Configuring VLANS with PFsense and Cisco switches

VLANs are segmented broadcast domain networks. VLANs allow network administrators to partition their networks to minimize the amount of broadcast packets, control security, and improve the quality of service. VLANs work on the standard IEEE 802.1Q; when running a network with VLANs the first 12 bits in the network frame will identify which subnet it belongs to.

In this guide, I will be demonstrating on how to configure VLANs with using PFsense 2.3.1 and a Cisco 3750 48 Port 10/100 switch.

Untitled Diagram copy

First things first.. Let’s identify our network adapters in PFsense.

Navigate to interfaces -> assign

ss1

As you can see here that I have 2 interfaces configured on my PFsense box. One called WAN which connects to my ISP and another interface called LAN that connects to a Cisco 3750 switch.

The first step is to remember the network port name or the mac address of your LAN network adapter.

Next, navigate to Interfaces -> assign -> VLANs and click on the Add button.

ss2

Parent Interface: LAN interface
VLAN Tag: 10 (or any 1 – 4,096)
VLAN Priority: keep 0 unless configured
Description: VLAN10
Save

The second step, go back to the interfaces -> assign

ss3

Available network port: VLAN10
Add
Save

The third step, now we need to make a network segment for this interface.

ss4

Find your VLAN port and click on the interface name.

ss5

Enable Interface: Check
Description: VLAN10 ( KISS – Keep It Simple Stupid )
IPv4 Configuration Type: Static IPv4
Everything else is optional..
Static IPv4 Configuration
-IP4 Address: Define a subnet-
( 192.168.3.1 /24 )

The fourth step, Setting up DHCP.
Navigate to Services -> DHCP Server
Select VLAN10 on top.

ss6

Enable DHCP server on VLAN10 interface: Check
Make a range ( 192.168.3.100 – 250 )
(We need to spare some addresses off the scope for the VLAN management on the switch(es))
Everything else is optional..
Save

The fifth step, Creating firewall rules.
Navigate to Firewall -> Rules
Select VLAN10 on top.
Click Add

ss7

Make sure all your settings are the same, click save, and apply.

OPTIONAL: Now it is a good time to go back and configure VLAN11 using 192.168.4.x

The sixth step, Configuring the switch.
Telnet into the switch

enable
cont t

‘configure uplink as trunk port.
interface Gigabitethernet1/0/1
switchport trunk encapsulation dot1q
switchport mode trunk
exit

‘define vlan10 on switch
interface vlan10
ip address x.x.x.251 255.255.255.0
ip helper-address x.x.x.1 or (192.168.3.1)
exit

‘OPTIONAL: define vlan11 on switch
interface vlan11
ip address x.x.x.251 255.255.255.0
ip helper-address x.x.x.1 or (192.168.4.1)
exit

‘configure switch ports
interface range fastethernet 1/0/1-24
switchport access vlan 10
switchport mode access
exit

‘OPTIONAL: switch ports
interface range fastethernet 1/0/25-48
switchport access vlan 11
switchport mode access
exit

‘save config
copy run start
DONE