Configuring VLANS with PFsense and Cisco switches

VLANs are segmented broadcast domain networks. VLANs allow network administrators to partition their networks to minimize the amount of broadcast packets, control security, and improve the quality of service. VLANs work on the standard IEEE 802.1Q; when running a network with VLANs the first 12 bits in the network frame will identify which subnet it belongs to.

In this guide, I will be demonstrating on how to configure VLANs with using PFsense 2.3.1 and a Cisco 3750 48 Port 10/100 switch.

Untitled Diagram copy

First things first.. Let’s identify our network adapters in PFsense.

Navigate to interfaces -> assign


As you can see here that I have 2 interfaces configured on my PFsense box. One called WAN which connects to my ISP and another interface called LAN that connects to a Cisco 3750 switch.

The first step is to remember the network port name or the mac address of your LAN network adapter.

Next, navigate to Interfaces -> assign -> VLANs and click on the Add button.


Parent Interface: LAN interface
VLAN Tag: 10 (or any 1 – 4,096)
VLAN Priority: keep 0 unless configured
Description: VLAN10

The second step, go back to the interfaces -> assign


Available network port: VLAN10

The third step, now we need to make a network segment for this interface.


Find your VLAN port and click on the interface name.


Enable Interface: Check
Description: VLAN10 ( KISS – Keep It Simple Stupid )
IPv4 Configuration Type: Static IPv4
Everything else is optional..
Static IPv4 Configuration
-IP4 Address: Define a subnet-
( /24 )

The fourth step, Setting up DHCP.
Navigate to Services -> DHCP Server
Select VLAN10 on top.


Enable DHCP server on VLAN10 interface: Check
Make a range ( – 250 )
(We need to spare some addresses off the scope for the VLAN management on the switch(es))
Everything else is optional..

The fifth step, Creating firewall rules.
Navigate to Firewall -> Rules
Select VLAN10 on top.
Click Add


Make sure all your settings are the same, click save, and apply.

OPTIONAL: Now it is a good time to go back and configure VLAN11 using 192.168.4.x

The sixth step, Configuring the switch.
Telnet into the switch

cont t

‘configure uplink as trunk port.
interface Gigabitethernet1/0/1
switchport trunk encapsulation dot1q
switchport mode trunk

‘define vlan10 on switch
interface vlan10
ip address x.x.x.251
ip helper-address x.x.x.1 or (

‘OPTIONAL: define vlan11 on switch
interface vlan11
ip address x.x.x.251
ip helper-address x.x.x.1 or (

‘configure switch ports
interface range fastethernet 1/0/1-24
switchport access vlan 10
switchport mode access

‘OPTIONAL: switch ports
interface range fastethernet 1/0/25-48
switchport access vlan 11
switchport mode access

‘save config
copy run start