pfSense VLAN question

A

amrogers3

Gawd
Joined
Nov 7, 2010
Messages
641
I have a pfsense box and I am going to set up VLANs. Going to connect pfSense to a switch.

switch.png


If device 1 talks to device 2 does any traffic go to the pfsense box or is it handled exclusively by the switch? I believe it is handled by the switch and not the pfSense box but I wanted to make sure.

The reason I am asking is because I would like to enable Snort on the pfSense box to monitor the LAN connection. However, I believe that if I do this, Snort will not catch any traffic going from VLAN 1 to VLAN 2 since I **think** that particular traffic will never reach the pfSense box.
 
In order to route between different network you either need a router(pfsense) or a Layer 3 switch.

more detail on what switch you have are needed ;)
 
That actually depends on how you do things. If pfSense is the gateway for each VLAN, then all traffic between VLANs goes through pfSense. The only way around that is to use a switch that supports inter-vlan routing. This means it's going to be a pretty expensive switch. I actual do this at home with a 3560G my employeer discarded when the PSU failed. $400 later for a replacement power supply and I have a 48+4SFP gig-e L3 switch, damn good deal :)
 
Xipher said:
That actually depends on how you do things. If pfSense is the gateway for each VLAN, then all traffic between VLANs goes through pfSense. The only way around that is to use a switch that supports inter-vlan routing. This means it's going to be a pretty expensive switch. I actual do this at home with a 3560G my employeer discarded when the PSU failed. $400 later for a replacement power supply and I have a 48+4SFP gig-e L3 switch, damn good deal :)
Click to expand...

Nice, but you should sell that bitch and use something more reasonable at home lol.

Other than that... Xipher's post is dead on. I use the first scenario at home on a procurve 1800, using the pfsense virtual interfaces as my gateways.
 
jbraband said:
same as aaronearles but with a Dell PowerConnect 2724.

here's a thread from couple weeks ago talking about setting up the vlan interfaces in pfSense: http://hardforum.com/showthread.php?t=1613226 if you need some help in that area.
Click to expand...

Thanks for that link :D

OK, I think I understand now. I do not have a layer 3 switch. I was going to use the Dell PowerConnect 2816

So therefore the pfSense box will act as the VLAN router? Traffic from VLAN 1 destined for VLAN2 will pass through pfSense box to get routed to VLAN2, correct?
 
Great now I can use the Snort that comes bundled with pfsense to monitor my internal LAN. YES!!
 
You must log in or register to reply here.
Back
Top