Wiki

User Tools

Site Tools

Trace:
pfsense:vlan_virtual_lan:set_up_a_vlan

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
pfsense:vlan_virtual_lan:set_up_a_vlan [2021/02/16 14:45] – [Setup an Interface for the VLAN] peterpfsense:vlan_virtual_lan:set_up_a_vlan [2021/02/16 14:58] (current) – [Block Access to LAN when on VLAN 20] peter
Line 183: Line 183:
  
 ===== Block Access to LAN when on VLAN 20 ===== ===== Block Access to LAN when on VLAN 20 =====
 +
 +Navigate to **Firewall -> Rules**
 +
 +  * Click on **VLAN20**:
 +  * Click the **Add** button (up arrow), so this needs to be the first rule in the list.
 +  * Action:  **Block**.
 +  * Interface: **VLAN20**.
 +  * Protocol: **Any**.
 +  * Source:
 +    * Source:  **VLAN20 net**.
 +  * Destination:  **LAN net**.
 +  * Description:  **VLAN 20 – cannot access LAN**.
 +  * Click **Save**.
 +  * Click **Apply Changes** at the top.
  
 <WRAP important> <WRAP important>
-**IMPORTANT NOTE:**  If you use an **unmanaged switch** this will not work as trying to restrict a client on VLAN 20 from accessing a device on the LAN doesn’t have anything to do with pfSense at that point.+**IMPORTANT NOTE:**  Trying to restrict a client on VLAN from accessing a device on the LAN will not work if used with an **unmanaged switch**.
  
-The unmanaged switch is “before” pfSense.  It has to do with only the switch and since it is unmanaged you have no way of preventing one device from getting to another due to how unmanaged switches work.  You need a managed switch for this.+  * An unmanaged switch just does not have the capability built into it to handle VLAN traffic. 
 +  * Trying to restrict a client on a VLAN from accessing a device on the LAN has nothing to do with pfSense at that point. 
 +  * A managed switch is needed for this.
  
-When we setup Wireless Access Points that have VLAN capabilities they have managed switches built into them.  We often use Ubiquiti Wireless Access Points.+This limitation does not necessarily apply to Wireless Access Points that have VLAN capabilities (such as Ubiquiti Wireless Access Points); as they have managed switches built into them.
 </WRAP> </WRAP>
- 
-  - **Click** on **Firewall -> Rules** 
-  - **Click** on **Opt1VLAN20** (link on the upper menu) 
-  - **Click** on the green **Add** button (up arrow), so this needs to be the first rule in the list. 
-  - Fill out this information below: 
-    - Edit Firewall Rule 
-      * Action: **Block** 
-      * Interface: **OPT1VLAN20** 
-      * Protocol: **Any** 
-    - Source 
-      * Source: **OPT1VLAN20 net** 
-      * Destination: **LAN net** 
-    - Extra Options 
-      * Description: **VLAN 20 – cannot access LAN** 
-  - **Click** on the blue **Save** button. 
-  - **Click** on the green **Apply Changes** button at the top. 
- 
- 
  
pfsense/vlan_virtual_lan/set_up_a_vlan.1613486743.txt.gz · Last modified: 2021/02/16 14:45 by peter
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki