The pfSense interface assignment page allows to create and manage multiple VLANs. Such VLANs can be associated to specific network cards and provide great flexibility to easily separate and isolate different traffic types. This article is part of the series dedicated to the pfSense install on a VMware based homelab. The pfSense firewall device acting on the Layer3 of the ISO/OSI network stack provides excellent features not just for routing and intra-vlan routing between separaet VLANs.
The concept and the amount of available options available in pfSense Web GUI might look intimidating on a first approach. Surely, the flexibility is also appreciated once the pfSense web interface become more familiar. On top of the existing configuration for the “physical” network cards, it is possible to add a virtual pfSense interface that will be used as VLANs. A sample of how these VLANs could be used in a VMware based homelab and other details are covered in this overview article.
Manage a pfSense Interface
From the main Web GUI and Interfaces section the page to configure pfSense interface assignments. By default this page will show the configured and active network cards. In the case of pfSense virtual router running on VMware, these will correspond to the actual virtual machine network cards or “VMware vNICs”. These essentially represent the “physical” interfaces for all ingress and egress of the traffic. The simplest configuration from this perspective would be to have at least 2 vNICs: one facing the internet or WAN link, the other managing the internal traffic on several VLANs. From a pfSense perspective this vNIC is facing the LAN link.
Moving next to the VLANs section, this page allows to add and manage multiple VLANs and their associations with the physical network cards.
Upon the creation of a VLAN in pfSense, the following details require an input:
- Parent Interface
This is physical interface that will be associated with the VLAN. As per example in this homelab this is the “LAN” interface identified from pfSense as “vmx1”.
- VLAN Tag
This is the VLAN-ID that needs to match the existing VLAN ID configuration for the VMware Port Gorups.
- VLAN Priority
Default value of “0” is fine.
- Description
This is not mandatory but highly recommended as it can help to quickly identify between several VLANs.
Upon creation and saving the VLAN configuration, it will now appear in the main VLANs section.
By repeating the previous steps for the other VLANs the result would look something similar to the one the screenshot. Essentially, once the VLANs are created, it is possible to create specific firewall rules which allow which traffic will be granted, blocked and even denied. The great thing is each VLAN will sit on it’s own logical network which is separated from other domain broadcasts. If required and by adding other network cards also the option to physically separate VLANs over several network cards. Isolation and segregation of the network traffic in a VMware homelab made easy.
For each one of the created VLANs, pfSense names them by using OPT (optional) and a number. Clicking on each one of them now the options for finer details.
For each VLAN in fact, pfSense allows to configure several details. First of all, enabling or disabling just that VLAN, a descriptive name and the network address including support for both IPv4 and IPv6.
A personal recommendation goes for a Static IP address just for the VLAN. Then if required it is also possible to enable DHCP services for hosts allocated in this VLAN.
For every change in the configuration page an “Apply Changes” button will appear.
At this point with a similar approach follows the configuration for the other pfSense VLAN interfaces.
The final result will might look something similar to this one. Still a great flexibility to accommodate several VLANs with even custom settings.
Add Comment