT network? Wouldn't the IoT network use the already blocked RFC1918 address space from the first rule?
You are correct. It appears he was illustrating different scenarios rather than establishing functional rules. In this specific instance, the second rule is indeed redundant and unnecessary.
great video bro, just inherited a pfsense box on my new job, lol, this really helps me out, can you please add video on rules please, thanks again. Also adding two separate sites if you can, meaning connecting to two different devices from ISP two connect the two sites from across town, thanks again!!
At 19:00 why do you need a second rule for the block from servers network to IOT network? Doesnt the alias FW rule already block that because the IOT vlan would full into the listed IPs? It seems unnecessarily redundant?
Could I just create the vlans on the switch and then pfsense will recognise different vlans and route them? It would be easier to have them on the switch and directly assign them to their respective ports?
If the Default Gateway given by PFsense DHCP server is pointed at the vlan interface IP on FW, wouldn't that mean if clients need to communicate between VLANs for non-internet bound traffic (ie. pc_client talking to servers) that the PFsense would have to do the routing and is less in performance than if the L3 switch did the routing?
When I do this, my devices are obtaining IP from the parent and not the vlan. If I turn parent off, nothing works. What settings did you use on parent to make the vlans take over the dhcp?
Thanks for the tutorial. It's still not working for me though. I have a Cisco SG300 switch set to Layer 3 with all VLAN's configured. I setup the same VLAN's on the pfSense, but I'm unable to hit the Firewall. I'm able to hit the default gateway of the VLAN, but not the pfSense Firewall. I'll keep tinkering with it.
All is missing is assigning the vlan tagging on the switch right? IE, vlan 2 = priority 0 ? Since you prioritize 0 to all, is that means all traffic from different vlans get top priority?
I am not getting internet traffic on my 3100. The steps were followed as directed. i am hesitate about tagging because it will lock me out of box. It seems to be most confusing. The lan 4 is used to login 3100. So would tag all vlans to port 4?
@@TechMeOut5 One AP, but I want that all my family phones go to my private network, lets say LAN, but all my IOT devices or guests phones want to go to IOT VLAN.
שאלה, hp microserver הוא יכול להריץ pfsense? ניסיתי לעשות בוט מ-usb לא נתן. במקביל אני שוקל להתקין את pfsense על proxmox אבל לא בטוח לגבי החיווט של הרשת
Why did you use 172.16.vlantag ??? at 06:56 . shouldn't you use 10.100.vlantag ??? Can I create a totally new ip there? and it will be the ip that will appear to the person? Thanks in advance
@@TechMeOut5 I've just created the VLAN at pfsense, and at TP-link L2+ switch i attached to the vlan by mac address, did the ipconfig release and renew, showed the right address. But can't connect to the internet. I've copied your vlan ipv4 address, could this be the problem?
Hi your questiom is unclear and sadly, it looks like a far too elaborate topic to be troubleshooting with a comment on youtube video. With all willingness to help...
*If you like this video, give it a like*
Oh my god, I have tried for so long to get my head around VLANS and you have just nailed it for me. I cant thank you enough for your help!
Best video I've found on this subject! You clearly explain what needs to be done and walk the viewer through the process. Really appreciate the level of detail you went into. Thanks for making this video!
Thank you very much. Glad it was helpful!
This is a phenomenal video - it's so clearly explained. Truly one of the best videos I've seen on pfSense VLAN's! Great job!
Wow, thank you so much frank! Much appreciated indeed!
This takes me where I need to be in setting up the firewall for my church! Thanks for a very informative video!
Glad we could help!
I have never seen a video with such a successful explanation about creating a pfsense vlan. Thanks
Glad i was able to help
Nice to see an in depth guide to this
Pity he used /24 subnets. I'm gonna run in trouble with virtual gateway IP's within more restrictive subnets.
Excellent video Avi! Very detailed and well explained. Always a pleasure!
Thanks for watching Tony! Much appreciated indeed
This is a great video!! My question is how did you setup you management vlan. Does it connect to the lan port or to one of the other physical ports? Thanks.
Dude this is awesome. Thank you so much. Great tutorial, great breakdown of everything. You rock
I'm subscribed after you saved me! I had the exact same error you had only I was thinking it was my Nic cards not being vlan aware! Silly me, I guess I thought I did everything correctly but when no dhcp lease IP was given for the newly created vlans that was driving me crazy. "pfSense by default always tells us do not add two gateways,"... well this time it's different. That's a bug that needs to be fixed. I was checking for bad cables, nic card vlan aware, ports connected snugly, and basically not my settings :) Thank you for picking up on this since no other person found this "bug." pfSense V2.6.0-RELEASE (amd64)
Thanks for watching buddy!
In this case, it needs a management switch to assign ports for different services. Am Iright ?
One thing I'm confused about is your firewall rule for the SERVERS network. If the first rule allows connections out to everywhere except internal address space why would you need another rule to deny communications to IoT network? Wouldn't the IoT network use the already blocked RFC1918 address space from the first rule?
You are correct. It appears he was illustrating different scenarios rather than establishing functional rules. In this specific instance, the second rule is indeed redundant and unnecessary.
This helped me get my VLANs setup and working...thanks.
I am a newbie in networking. Very helpful bud!
Glad you liked it!
Question for the workstation VLAN. Because of the double NAT how would you allow the workstation VLAN to have internet access?
great video bro, just inherited a pfsense box on my new job, lol, this really helps me out, can you please add video on rules please, thanks again. Also adding two separate sites if you can, meaning connecting to two different devices from ISP two connect the two sites from across town, thanks again!!
You saved my life. Thanks for this excellent explanation. 💜
At 19:00 why do you need a second rule for the block from servers network to IOT network? Doesnt the alias FW rule already block that because the IOT vlan would full into the listed IPs? It seems unnecessarily redundant?
Any chance you could a video for opnsense? Specifically Vlans and rules for home network protection.
Could I just create the vlans on the switch and then pfsense will recognise different vlans and route them? It would be easier to have them on the switch and directly assign them to their respective ports?
If the Default Gateway given by PFsense DHCP server is pointed at the vlan interface IP on FW, wouldn't that mean if clients need to communicate between VLANs for non-internet bound traffic (ie. pc_client talking to servers) that the PFsense would have to do the routing and is less in performance than if the L3 switch did the routing?
When I do this, my devices are obtaining IP from the parent and not the vlan. If I turn parent off, nothing works. What settings did you use on parent to make the vlans take over the dhcp?
Thanks for the tutorial. It's still not working for me though. I have a Cisco SG300 switch set to Layer 3 with all VLAN's configured. I setup the same VLAN's on the pfSense, but I'm unable to hit the Firewall. I'm able to hit the default gateway of the VLAN, but not the pfSense Firewall. I'll keep tinkering with it.
Hi I have vlan created on my switch core and it is this switch which does DHCP server how to add existant vlan on pfsense
and you do video on connecting two or multiple LAN's on PfSense, new to it, thanks again.
All is missing is assigning the vlan tagging on the switch right? IE, vlan 2 = priority 0 ? Since you prioritize 0 to all, is that means all traffic from different vlans get top priority?
I am not getting internet traffic on my 3100. The steps were followed as directed. i am hesitate about tagging because it will lock me out of box. It seems to be most confusing. The lan 4 is used to login 3100. So would tag all vlans to port 4?
How to set up the switch for clan is missing?
I can put my printer on it's own VLAN. However, I can't get my PC to see the printer (PC driver uses IPP).
What about wifi devices? How to configure, that all the IOT wifi or guest wifi devices, will be added to IOT VLAN automatically?
What do you mean? It depends on the wifi access point and switch you are using
@@TechMeOut5 One AP, but I want that all my family phones go to my private network, lets say LAN, but all my IOT devices or guests phones want to go to IOT VLAN.
What is your setup in manage switch to used this setup
Great explanation, I appreciate the time for preparation and creating this video. Thx.
Thank you for watching!
great work and awsome explination, Thank you a lot.
Thank you. Well explained!
Glad you liked it.
אחלה סרטון, כל הכבוד.
שאלה, hp microserver הוא יכול להריץ pfsense? ניסיתי לעשות בוט מ-usb לא נתן. במקביל אני שוקל להתקין את pfsense על proxmox אבל לא בטוח לגבי החיווט של הרשת
Ahh. I can save huge time If I saw this video years ago.
Excellent video great job. Thank you so much.
I'm glad i was able to help!
Why did you use 172.16.vlantag ??? at 06:56 . shouldn't you use 10.100.vlantag ??? Can I create a totally new ip there? and it will be the ip that will appear to the person? Thanks in advance
What?
@@TechMeOut5 I've just created the VLAN at pfsense, and at TP-link L2+ switch i attached to the vlan by mac address, did the ipconfig release and renew, showed the right address. But can't connect to the internet. I've copied your vlan ipv4 address, could this be the problem?
Hi your questiom is unclear and sadly, it looks like a far too elaborate topic to be troubleshooting with a comment on youtube video. With all willingness to help...
Great video. It helped me a lot. Thank you very much.
Glad to hear that!
Thanks bro. You have solved my problem :)
Great video - End to End!
Hi my friend. Thanks for the video.
Nice! Thanks for this video!
Thanks for this video man!
Thanks for watching!
great video !
Thanks! Good video!
well done
TOP NOTCH!
Thank you very much! Thanks for watching!
אין מצב שאתה לא ישראלי חחח