Best video I've found on this subject! You clearly explain what needs to be done and walk the viewer through the process. Really appreciate the level of detail you went into. Thanks for making this video!
I'm subscribed after you saved me! I had the exact same error you had only I was thinking it was my Nic cards not being vlan aware! Silly me, I guess I thought I did everything correctly but when no dhcp lease IP was given for the newly created vlans that was driving me crazy. "pfSense by default always tells us do not add two gateways,"... well this time it's different. That's a bug that needs to be fixed. I was checking for bad cables, nic card vlan aware, ports connected snugly, and basically not my settings :) Thank you for picking up on this since no other person found this "bug." pfSense V2.6.0-RELEASE (amd64)
This is a great video!! My question is how did you setup you management vlan. Does it connect to the lan port or to one of the other physical ports? Thanks.
One thing I'm confused about is your firewall rule for the SERVERS network. If the first rule allows connections out to everywhere except internal address space why would you need another rule to deny communications to IoT network? Wouldn't the IoT network use the already blocked RFC1918 address space from the first rule?
You are correct. It appears he was illustrating different scenarios rather than establishing functional rules. In this specific instance, the second rule is indeed redundant and unnecessary.
great video bro, just inherited a pfsense box on my new job, lol, this really helps me out, can you please add video on rules please, thanks again. Also adding two separate sites if you can, meaning connecting to two different devices from ISP two connect the two sites from across town, thanks again!!
All is missing is assigning the vlan tagging on the switch right? IE, vlan 2 = priority 0 ? Since you prioritize 0 to all, is that means all traffic from different vlans get top priority?
If the Default Gateway given by PFsense DHCP server is pointed at the vlan interface IP on FW, wouldn't that mean if clients need to communicate between VLANs for non-internet bound traffic (ie. pc_client talking to servers) that the PFsense would have to do the routing and is less in performance than if the L3 switch did the routing?
שאלה, hp microserver הוא יכול להריץ pfsense? ניסיתי לעשות בוט מ-usb לא נתן. במקביל אני שוקל להתקין את pfsense על proxmox אבל לא בטוח לגבי החיווט של הרשת
At 19:00 why do you need a second rule for the block from servers network to IOT network? Doesnt the alias FW rule already block that because the IOT vlan would full into the listed IPs? It seems unnecessarily redundant?
Thanks for the tutorial. It's still not working for me though. I have a Cisco SG300 switch set to Layer 3 with all VLAN's configured. I setup the same VLAN's on the pfSense, but I'm unable to hit the Firewall. I'm able to hit the default gateway of the VLAN, but not the pfSense Firewall. I'll keep tinkering with it.
When I do this, my devices are obtaining IP from the parent and not the vlan. If I turn parent off, nothing works. What settings did you use on parent to make the vlans take over the dhcp?
Could I just create the vlans on the switch and then pfsense will recognise different vlans and route them? It would be easier to have them on the switch and directly assign them to their respective ports?
I am not getting internet traffic on my 3100. The steps were followed as directed. i am hesitate about tagging because it will lock me out of box. It seems to be most confusing. The lan 4 is used to login 3100. So would tag all vlans to port 4?
@@TechMeOut5 One AP, but I want that all my family phones go to my private network, lets say LAN, but all my IOT devices or guests phones want to go to IOT VLAN.
Why did you use 172.16.vlantag ??? at 06:56 . shouldn't you use 10.100.vlantag ??? Can I create a totally new ip there? and it will be the ip that will appear to the person? Thanks in advance
@@TechMeOut5 I've just created the VLAN at pfsense, and at TP-link L2+ switch i attached to the vlan by mac address, did the ipconfig release and renew, showed the right address. But can't connect to the internet. I've copied your vlan ipv4 address, could this be the problem?
Hi your questiom is unclear and sadly, it looks like a far too elaborate topic to be troubleshooting with a comment on youtube video. With all willingness to help...
![SAFEPLANET - ดาวเคราะห์ [ THE PLANET ]](http://i.ytimg.com/vi/4X1XL3I_k3c/mqdefault.jpg)
*If you like this video, give it a like*
Oh my god, I have tried for so long to get my head around VLANS and you have just nailed it for me. I cant thank you enough for your help!
Best video I've found on this subject! You clearly explain what needs to be done and walk the viewer through the process. Really appreciate the level of detail you went into. Thanks for making this video!
Thank you very much. Glad it was helpful!
This is a phenomenal video - it's so clearly explained. Truly one of the best videos I've seen on pfSense VLAN's! Great job!
Wow, thank you so much frank! Much appreciated indeed!
I have never seen a video with such a successful explanation about creating a pfsense vlan. Thanks
Glad i was able to help
This takes me where I need to be in setting up the firewall for my church! Thanks for a very informative video!
Glad we could help!
Excellent video Avi! Very detailed and well explained. Always a pleasure!
Thanks for watching Tony! Much appreciated indeed
Dude this is awesome. Thank you so much. Great tutorial, great breakdown of everything. You rock
I'm subscribed after you saved me! I had the exact same error you had only I was thinking it was my Nic cards not being vlan aware! Silly me, I guess I thought I did everything correctly but when no dhcp lease IP was given for the newly created vlans that was driving me crazy. "pfSense by default always tells us do not add two gateways,"... well this time it's different. That's a bug that needs to be fixed. I was checking for bad cables, nic card vlan aware, ports connected snugly, and basically not my settings :) Thank you for picking up on this since no other person found this "bug." pfSense V2.6.0-RELEASE (amd64)
Thanks for watching buddy!
Nice to see an in depth guide to this
Pity he used /24 subnets. I'm gonna run in trouble with virtual gateway IP's within more restrictive subnets.
This is a great video!! My question is how did you setup you management vlan. Does it connect to the lan port or to one of the other physical ports? Thanks.
This helped me get my VLANs setup and working...thanks.
I am a newbie in networking. Very helpful bud!
Glad you liked it!
You saved my life. Thanks for this excellent explanation. 💜
One thing I'm confused about is your firewall rule for the SERVERS network. If the first rule allows connections out to everywhere except internal address space why would you need another rule to deny communications to IoT network? Wouldn't the IoT network use the already blocked RFC1918 address space from the first rule?
You are correct. It appears he was illustrating different scenarios rather than establishing functional rules. In this specific instance, the second rule is indeed redundant and unnecessary.
Great explanation, I appreciate the time for preparation and creating this video. Thx.
Thank you for watching!
great video bro, just inherited a pfsense box on my new job, lol, this really helps me out, can you please add video on rules please, thanks again. Also adding two separate sites if you can, meaning connecting to two different devices from ISP two connect the two sites from across town, thanks again!!
Question for the workstation VLAN. Because of the double NAT how would you allow the workstation VLAN to have internet access?
In this case, it needs a management switch to assign ports for different services. Am Iright ?
All is missing is assigning the vlan tagging on the switch right? IE, vlan 2 = priority 0 ? Since you prioritize 0 to all, is that means all traffic from different vlans get top priority?
If the Default Gateway given by PFsense DHCP server is pointed at the vlan interface IP on FW, wouldn't that mean if clients need to communicate between VLANs for non-internet bound traffic (ie. pc_client talking to servers) that the PFsense would have to do the routing and is less in performance than if the L3 switch did the routing?
אחלה סרטון, כל הכבוד.
שאלה, hp microserver הוא יכול להריץ pfsense? ניסיתי לעשות בוט מ-usb לא נתן. במקביל אני שוקל להתקין את pfsense על proxmox אבל לא בטוח לגבי החיווט של הרשת
and you do video on connecting two or multiple LAN's on PfSense, new to it, thanks again.
At 19:00 why do you need a second rule for the block from servers network to IOT network? Doesnt the alias FW rule already block that because the IOT vlan would full into the listed IPs? It seems unnecessarily redundant?
great work and awsome explination, Thank you a lot.
Thanks for the tutorial. It's still not working for me though. I have a Cisco SG300 switch set to Layer 3 with all VLAN's configured. I setup the same VLAN's on the pfSense, but I'm unable to hit the Firewall. I'm able to hit the default gateway of the VLAN, but not the pfSense Firewall. I'll keep tinkering with it.
Any chance you could a video for opnsense? Specifically Vlans and rules for home network protection.
Great video - End to End!
When I do this, my devices are obtaining IP from the parent and not the vlan. If I turn parent off, nothing works. What settings did you use on parent to make the vlans take over the dhcp?
Could I just create the vlans on the switch and then pfsense will recognise different vlans and route them? It would be easier to have them on the switch and directly assign them to their respective ports?
Thanks bro. You have solved my problem :)
Thank you. Well explained!
Glad you liked it.
Great video. It helped me a lot. Thank you very much.
Glad to hear that!
I can put my printer on it's own VLAN. However, I can't get my PC to see the printer (PC driver uses IPP).
Hi my friend. Thanks for the video.
I am not getting internet traffic on my 3100. The steps were followed as directed. i am hesitate about tagging because it will lock me out of box. It seems to be most confusing. The lan 4 is used to login 3100. So would tag all vlans to port 4?
Excellent video great job. Thank you so much.
I'm glad i was able to help!
What about wifi devices? How to configure, that all the IOT wifi or guest wifi devices, will be added to IOT VLAN automatically?
What do you mean? It depends on the wifi access point and switch you are using
@@TechMeOut5 One AP, but I want that all my family phones go to my private network, lets say LAN, but all my IOT devices or guests phones want to go to IOT VLAN.
Hi I have vlan created on my switch core and it is this switch which does DHCP server how to add existant vlan on pfsense
Nice! Thanks for this video!
Ahh. I can save huge time If I saw this video years ago.
great video !
Thanks for this video man!
Thanks for watching!
How to set up the switch for clan is missing?
Why did you use 172.16.vlantag ??? at 06:56 . shouldn't you use 10.100.vlantag ??? Can I create a totally new ip there? and it will be the ip that will appear to the person? Thanks in advance
What?
@@TechMeOut5 I've just created the VLAN at pfsense, and at TP-link L2+ switch i attached to the vlan by mac address, did the ipconfig release and renew, showed the right address. But can't connect to the internet. I've copied your vlan ipv4 address, could this be the problem?
Hi your questiom is unclear and sadly, it looks like a far too elaborate topic to be troubleshooting with a comment on youtube video. With all willingness to help...
What is your setup in manage switch to used this setup
Thanks! Good video!
TOP NOTCH!
Thank you very much! Thanks for watching!
well done
אין מצב שאתה לא ישראלי חחח