Updated May 13, 2018: Configuration can be done completely within
the pfSense GUI
Objective:
Using VLANs and Trunking to provide subnet
192.168.10.0 tagged on interfaces em3 & em4
to trunked interfaces on switches.
Requirements:
Available Interfaces
em2 (OPT1), em3 (OPT2), em4 (OPT3)
3 subnets each on it's own router interface to its own switch
192.168.10.0 on em2 (VLAN10)
192.168.20.0 on em3 (VLAN20)
192.168.30.0 on em4 (VLAN30)
Note:
192.168.10.0 on em2 will be untagged
192.168.10.0 on em3 will be tagged
192.168.10.0 on em4 will be tagged
192.168.20.0 on em3 will be untagged
192.168.30.0 on em4 will be untagged
This was developed on pfSense
2.4.3-RELEASE (amd64)
built on Mon Mar 26 18:02:04 CDT 2018
FreeBSD 11.1-RELEASE-p7
(Click on screenshots to zoom, back buttion to return)
Configure Interfaces via pfSense GUI
Interfaces -> OPT1
Check Enable interface
IPv4 Configuration Type: IPv4
IPv4 Address: 192.168.10.1/24
Click Save
Interfaces -> OPT2
Check Enable interface
IPv4 Configuration Type: IPv4
IPv4 Address: 192.168.20.1/24
Click Save
Interfaces -> OPT3
Check Enable interface
IPv4 Configuration Type: IPv4
IPv4 Address: 192.168.30.1/24
Click Save
Click Apply Changes
Create VLANs via pfSense GUI
Interfaces -> Interface Assignments -> VLANs
Click Add
Parent Interface: em3
VLAN Tag: 10
VLAN Priority: <leave as is>
Description: vlan10
Click Save
Click Add
Parent Interface: em4
VLAN Tag: 10
VLAN Priority: <leave as is>
Description: vlan10
Click Save
Created VLANs
Interfaces -> Interface Assignments
Available network ports: From drop down box choose new em3 VLAN created
(Assuming OPT5)
Click Add
Interfaces -> Interface Assignments
Available network ports: From drop down box choose new em4 VLAN created
(Assuming OPT6)
Click Add
Click on Interface associated with em3 VLAN (Assuming OPT5)
Check Enable interface
Change Description: OPT5 to em310
Click Save
Click Apply Changes
Click on Interface associated with em4 VLAN
(Assuming OPT6)
Check Enable interface
Change Description: OPT5 to em410
Click Save
Click Apply Changes
Create Bridge via pfSense GUI
Interfaces -> Interface Assignments -> Bridges
Add
Member Interface: OPT1, em310, em410
Click Save
Note name of bridge created
Interfaces -> Interface Assignments
Available network ports: From drop down box choose new bridge created
(Assuming BRIDGE0)
Click Add
Click on Interface associated with bridge
(Assuming OPT7)
Check Enable interface
Change Description: OPT5 to BRIDGE0
Click Save
Click Apply Changes
VLAN and Bridge setup complete
Add firewall rules for BRIDGE0 via pfSense GUI
Firewall -> Rules
Add
Save
Apply Changes
(As needed)
That's it. Assuming your switches are set up and connected.
Switch interfaces configuration:
switch connected to em2: Access, VLAN10 untagged
switch connected to em3: Trunk, VLAN10 tagged, VLAN20 untagged
switch connected to em4: Trunk, VLAN10 tagged, VLAN30 untagged
These are 3 separate independent switches, do not connected
these 3 interfaces to the same switch or any combiantion of 2
of these interfaces to the same switch.
If anything was missed or there are questions, errors,or
discrepancies please email me at:
pfs (at) curtronics (dot) com
|
