Wiki

User Tools

Site Tools

Trace:
pfsense:vlan_virtual_lan:set_up_a_vlan

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
pfsense:vlan_virtual_lan:set_up_a_vlan [2021/02/16 14:43] – [Setup an Interface for the VLAN] peterpfsense:vlan_virtual_lan:set_up_a_vlan [2021/02/16 14:58] (current) – [Block Access to LAN when on VLAN 20] peter
Line 33: Line 33:
  
   * Click **Add**.   * Click **Add**.
-  * Click** **Save**.+  * Click **Save**.
  
 Click the interface link for **OPT1**. Click the interface link for **OPT1**.
Line 57: Line 57:
   * It has a VLAN ID of 20.   * It has a VLAN ID of 20.
   * It has an IP address of 192.168.20.1.   * It has an IP address of 192.168.20.1.
-    * This IP address is simply used for convenience, and makes it easier to remember which IP range is associated with which VLAN. +    * Notice that the IP Address and VLAN ID both have a **20**. 
-    * However just because the VLAN ID is 20 does NOT mean that the IP also has to have a **20** in it.+    * This is simply used for convenience, and makes it easier to remember which IP range is associated with which VLAN. 
 +    * However just because the VLAN ID is 20 does NOT mean that the IP also has to have a **20** in it.  The IP can be any internal IP.
  
 </WRAP> </WRAP>
Line 183: Line 184:
 ===== Block Access to LAN when on VLAN 20 ===== ===== Block Access to LAN when on VLAN 20 =====
  
-<WRAP important> +Navigate to **Firewall -> Rules**
-**IMPORTANT NOTE:**  If you use an **unmanaged switch** this will not work as trying to restrict a client on VLAN 20 from accessing a device on the LAN doesn’t have anything to do with pfSense at that point.+
  
-The unmanaged switch is “before” pfSense.  It has to do with only the switch and since it is unmanaged you have no way of preventing one device from getting to another due to how unmanaged switches work.  You need a managed switch for this.+  * Click on **VLAN20**: 
 +  * Click the **Add** button (up arrow), so this needs to be the first rule in the list. 
 +  * Action:  **Block**. 
 +  * Interface: **VLAN20**. 
 +  * Protocol: **Any**. 
 +  * Source: 
 +    * Source:  **VLAN20 net**. 
 +  * Destination:  **LAN net**. 
 +  * Description:  **VLAN 20 – cannot access LAN**. 
 +  * Click **Save**. 
 +  * Click **Apply Changes** at the top.
  
-When we setup Wireless Access Points that have VLAN capabilities they have managed switches built into them.  We often use Ubiquiti Wireless Access Points. +<WRAP important
-</WRAP> +**IMPORTANT NOTE:**  Trying to restrict a client on a VLAN from accessing a device on the LAN will not work if used with an **unmanaged switch**.
- +
-  - **Click** on **Firewall -> Rules** +
-  - **Click** on **Opt1VLAN20** (link on the upper menu) +
-  - **Click** on the green **Add** button (up arrow), so this needs to be the first rule in the list. +
-  - Fill out this information below: +
-    - Edit Firewall Rule +
-      * Action: **Block** +
-      * Interface: **OPT1VLAN20** +
-      * Protocol: **Any** +
-    - Source +
-      * Source: **OPT1VLAN20 net** +
-      * Destination: **LAN net** +
-    - Extra Options +
-      Description: **VLAN 20 – cannot access LAN** +
-  - **Click** on the blue **Save** button. +
-  - **Click** on the green **Apply Changes** button at the top.+
  
 +  * An unmanaged switch just does not have the capability built into it to handle VLAN traffic.
 +  * Trying to restrict a client on a VLAN from accessing a device on the LAN has nothing to do with pfSense at that point.
 +  * A managed switch is needed for this.
  
 +This limitation does not necessarily apply to Wireless Access Points that have VLAN capabilities (such as Ubiquiti Wireless Access Points); as they have managed switches built into them.
 +</WRAP>
  
pfsense/vlan_virtual_lan/set_up_a_vlan.1613486623.txt.gz · Last modified: 2021/02/16 14:43 by peter
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki