Skip to main content

1100 Switch 802.1Q VLAN Configuration Instructions

Introduction

This manual provides step-by-step instructions for configuring VLANs on a pfSense device, specifically focusing on the requirements for tagging ports based on the type of connected device. Follow these instructions to ensure proper VLAN configuration for smart switches and direct-connected devices like laptops.

Table of Contents

  1. Overview
  2. VLAN Tagging Requirements
  3. Configuring Tagged Ports
  4. Configuring Untagged Ports
  5. Example Scenarios
  6. Frequently Asked Questions (FAQs)
  7. Summary

1. Overview

VLANs (Virtual Local Area Networks) allow network segmentation to enhance security and manage traffic efficiently. Proper configuration of VLAN tags is crucial for ensuring devices communicate correctly within the VLANs.

2. VLAN Tagging Requirements

  • Tagged Ports: Required when connecting a smart switch to the port. This allows the switch to send and receive traffic with VLAN tags.
  • Untagged Ports: Used when directly connecting devices like laptops, which do not handle VLAN tags.

3. Configuring Tagged Ports

Step-by-Step Instructions:

  1. Access VLAN Settings:

    • Log in to your pfSense dashboard.
    • Navigate to Interfaces > Assignments > VLANs.

  2. Add/Edit VLAN:

    • Click on Add to create a new VLAN or Edit an existing VLAN.
    • Set the VLAN Tag to the desired value (e.g., 20 for Guest network).

  3. Configure Ports:

    • In the Members section, list the port numbers that should be tagged.
    • For a smart switch connected to port 2:
    • VLAN Tag: 20
      Members: 0t, 2t
      Description: Guest

  4. Save Configuration:

      • Click Save and apply changes.

    Example:

    • VLAN Tag: 20
    • Ports: 0t (if needed for trunk), 2t (connected to smart switch)
    • Description: Guest Network

    4. Configuring Untagged Ports

    Step-by-Step Instructions:

    1. Access VLAN Settings:

      • Log in to your pfSense dashboard.
      • Navigate to Interfaces > Assignments > VLANs.

    2. Add/Edit VLAN:

      • Click on Add to create a new VLAN or Edit an existing VLAN.
      • Set the VLAN Tag to the desired value (e.g., 10 for IoT devices).

    3. Configure Ports:

      • In the Members section, list the port numbers that should be untagged.
      • VLAN Tag: 10
        Members: 1
        Description: IoT

         

      • Save Configuration:

          • Click Save and apply changes.

        Example:

        • VLAN Tag: 10
        • Ports: 1 (connected to laptop)
        • Description: IoT Devices

        5. Example Scenarios

        Scenario 1: Smart Switch Connection

        Configuration:

        • VLAN Tag: 20
        • Ports: 0t, 2t
        • Description: Guest Network

        Explanation:

        • Port 2 is tagged for VLAN 20 to handle traffic from the smart switch.
        • Port 0 is also tagged if it is part of a trunk link.

        Scenario 2: Direct Laptop Connection

        Configuration:

        • VLAN Tag: 10
        • Ports: 1 (untagged)
        • Description: IoT Devices

        Explanation:

        • Port 1 is untagged for VLAN 10 to connect a laptop directly, which does not handle VLAN tags.

        6. Frequently Asked Questions (FAQs)

        Q1: Is it fine to leave a port configured as 0t,1,2t if only port 2 is connected to the smart switch?

        A1: Yes, it is fine, but there are some considerations:

        • Flexibility: Keeping multiple ports configured can provide flexibility for future changes.
        • Security: Ensure proper documentation and security measures to prevent unauthorized access.
        • Management: Simplifying configurations to only necessary ports can reduce complexity.

        Q2: What are the pros and cons of keeping multiple ports tagged for the same VLAN?

        A2: Pros:

        • Redundancy: Provides backup options in case of port failure.
        • Flexibility: Easier to reconfigure network devices.
        • Testing: Useful for network diagnostics and testing.

        Cons:

        • Potential Misuse: Unauthorized devices might connect to these ports.
        • Management Complexity: More ports increase configuration and troubleshooting complexity.

        Q3: Why would we keep port 1 as a member of VLAN 20 if our smart switch is connected to port 2?

        A3:

        • Redundancy: In case port 2 fails, port 1 can serve as a backup.
        • Additional Access Points: Provides another connection point for VLAN 20 devices.
        • Testing and Troubleshooting: Facilitates direct testing of VLAN 20 traffic.
        • Segmented Traffic: Allows specific devices to connect directly to VLAN 20 for dedicated purposes.

        7. Summary

        • Tagged Ports: Necessary for smart switches to handle multiple VLANs.
        • Untagged Ports: Suitable for devices like laptops that do not manage VLAN tags.

        By following these guidelines and FAQs, you can ensure your pfSense device is configured correctly for both tagged and untagged ports, providing efficient network segmentation and communication.

        This manual provides a structured approach to VLAN configuration, ensuring that network devices communicate correctly within their assigned VLANs based on their capabilities.

No Comments
Back to top