Complete guide for configuring VLANs in pfSense, supporting both static and DHCP configurations.
Path: System > Advanced > Admin Access
Required Steps:
- Enable Secure Shell
- Change SSH Port from default 22
- Configure SSH Key Authentication (recommended)
- Restrict SSH access to specific IPs
Example Configuration:
SSH Port: 2222 (or another non-standard port)
SSH Key Authentication: Enable
Password Authentication: Disable (if using keys)
Path: System > Advanced > Admin Access
Configuration Steps:
- Enable HTTPS for WebConfigurator
- Generate/Import SSL Certificate
- Configure HTTP Redirect to HTTPS
- Set HTTPS Port (default 443)
Security Recommendations:
TLS Version: 1.2 and 1.3 only
Strong Ciphers: Enable
HSTS: Enable
HTTP Redirect: Enable
Path: Interfaces > WAN
Block Private Networks:
- Navigate to WAN interface
- Enable "Block private networks"
- Enable "Block bogon networks"
Why Important:
- Prevents RFC1918 traffic from entering your network
- Blocks known-bad IP ranges
- Reduces attack surface
Path: System > General Setup
DNS Server Setup:
- Configure primary DNS servers
- Uncheck "Allow DNS server list to be overridden by DHCP/PPP on WAN"
- Set DNS Server Override options
Example Configuration:
DNS Servers:
1.1.1.1 (Cloudflare)
8.8.8.8 (Google)
Uncheck: Allow Override by ISP
Enable: DNS Resolution
Benefits:
- Prevents ISP DNS hijacking
- Maintains consistent DNS resolution
- Improves privacy and security
VLAN Configuration
# Quick command sequence
1. Web UI > Interfaces > VLANs > Add
2. Setup VLAN ID and Interface
3. Assign IP/DHCP
4. Configure Firewall RulesBefore starting, ensure you have:
- pfSense installed and updated
- 802.1Q VLAN compatible switch
- Administrator access to pfSense
- Current configuration backup
Path: Interfaces > Assignments > VLANs > Add
Required Parameters:
- Parent Interface:
igb0/em0 - VLAN Tag:
1-4094 - Description:
VLAN_Name
IPv4 Configuration:
- Type: Static
- IPv4 Address: 192.168.10.1
- Subnet mask: 24
- Useful link
- https://www.youtube.com/watch?v=NihE2u3zBlw (configuration of VLANS in Pfsense)
- https://youtu.be/BbRIEKuFeT8?si=onIIuPrNY6yh-K-w (VLAN Base)
- https://youtu.be/4LKbvYdCC1I?si=bUjohgq9ziKPbiR- (VLAN Trunking)
- https://www.youtube.com/watch?v=jkva3hbJXZE (VLAN routing)
IPv4 Configuration:
- Type: DHCP
- [Automatic configuration]
Basic rules example:
Action Source Destination Port Description
ALLOW VLAN_net ANY * Allow outbound
ALLOW ANY VLAN_net TCP/80 Allow HTTP
BLOCK * * * Block all else
Path: Services > DHCP Server > [VLAN interface]
Range: 192.168.10.100 - 192.168.10.200
Subnet: 255.255.255.0
Gateway: [VLAN Interface IP]
- Verify VLAN interface status
- Test DHCP assignment (if configured)
- Check internal VLAN connectivity
- Verify internet access (if configured)
- Review system logs for errors
| Issue | Solution |
|---|---|
| No DHCP Lease | Check DHCP service status |
| No Connectivity | Verify VLAN tag configuration |
| Switch Errors | Check port configurations |
| Routing Issues | Verify interface gateway settings |
# Check interface status
ifconfig vlan10
# Verify DHCP leases
dhcpd -T
# Test connectivity
ping -c 3 192.168.10.1
# View VLAN traffic
tcpdump -i vlan10- Use consistent naming conventions
- Implement change control procedures
- Regular configuration backups
- Test before production deployment