My most popular video! if you like videos like this and would like to see more please like and subscribe. It really encourages me to give it that extra effort and do better.
Setting up pfsense that way is actually pretty neat. I only need something for VLAN setup and routing, but I didn't want to replace my router for...reasons. I don't need a firewall either. The way you have shown is a concept most IT people seem to not understand, when it comes to pfsense being involved.
Best video with full step-by-step instructions. Thank you very much. I was able to setup my pfSense firewall router on a stick using a managed switch and VLANs. Without your help, I wouldn't be able to do it by myself. Thanks again.
@@ITVOIP What do you think about OPNsense?? pfSense 2.5 has a lot of issues and after looking at some of the reddit posts I am planning to switch to OPNsense.
Just wanted to say thanks. I had started a pfsense project using a NUC I had purchased for another project. Decided to give it a shot and realized that one gig port could be an issue. Some of the NUCs are lucky enough to get an add on card from a vender called GoRite. Bummer they don’t seem to make one for my older NUC. So I have a gig router I’m not using and have to admit I got a little excited. Rain forecasted for the weekend so the grass is out. Be in my shack if anyone is looking for me. Thanks again for the video.
Simple and to the point. Well Done. I have the same series switch and could follow along using an old Atom netbook for the PfSense box. Worked a treat.
This is so helpful, even 4 years later, as many people will be running into the issue of greater than 1Gbit Internet access and how to accept/distribute it without spending a fortune.
Thank you so much. I picked up that exact switch a little bit ago off ebay and I had a micro PC that I wasn't using any more that I wanted to turn into a pfsense router. I was going to just use a USB ethernet adapter but a lot of people said they get a lot of errors from them so I scrapped that idea. I banged my head against the wall for a while trying to set up the VLANs for this until I stumbled across your vids. Very easy to follow and I got things set up quickly. Liked and subbed. Keep up the good work!
Most people like Top from Lawrence and others show it with setting up with both wan and lan. But most of us as using it for homelab only have 1 port. This was especially useful. I only realized it after setting it up and getting into pfsense that we can use vlan to separate the port. This makes it so much clearer. LOL thanks!!!
Awesome video and got me much better in understanding VLAN capabilities. I used some old junk laptop for the PoC pfSense box and successfully did this with Netgear ProSafe, an older Ubiqiti ToughSwitch 8 and some super-old Dell switch. When trying to do this with new Unifi switch though, it definitely didn't appreciate having 2 connections to my dumb switch (one for WAN and this PoC and the other separate for other PC's plugged into the switch) and all with VLAN's assigned to the 3 ports. To be fair, when I just plugged in WAN, pfSense and a LAN computer with nothing else on the switch, it certainly worked. My guess is that RSTP or STP is messing with me when it comes to loop detection but even with them disabled, could not get the Unifi switch to stop tripping out. I guess back to the older/cheaper switches for PoC work like this.
Thank you. I've done this with a MiniPC T11 & a Netgear managed switch. Works a treat! I'm not too familiar with VLANs but managed to translate your settings to the Netgear ones. Been running for 3 weeks flawlessly.
Hi David would you mind to share which type of switch you are using? I have a layer 2 unmanaged switch it doesnt get an ip address. I'm looking to buy a small manage switch
Dude, I really wish you used a HP switch for this great tutorial. Trying to convert what you're doing in the CISCO config to HP is giving me a headache. I have an older single port Celeron powered NUC and a HP ProCurve 1810G-8 that I 'thought' would be fun to setup with pfsense.
it will work nice solution but, to prevent packet collisions from not having separate WAN LAN, in order to rx and tx simultaneously, on one port, it has to receive and store and send if its clear, or the Ethernet will work half the duplex for each network or even 1/4 duplex, since it has to handle 4 lanes, 2 lane WAN tx/rx, and 2 lane lLAN rx/tx, the NIC has still the same principle right. nice solution, but it cannot be a standard, or everyone should only buy a 4 port smart switch for a 8 port or even 16 port requirement. nice video
I actually bodged a second NIC into my Dell Optiplex using the internal mini-PCIe slot. I was planning on trying to modify the case to make the port external, but ended up just having a cat5e cable coming out of the hole for the wifi antenna (which I don't have) which is plugged into the nic inside the case. I didn't know about VLANs at the time. This way is probably easier, but my way is probably cheaper.
Where was this video when I was trying to figure this out? Great work! I was looking for a video like this about 2 years ago, asked for help in pfsense forums and got talked down to because I didn't understand how to set it up. Thank you for this video.
Just 3 days ago. Glad i could help. The pfsense forums are sometimes not very welcoming to certain types of questions. I think pfsense is great piece of software and everyone should be allowed to configure it the way they want if it solves their problem.
I was really wondering if I really needed to buy extra NICs or not. I've got a 10G nic and a 10G switch, there's probably not much need to buy anything else. Thanks for the video.
Thank you very much for sharing your knowledge. You have helped me tremendously. I just set up the router successfully following your instruction! Many thanks! :D
It's also worth nothing that, if you have a 1Gbit WAN connection or you plan on sharing files between seperate vlans, then you'll only be able to get 500Mbps out of it with this configuration, because upstream and downstream and both used at the same time and that hits the link speed max .
I'm pretty sure this is incorrect. 1 Gbit/s in full-duplex means that 1 Gbit/s can be sent and 1 Gbit/s can be received. In other words: a 1 Gbit/s port can handle 1 Gbit/s incoming & 1 Gbit/s outgoing traffic -> you will be okay. Only exception: you have a symetric 1 Gbit/s connection. Than you won't be able to fully saturate your connection in both directions at the same time.
I have the same hardware, but i use virtualization. So PC works as router, file server and there's a lot of ram and storage to act as lab for tests. Just Install VMware, Hyper-v or smth. and install pfsense as usual without vlans. Inside host create virtual ethernet adapters with vlan. That's it. Profit: you can backup whole VM, you can make snapshot before update, so you will never get failed router.
@@ITVOIP Even on fanless 4 watt Intel Celeron N2807 averages are: 0.72 0.42 0.36 It has MultiWan (summary ~70 Mbit/s), OpenVPN. Several PCs, mobiles and ip phones. Ip phones over vpn work flawlessly, That's mean there is no packet drops or smth other problems
Just one tip: use zfs instead of ufs. Pfsense sinse 2.4 has strange behavior in Hyper-v. It cannot save state correctly, so after host restart pfsense starts as after power failure. And once i got problems on UFS installation. ZFS is steady for unexpected "power off". VMs with pfsense 2.3/2.2 work on UFS without problems (due to correct state saving).
You can also use a standard soho router that is supported by openwrt and had vlan capable ethernet ports which luckily most of the router supports openwrt do.
thanks for the info. I I try to use what ever i have. If you have a combination of hardware that does the same thing please list it out for anyone else that might benefit.
Thanks. Very useful. I think you are not connecting pfsense PC directly to your ISP line, I mean there is another router or modem in between because your WAN IP is in the private IP range. I bought a used sg300-28 switch and tried your way it worked. However when I connected the pfsense PC directly to my ISP line, where I needed to enter some pppoe settings (ISP username & password), the vlan interface settings changed. So sad to use my USB to NIC again ! Thanks again for the knowledge
for ppoe setup you need to go to INTERFACES -> WAN switch the IPv4 configuration to PPPoE Now scroll down to the PPPoE configuration section and enter your USERNAME and PASSWORD and click the SAVE button at the bottom of the page. If you you see apply changes at the top of the page hit that as well.
Hi there , on your mini pc that you had setup as pfsense there was one lan and wifi card !! why you didn't use network card as WAN and wifi card as LAN?? ,so from network card you get internet from wifi card give internet to all your devices. then all your devices on your network can connect to your pfsense wirelessly and access to the internet, and you hadn't used vlan or use a switch ?????thankyou
2 is always better than 1. Easier to manage and more data you can route with 2 network cards. Some people want to use use these low powered single nic PC's - this gives them that option.
Very helpful video. Why did you created just one VLAN? I saw another tutorial that created two of them, one for WAN and the other for LAN. What is the difference between your setup and the one with 2 VLANs?
There are actually two vlans there. re0.10 = vlan 10 re0 = vlan 1 vlan 1 is usually applied a non configured switchport / default. So what ever you plug into any device will be on vlan1, unless configured otherwise.
Excellent tutorial, I don't need it (have SG-4860) but wanted to see and understand your configuration. if you spin up the "interface statistics" widget, do you seem many errors or collisions when the system is under high load?
it's always better to have a dedicated nic(port) for your lan and wan. If you want to use a micro PC as a router there no place to install a second nic(port). This method allows you to do that by configuring a small switch.
if your usb nics perfectly you should probably use those. the last set i tried were not reliable - i used the plugable brand - maybe it was the drivers. maybe they work better now. please try and let me know
Nice!!! Probably missed the part where the cable from WAN coming? Did you have your ISP modem as bridged opassing through the connection or coming from the wall to the port8 and through that straight to the pfsense?? - in which case you didnt configure pfsense with your ISP credentials so how come and you have internet? (Pf sense doesnt have ero touch configuration to auto setup itself) Am I missing something here?
WAN is on DHCP by default. WAN port was created as a vlan in the console mode section. you probably jumped directly into the GUI portion and missed this critical step. ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-z59_MWWPL-Q.html
I'm about to build a pfSense router using a HP mini PC with 1 NIC connected to a Cisco 3560 12p PoE switch. Can the pfSense WAN interface VLAN 10 be configured as a PPPoE connection? Excellent RU-vid vid also!
Hi there, if we have laptop and we want to use wireless instead of the rj45 cable to connect to the pfsense then what should we do? In this case you have 1 pc, 1 switch and connect your laptop with rj45 cable to the switch, my question is we want 2 more laptops connect to network by wireless? In this case what should we do?
after some days of researches i finally have found your video and gave me more hope of using a spare old laptop as a pfsense router, yes it has no aes-ni unfortunately but for my first try i wanted to try it this way, to not use an desktop instead (power usage). the question i've got is: after doing what you did i guess i can just put my crappy modem/router in bridge mode and stick it into the switch, and then configure pfsense to connect the internet after that right ? We still use old adsl over phone line here so i am obliged to go through the dlink 2750 in bridge mode. And i guess i can't use any switch for this to work, (no dumb switch i mean) or else i cannot configure it so that it works this way. Sorry if my question seems dumb but i'm really new to networking and to pfsense too ^^"
the switch you need will be either labeled a smart switch or managed switch. And it should say that it supports VLAN's. You normally have to login to some kind of GUI in order for this to be configured. if your switch does not have an ip address or web interface than probably not the right switch.
@@ITVOIP thanks you very much for your answer. since getting new hardware or alternative low power hardware here is very expensive, going the old hardware i have in my house seems to be the best solution for me, at least for now until i get something better with time, yes it's an old laptop but it's half the power draw from the wall than the lga 775 cpus and mobos i have. ( monthly payment for is 140€ really so yeah ......) all i wanna do i create a small home network on our new house so that i can monitor it and manage the bandwidth that each user can use at max, (4mbps or maybe 8 in the future) that would hurt if someone just use it all. and there's no way a 10/100 ethernet port can bottleneck the internet too. i will experiment with the "add-on" we can install on pfsense too but i know that i'm limited by the old dual core it has. only two or three devices will use ethernet, the rest of the users are the multiples wifi devices (will try to hook up an access point for those ) i'm thinking something like this if i can manage to get a smart switch with how you explained it laptop router ----------------------> switch with bridged modem
Hi , why you didn't use network card as WAN and wifi card as LAN , setup DHCP server on PFsense to give IP address to all devices , then from network card set as WAN get internet from Wifi card that set as lan give internet to your wireless devices without using vlan and switch to anything else ? why you didn't make your mini PC as pfsense and DHCP server and WiFi Access Point , ???thnx
not the point of video. this was to show how to use a single network port. but even if you wanted to use it that way its not possible - doesn't recognize the wlan card. you can use usb dongles and other wlan cards if you wanted to use it like another pfsense pc setup.
The only thing i can add is if it is supported by freebsd drivers it should work. I didn't do anything outside of the video to make this setup work. There are times when certain hardware (network card or switch) that advertise supported features are still not compatible under certain operating systems. So going by 802.1q alone i can't say that every card that has this feature will work. Best is to try.
Any advice for running Pfsense on Proxmox? I cannot seem to get this setup going, and I suspect its down to not having the host or vm networking set up correctly. I lose access to Proxmox (and thus pfsense running in a VM) when I try.
Great awesome video. I have tried puting a vlan on both lan and wan just our of curiosity and that does not work. Does anyone have a clue as to why this failed?
I tried this with a cisco sg200-08 and a old Gateway laptop and never could get the WAN...got 0.0.0.0. I was wondering if the NIC has to be gigabit...I'm not sure what that laptop's capability is. I have Suddenlink cable internet if that helps.
@@ITVOIP Well I assumed the Gateway nic was working on some level with vlans. There would have to be some bi-directional abilities going on here. I've had the trunk port hooked up to the switch and was getting connectivity to the lan leading to my other computer to get the web ui up and running. I wasn't sure if there maybe was some limits to what the NIC could actually handle. Same switch works fine on my main pfsense box with vlans. I just wanted to try this for fun mainly. One thing in your video about the switch that's different from my setup is the other ports 2-7 you left as default Trunk where as mine are all Access allow all untagged. I can't imagine that would matter though.
Hi there, with this configuration all devices must connect with lan port i mean rj45 to the switch? If yes, how we connect mobile or laptops thought wireless to the network?? With this configuration is it possible wirelessly devices connect to pfsense??
@@ITVOIP thank you for your quick reply, for example i have lenovo tiny model and i want to use as pfsense firewall, my lenovo pc mini only has 1 rj45 lan port, and 1 wifi port, my question is how can i configure this things that wireless devices can connect to pfsense firewall like mobile and laptop wirelessly ? Please help me
