My most popular video! if you like videos like this and would like to see more please like and subscribe. It really encourages me to give it that extra effort and do better.
Awesome video. Thanks so much. This helps a ton for someone like me still just getting started with VLANs. I didn’t think doing something like this was possible, but makes a ton of sense and opens a lot more possibilities with single port micro PCs!
especially those ultra-small form factor units like a Dell Optiplex 9020! i5-4590S processor, 4gb Ram, throw in a small SSD and you have a beast of a router for about $200 max and extremely compact and reliable and I daresay being a corporate device it might just outlast those aliexpress units. If your upload + download speeds on the WAN link is less than 1Gbps you're all good to go in terms of not having this setup bottleneck your Internet bandwidth. those multiport units in aliexpress can be overpriced for what they offer vs the performance of the CPU.
Simple and to the point. Well Done. I have the same series switch and could follow along using an old Atom netbook for the PfSense box. Worked a treat.
Awesome video and got me much better in understanding VLAN capabilities. I used some old junk laptop for the PoC pfSense box and successfully did this with Netgear ProSafe, an older Ubiqiti ToughSwitch 8 and some super-old Dell switch. When trying to do this with new Unifi switch though, it definitely didn't appreciate having 2 connections to my dumb switch (one for WAN and this PoC and the other separate for other PC's plugged into the switch) and all with VLAN's assigned to the 3 ports. To be fair, when I just plugged in WAN, pfSense and a LAN computer with nothing else on the switch, it certainly worked. My guess is that RSTP or STP is messing with me when it comes to loop detection but even with them disabled, could not get the Unifi switch to stop tripping out. I guess back to the older/cheaper switches for PoC work like this.
Where was this video when I was trying to figure this out? Great work! I was looking for a video like this about 2 years ago, asked for help in pfsense forums and got talked down to because I didn't understand how to set it up. Thank you for this video.
Just 3 days ago. Glad i could help. The pfsense forums are sometimes not very welcoming to certain types of questions. I think pfsense is great piece of software and everyone should be allowed to configure it the way they want if it solves their problem.
Very helpful video. Why did you created just one VLAN? I saw another tutorial that created two of them, one for WAN and the other for LAN. What is the difference between your setup and the one with 2 VLANs?
There are actually two vlans there. re0.10 = vlan 10 re0 = vlan 1 vlan 1 is usually applied a non configured switchport / default. So what ever you plug into any device will be on vlan1, unless configured otherwise.
Just wanted to say thanks. I had started a pfsense project using a NUC I had purchased for another project. Decided to give it a shot and realized that one gig port could be an issue. Some of the NUCs are lucky enough to get an add on card from a vender called GoRite. Bummer they don’t seem to make one for my older NUC. So I have a gig router I’m not using and have to admit I got a little excited. Rain forecasted for the weekend so the grass is out. Be in my shack if anyone is looking for me. Thanks again for the video.
Thank you. I've done this with a MiniPC T11 & a Netgear managed switch. Works a treat! I'm not too familiar with VLANs but managed to translate your settings to the Netgear ones. Been running for 3 weeks flawlessly.
Hi David would you mind to share which type of switch you are using? I have a layer 2 unmanaged switch it doesnt get an ip address. I'm looking to buy a small manage switch
Thank you very much for sharing your knowledge. You have helped me tremendously. I just set up the router successfully following your instruction! Many thanks! :D
Best video with full step-by-step instructions. Thank you very much. I was able to setup my pfSense firewall router on a stick using a managed switch and VLANs. Without your help, I wouldn't be able to do it by myself. Thanks again.
@Mr. Nick's Hardware & Food What do you think about OPNsense?? pfSense 2.5 has a lot of issues and after looking at some of the reddit posts I am planning to switch to OPNsense.
Excellent tutorial, I don't need it (have SG-4860) but wanted to see and understand your configuration. if you spin up the "interface statistics" widget, do you seem many errors or collisions when the system is under high load?
Nick's Hardware -- Excellent job. You have resolved my issue. @ my location, its difficult to find the Atom / Celeron motherboard with 2 onboard lan interfaces or with additional pci slot. For me its a great great help. I have couple of queries though. 1. I have Dual Core Celeron PC with 1 Gbps Ethernet port. Wan speed is about 50 Mbps and there are 15 PC on Lan side. With the configuration you have suggested will it hamper the speed of the network ? 2. I have spare TP-LINK TL-SG108E 8-Port Gigabit Easy Smart Switch with 8 10/100/1000 Mbps RJ45 Ports ( Costed me $40) . Can I use this switch instead of Cisco which is bit costly? 3. Can I configure additional vlan on single interface on PFsense side + on smart switch so that I can create additional network ( DMZ for server + vlan for accounts dept ) Regards and nice to see such excellent video . Keep it up !!!
1. yes it will work. since your WAN speed is 50M and WAN/LAN Interface will be 1G it should not affect performance. You should test the final configuration. 2. Technically that switch should work. it does support VLANS. I have not tested though. 3.Yes - you can configure as many vlans as you have ports on your switch (minus one) . You can even add additional switches to each access port to expand the network. And that would affect performance. Always test!
Thank you so much. I picked up that exact switch a little bit ago off ebay and I had a micro PC that I wasn't using any more that I wanted to turn into a pfsense router. I was going to just use a USB ethernet adapter but a lot of people said they get a lot of errors from them so I scrapped that idea. I banged my head against the wall for a while trying to set up the VLANs for this until I stumbled across your vids. Very easy to follow and I got things set up quickly. Liked and subbed. Keep up the good work!
You can also use a standard soho router that is supported by openwrt and had vlan capable ethernet ports which luckily most of the router supports openwrt do.
thanks for the info. I I try to use what ever i have. If you have a combination of hardware that does the same thing please list it out for anyone else that might benefit.
Setting up pfsense that way is actually pretty neat. I only need something for VLAN setup and routing, but I didn't want to replace my router for...reasons. I don't need a firewall either. The way you have shown is a concept most IT people seem to not understand, when it comes to pfsense being involved.
2 is always better than 1. Easier to manage and more data you can route with 2 network cards. Some people want to use use these low powered single nic PC's - this gives them that option.
I actually bodged a second NIC into my Dell Optiplex using the internal mini-PCIe slot. I was planning on trying to modify the case to make the port external, but ended up just having a cat5e cable coming out of the hole for the wifi antenna (which I don't have) which is plugged into the nic inside the case. I didn't know about VLANs at the time. This way is probably easier, but my way is probably cheaper.
It's also worth nothing that, if you have a 1Gbit WAN connection or you plan on sharing files between seperate vlans, then you'll only be able to get 500Mbps out of it with this configuration, because upstream and downstream and both used at the same time and that hits the link speed max .
I'm pretty sure this is incorrect. 1 Gbit/s in full-duplex means that 1 Gbit/s can be sent and 1 Gbit/s can be received. In other words: a 1 Gbit/s port can handle 1 Gbit/s incoming & 1 Gbit/s outgoing traffic -> you will be okay. Only exception: you have a symetric 1 Gbit/s connection. Than you won't be able to fully saturate your connection in both directions at the same time.
Hi, thanks for your videos. Is it better to use USB Nics or VLANs? I will use: LAN, ISP1 (100mbps), ISP1 (80mbps). Please let me know if possible the best configuration for my PFsense router with i5 8gb ram SSD. Thanks and continue these videos. Subscribed. Thanks,
@Mr. Nick's Hardware & Food so the best would be to stick with my one LAN with Vlans. What about USB nic failover? Is it possible? Could you please do a video on it? Would be amazing. Thanks,
the usb nics seem to fail/freeze over time. I would go with vlans if I had to choose between those options. And 100Mbs should be fine as long as your network ports are gigabit.
this is clever. plus you can use that dell's wifi (i'm guessing that's a wifi antenna port at the back) as an AP and will make it a solid setup. definitely be doing this kind of rig.
@Zeus Uki Wifi NICs are not suited for use as an AP but if you have an old wireless router sitting around most likely it can be used in AP mode. In the past I've used an Archer C9 and Asus RT-AC68U and they worked well.
after some days of researches i finally have found your video and gave me more hope of using a spare old laptop as a pfsense router, yes it has no aes-ni unfortunately but for my first try i wanted to try it this way, to not use an desktop instead (power usage). the question i've got is: after doing what you did i guess i can just put my crappy modem/router in bridge mode and stick it into the switch, and then configure pfsense to connect the internet after that right ? We still use old adsl over phone line here so i am obliged to go through the dlink 2750 in bridge mode. And i guess i can't use any switch for this to work, (no dumb switch i mean) or else i cannot configure it so that it works this way. Sorry if my question seems dumb but i'm really new to networking and to pfsense too ^^"
@Mr. Nick's Hardware & Food thanks you very much for your answer. since getting new hardware or alternative low power hardware here is very expensive, going the old hardware i have in my house seems to be the best solution for me, at least for now until i get something better with time, yes it's an old laptop but it's half the power draw from the wall than the lga 775 cpus and mobos i have. ( monthly payment for is 140€ really so yeah ......) all i wanna do i create a small home network on our new house so that i can monitor it and manage the bandwidth that each user can use at max, (4mbps or maybe 8 in the future) that would hurt if someone just use it all. and there's no way a 10/100 ethernet port can bottleneck the internet too. i will experiment with the "add-on" we can install on pfsense too but i know that i'm limited by the old dual core it has. only two or three devices will use ethernet, the rest of the users are the multiples wifi devices (will try to hook up an access point for those ) i'm thinking something like this if i can manage to get a smart switch with how you explained it laptop router ----------------------> switch with bridged modem
the switch you need will be either labeled a smart switch or managed switch. And it should say that it supports VLAN's. You normally have to login to some kind of GUI in order for this to be configured. if your switch does not have an ip address or web interface than probably not the right switch.
Is there any performance loss? i.e. I have gigabit ethernet, would your setup make it single duplex? or only 500mbps? Could you put a PC on the wan side and run a throughput test and see if you get full gigabit? Thanks!
I can add this to my list of things to check...but yes there is a performance hit. if your internet (not ethernet) speed is more than 500Mb this setup is not good.
Thanks. Very useful. I think you are not connecting pfsense PC directly to your ISP line, I mean there is another router or modem in between because your WAN IP is in the private IP range. I bought a used sg300-28 switch and tried your way it worked. However when I connected the pfsense PC directly to my ISP line, where I needed to enter some pppoe settings (ISP username & password), the vlan interface settings changed. So sad to use my USB to NIC again ! Thanks again for the knowledge
for ppoe setup you need to go to INTERFACES -> WAN switch the IPv4 configuration to PPPoE Now scroll down to the PPPoE configuration section and enter your USERNAME and PASSWORD and click the SAVE button at the bottom of the page. If you you see apply changes at the top of the page hit that as well.
Great video!!, I'm looking a way to virtualize pfsense on a synology NAS that has 4x 1gb ports , my goal is to simply connect the modem to one of the ports and my unify AP to another one using the remaining ports as a switch.. do you know if it's possible on DSM?
@Mr. Nick's Hardware & Food Just received this message from Synology You can assign specific NICs to be used for VM networks but this does not dedicate the NIC to only being used by VMs: www.synology.com/en-us/knowledgebase/DSM/help/Virtualization/network
Most people like Top from Lawrence and others show it with setting up with both wan and lan. But most of us as using it for homelab only have 1 port. This was especially useful. I only realized it after setting it up and getting into pfsense that we can use vlan to separate the port. This makes it so much clearer. LOL thanks!!!
Nick, unfortunately couldn't get this running on my Netgear Prosafe GST108, but... for fun tried your dual USB 3.0 gigabit adapters on my 4th gen i3NUC, worked but wasn't too stable, just got in my Cisco SG-200, and OMG... Running like a champ!!! Thank you SO MUCH for these tutorials, appreciate your work, time and effort u put in to these for enthusiasts / tinkerers like myself. Speeds from wired and wireless APs (WiFi6 / ax) running circles around my recently purchased Ubiquiti USG. If u have a Patreon, etc, please direct me to that. Thanks again!!!
I have the same hardware, but i use virtualization. So PC works as router, file server and there's a lot of ram and storage to act as lab for tests. Just Install VMware, Hyper-v or smth. and install pfsense as usual without vlans. Inside host create virtual ethernet adapters with vlan. That's it. Profit: you can backup whole VM, you can make snapshot before update, so you will never get failed router.
Just one tip: use zfs instead of ufs. Pfsense sinse 2.4 has strange behavior in Hyper-v. It cannot save state correctly, so after host restart pfsense starts as after power failure. And once i got problems on UFS installation. ZFS is steady for unexpected "power off". VMs with pfsense 2.3/2.2 work on UFS without problems (due to correct state saving).
@Mr. Nick's Hardware & Food Even on fanless 4 watt Intel Celeron N2807 averages are: 0.72 0.42 0.36 It has MultiWan (summary ~70 Mbit/s), OpenVPN. Several PCs, mobiles and ip phones. Ip phones over vpn work flawlessly, That's mean there is no packet drops or smth other problems
Dude, I really wish you used a HP switch for this great tutorial. Trying to convert what you're doing in the CISCO config to HP is giving me a headache. I have an older single port Celeron powered NUC and a HP ProCurve 1810G-8 that I 'thought' would be fun to setup with pfsense.
Any advice for running Pfsense on Proxmox? I cannot seem to get this setup going, and I suspect its down to not having the host or vm networking set up correctly. I lose access to Proxmox (and thus pfsense running in a VM) when I try.
Does the WAN need any configuring or firewall rules set with this 1-port setup? Or, is pfSense set to its default - block any into WAN/allow any out from LAN - like it is on a 2-port setup? Thank you.
Once the Vlans are created, LAN & WAN interfaces are assigned. PFSense will treat the interfaces exactly as if they are hardware ports just like a 2 or more port setup. No other special configuration needed.
it's always better to have a dedicated nic(port) for your lan and wan. If you want to use a micro PC as a router there no place to install a second nic(port). This method allows you to do that by configuring a small switch.
I was really wondering if I really needed to buy extra NICs or not. I've got a 10G nic and a 10G switch, there's probably not much need to buy anything else. Thanks for the video.
Hi there, if we have laptop and we want to use wireless instead of the rj45 cable to connect to the pfsense then what should we do? In this case you have 1 pc, 1 switch and connect your laptop with rj45 cable to the switch, my question is we want 2 more laptops connect to network by wireless? In this case what should we do?
I was looking for this thanks. My situation though I have those ISP provided (sagemcom fast 5250 ) wireless router/modem combo. I have FTTN 50/10 mbps connection DSL to modem; PFsense will be Dell inspiron 530 (1 nic). It will just be those 2 devices for now. PFsense box and ISP box, will this work? I want the ports on the ISP box to still work and use it for Wifi.
yes. you would need to put your is[ modem /router into bridge mode. yes wifi can still operate in this mode but you won't be able to route through it with pfsense. Your wifi will be completely on a separate network this way. Your other option is to do a double NAT setup. and for any public port forwarding you would need to do this at 2 levels. the isp router and pfsense - really messy.
Nice!!! Probably missed the part where the cable from WAN coming? Did you have your ISP modem as bridged opassing through the connection or coming from the wall to the port8 and through that straight to the pfsense?? - in which case you didnt configure pfsense with your ISP credentials so how come and you have internet? (Pf sense doesnt have ero touch configuration to auto setup itself) Am I missing something here?
WAN is on DHCP by default. WAN port was created as a vlan in the console mode section. you probably jumped directly into the GUI portion and missed this critical step. kzclip.org/video/z59_MWWPL-Q/бейне.html
The only thing i can add is if it is supported by freebsd drivers it should work. I didn't do anything outside of the video to make this setup work. There are times when certain hardware (network card or switch) that advertise supported features are still not compatible under certain operating systems. So going by 802.1q alone i can't say that every card that has this feature will work. Best is to try.
it will work nice solution but, to prevent packet collisions from not having separate WAN LAN, in order to rx and tx simultaneously, on one port, it has to receive and store and send if its clear, or the Ethernet will work half the duplex for each network or even 1/4 duplex, since it has to handle 4 lanes, 2 lane WAN tx/rx, and 2 lane lLAN rx/tx, the NIC has still the same principle right. nice solution, but it cannot be a standard, or everyone should only buy a 4 port smart switch for a 8 port or even 16 port requirement. nice video
I'm about to build a pfSense router using a HP mini PC with 1 NIC connected to a Cisco 3560 12p PoE switch. Can the pfSense WAN interface VLAN 10 be configured as a PPPoE connection? Excellent KZclip vid also!
Great awesome video. I have tried puting a vlan on both lan and wan just our of curiosity and that does not work. Does anyone have a clue as to why this failed?
@Mr. Nick's Hardware & Food can you possibly do some tutorials please for setting up separate wireless ap on pfsense with firewall setup for it being on it's own subnet as netgate recommend it to be setup like that and not just be a bridge
@Mr. Nick's Hardware & Food I was all for opnsense even purchased the practical opnsense book...but if pfsense works i will stick with that and it helps with all the video guides on youtube all pretty much pfsense
@Mr. Nick's Hardware & Food i did get it working in the end...followed your guide and did my best to matchup the switch even though you were using an older model, it only worked once i added ppoe on to the wan settings, i will upload my switch settings as would be good for others to learn. Now i need to try settingup openvpn to only direct specific ip's through a tunnel and also adding a access point.
Those were my thoughts as well. But I also had problems with getting the usb nics to stay configured with opnsense. Just a little bleeding edge for me at this time. Will look at again though in a few months and see if things improved.
@Mr. Nick's Hardware & Food guess i will go back on pfsense to see if it's any different...i dont see why it shouldn't work as both based on same code just opnsense has faster updates and different arrangement of menu
You can do routing on the router and/or via layer 3 switch. I have layer 3 for internal VLAN routing (IP cams VLAN and LAN VLAN) and as well single interface access to VLANS IP CAM, Internet Modem and LAN) which requires routing on the PFSENSE (I actually use OPNSense) In this way internal cam access is offloaded from the PFSENSE. The switch and PFSense are both gateways but the gateway in the switch uses the PFSense as it's default gateway so that the switch will be the internal gateway for all and anything not routable by the switch is passed to PFSense. PFSense uses the switch as it's LAN gateway. Super complex... Satisfies my IT guy max complexity requirements
This is so helpful, even 4 years later, as many people will be running into the issue of greater than 1Gbit Internet access and how to accept/distribute it without spending a fortune.
I am having trouble with creating VLAN's, testing on VM with a NIC with single port, i did exactly the same thing as you, but when i try to get to the webConfigurator, i got timed out for no reason, tryed to reboot pfSense, but it doesn't respond. It just works if i don't create or configure a VLAN, what do i do? I have tested the same version as you and newest ones. (I am not using any switch)
This is definitely something different than what i am doing. if you are working with VM's you can create an additional NIC for the VM. that would make more sense than vlans
nice video , i have a dusty HP old workstation, it has 16 GB RAM and a Opteron Processor but i don't know if it will be enough for a Pfsense firewall... what do you think about it ?
you can create additional vlans off the main nic (in pfsense gui). you need to configure ports on switch to match vlan id. Use firewall rules to allow routing between vlans
Hi there , on your mini pc that you had setup as pfsense there was one lan and wifi card !! why you didn't use network card as WAN and wifi card as LAN?? ,so from network card you get internet from wifi card give internet to all your devices. then all your devices on your network can connect to your pfsense wirelessly and access to the internet, and you hadn't used vlan or use a switch ?????thankyou
Nice video. But, in no means, should this ever be used in a production state. Single port networking will cause throttling, and should that one port go down, the whole network will go with it, even more a risk, when it's a realtek NIC, which is something I tell everyone to stay far away from.
Thanks but not everyone has the same requirements. This is an option and should be tested like any other option. If it works for someone it is perfectly fine. This is not a recommended setup for everyone. This is just how to do it with a single port PC and Switch with VLAN support. Different hardware combination will give different results (performance and reliability). This is true if they are single port or multiple port. If the LAN port on a multiple port router goes down your entire network also goes down if that is all you have configured.
I tried this with a cisco sg200-08 and a old Gateway laptop and never could get the WAN...got 0.0.0.0. I was wondering if the NIC has to be gigabit...I'm not sure what that laptop's capability is. I have Suddenlink cable internet if that helps.
@Mr. Nick's Hardware & Food Well I assumed the Gateway nic was working on some level with vlans. There would have to be some bi-directional abilities going on here. I've had the trunk port hooked up to the switch and was getting connectivity to the lan leading to my other computer to get the web ui up and running. I wasn't sure if there maybe was some limits to what the NIC could actually handle. Same switch works fine on my main pfsense box with vlans. I just wanted to try this for fun mainly. One thing in your video about the switch that's different from my setup is the other ports 2-7 you left as default Trunk where as mine are all Access allow all untagged. I can't imagine that would matter though.
In my case I intend to configure 2 PCs to the VLANs, I do not have a switch. Is it possible to connect everything to the router (5 ports)? How would the configuration be in that case?. Can you help me?.
@Mr. Nick's Hardware & Food let says you get your cpu down to 1v instead of its 1.1v its tdp will be less the heat output will be reduced and your power bill will also be less. ~0.08cent power * 24/7 365days 10watts egal to $5.80. Not hard to tweak under windows, but some hp mono etc offer no bios option, thats why I asked if freebsd offense as the option.
Lol but your port is still in vlan 1, you need to change the PVID of your wan port to 10 as well because it is still touching your internal LAN so anything you plug into that switch can totally bypass pfsense. It is also suggested to change the default vlan to something other than 1 and have the default PVID matching whatever you set the new vlan to. Doing this will basically give you the ability to separate at the psudo-physical layer. You DO NOT want your wan traffic to be switched at the same level internally on the switch. Router on a stick is not good for wan.
So WAN is port 8, it has to send it out over port 1, router receives it and routes the traffic, then has to send it back over the same interface, switch gets it back in on 1 then routes it over to the destination. I'm kind of new to this, help me understand, if there's local traffic within the same subnet the switch should be able to see the destination and just handle it right there without it needing to go over to the router, correct? However if multiple hosts are needing to route out to the WAN its all having to go over that single interface, is this fine since normal http traffic ect shouldn't bottleneck that?
vlan's are a compromise in a every solution that i have seen. you get a feature at the cost of something. In this case it's performance or full capacity of WAN/LAN speed. Yes it's possible to saturate the LAN/WAN if you have enough traffic. With 10 GB nic's now shipping with some PC's it becomes less of a problem.
My most popular video! if you like videos like this and would like to see more please like and subscribe. It really encourages me to give it that extra effort and do better.
What are the advantages of your specific pfsense setup what other setup is it superior to whats the goal of your accomplishment ?
Awesome video. Thanks so much. This helps a ton for someone like me still just getting started with VLANs. I didn’t think doing something like this was possible, but makes a ton of sense and opens a lot more possibilities with single port micro PCs!
@Imran Romainoor you will get 400 down/100 up because the WAN and LAN interface share a 1gbit link.
@Authoritah hi there. i have 800 down and 200 up internet connection. will this setup work? and not bottleneck overall network connectivity?
especially those ultra-small form factor units like a Dell Optiplex 9020! i5-4590S processor, 4gb Ram, throw in a small SSD and you have a beast of a router for about $200 max and extremely compact and reliable and I daresay being a corporate device it might just outlast those aliexpress units. If your upload + download speeds on the WAN link is less than 1Gbps you're all good to go in terms of not having this setup bottleneck your Internet bandwidth. those multiport units in aliexpress can be overpriced for what they offer vs the performance of the CPU.
Simple and to the point. Well Done. I have the same series switch and could follow along using an old Atom netbook for the PfSense box. Worked a treat.
Awesome video and got me much better in understanding VLAN capabilities. I used some old junk laptop for the PoC pfSense box and successfully did this with Netgear ProSafe, an older Ubiqiti ToughSwitch 8 and some super-old Dell switch. When trying to do this with new Unifi switch though, it definitely didn't appreciate having 2 connections to my dumb switch (one for WAN and this PoC and the other separate for other PC's plugged into the switch) and all with VLAN's assigned to the 3 ports. To be fair, when I just plugged in WAN, pfSense and a LAN computer with nothing else on the switch, it certainly worked. My guess is that RSTP or STP is messing with me when it comes to loop detection but even with them disabled, could not get the Unifi switch to stop tripping out. I guess back to the older/cheaper switches for PoC work like this.
This is EXACTLY what I was looking for. Thank you!
Where was this video when I was trying to figure this out? Great work! I was looking for a video like this about 2 years ago, asked for help in pfsense forums and got talked down to because I didn't understand how to set it up. Thank you for this video.
Just 3 days ago. Glad i could help. The pfsense forums are sometimes not very welcoming to certain types of questions. I think pfsense is great piece of software and everyone should be allowed to configure it the way they want if it solves their problem.
Hello, very good explanation. Quick question: can you use the USB ports as additional lan ports using USB/RJ45 dongle?
Very helpful video. Why did you created just one VLAN? I saw another tutorial that created two of them, one for WAN and the other for LAN. What is the difference between your setup and the one with 2 VLANs?
There are actually two vlans there.
re0.10 = vlan 10
re0 = vlan 1
vlan 1 is usually applied a non configured switchport / default.
So what ever you plug into any device will be on vlan1, unless configured otherwise.
only needed one vlan. you can create additional vlans for other purposes.
Just wanted to say thanks. I had started a pfsense project using a NUC I had purchased for another project. Decided to give it a shot and realized that one gig port could be an issue. Some of the NUCs are lucky enough to get an add on card from a vender called GoRite. Bummer they don’t seem to make one for my older NUC. So I have a gig router I’m not using and have to admit I got a little excited. Rain forecasted for the weekend so the grass is out. Be in my shack if anyone is looking for me. Thanks again for the video.
Thank you. I've done this with a MiniPC T11 & a Netgear managed switch. Works a treat! I'm not too familiar with VLANs but managed to translate your settings to the Netgear ones. Been running for 3 weeks flawlessly.
Hi David would you mind to share which type of switch you are using? I have a layer 2 unmanaged switch it doesnt get an ip address. I'm looking to buy a small manage switch
Thank you very much for sharing your knowledge. You have helped me tremendously. I just set up the router successfully following your instruction! Many thanks! :D
This is exactly the info I was looking for. Thank you so much for your clear and concise information!
I'm glad it helped you out. thanks for the sub!
Best video with full step-by-step instructions. Thank you very much. I was able to setup my pfSense firewall router on a stick using a managed switch and VLANs. Without your help, I wouldn't be able to do it by myself. Thanks again.
@Mr. Nick's Hardware & Food What do you think about OPNsense?? pfSense 2.5 has a lot of issues and after looking at some of the reddit posts I am planning to switch to OPNsense.
Great to hear!
Thanks! I did this with a TL-SG108E. 2 WAN inputs and everything worked fantastically. I'm so pleased!
hey i know i’m 2 years late but is the gui any different from the cisco one, could you show me on how to get it working before i buy that switch
Helpful thanks. this is a great way to repurpose mini/micro PC hardware it's just a shame that they don't come with 10Gb.
Excellent guide. I never taught to use single port for pfsense
Excellent tutorial, I don't need it (have SG-4860) but wanted to see and understand your configuration. if you spin up the "interface statistics" widget, do you seem many errors or collisions when the system is under high load?
I don't have this anymore. But I know there was some issues with the realtek network drivers that were used in the base bsd that pfsense used.
Nick's Hardware -- Excellent job. You have resolved my issue. @ my location, its difficult to find the Atom / Celeron motherboard with 2 onboard lan interfaces or with additional pci slot. For me its a great great help.
I have couple of queries though.
1. I have Dual Core Celeron PC with 1 Gbps Ethernet port. Wan speed is about 50 Mbps and there are 15 PC on Lan side. With the configuration you have suggested will it hamper the speed of the network ?
2. I have spare TP-LINK TL-SG108E 8-Port Gigabit Easy Smart Switch with 8 10/100/1000 Mbps RJ45 Ports ( Costed me $40) . Can I use this switch instead of Cisco which is bit costly?
3. Can I configure additional vlan on single interface on PFsense side + on smart switch so that I can create additional network ( DMZ for server + vlan for accounts dept )
Regards and nice to see such excellent video . Keep it up !!!
1. yes it will work. since your WAN speed is 50M and WAN/LAN Interface will be 1G it should not affect performance. You should test the final configuration.
2. Technically that switch should work. it does support VLANS. I have not tested though.
3.Yes - you can configure as many vlans as you have ports on your switch (minus one) . You can even add additional switches to each access port to expand the network. And that would affect performance. Always test!
Thank you so much. I picked up that exact switch a little bit ago off ebay and I had a micro PC that I wasn't using any more that I wanted to turn into a pfsense router. I was going to just use a USB ethernet adapter but a lot of people said they get a lot of errors from them so I scrapped that idea. I banged my head against the wall for a while trying to set up the VLANs for this until I stumbled across your vids. Very easy to follow and I got things set up quickly. Liked and subbed. Keep up the good work!
that's great...thanks for the kind words.
You can also use a standard soho router that is supported by openwrt and had vlan capable ethernet ports which luckily most of the router supports openwrt do.
thanks for the info. I I try to use what ever i have. If you have a combination of hardware that does the same thing please list it out for anyone else that might benefit.
Setting up pfsense that way is actually pretty neat. I only need something for VLAN setup and routing, but I didn't want to replace my router for...reasons. I don't need a firewall either.
The way you have shown is a concept most IT people seem to not understand, when it comes to pfsense being involved.
Thank you for this info! Even though my server has 4 NICs, this helped me a lot.
Thank you very much. That's what I call step by step instruction
Thanks for this video. Help me a lot. Can you advise what are the Pros and Cons between pfsence on 1 network port PC and 2 network port PC?
2 is always better than 1. Easier to manage and more data you can route with 2 network cards. Some people want to use use these low powered single nic PC's - this gives them that option.
These are SOLID instructions. Great job.
Excellent info, this can save $ for folks who wants to pfsense with single-LAN boxes available at cheaper than the purposely built multi-LAN boxes.
great video, well made and clear
I actually bodged a second NIC into my Dell Optiplex using the internal mini-PCIe slot. I was planning on trying to modify the case to make the port external, but ended up just having a cat5e cable coming out of the hole for the wifi antenna (which I don't have) which is plugged into the nic inside the case. I didn't know about VLANs at the time. This way is probably easier, but my way is probably cheaper.
It's also worth nothing that, if you have a 1Gbit WAN connection or you plan on sharing files between seperate vlans, then you'll only be able to get 500Mbps out of it with this configuration, because upstream and downstream and both used at the same time and that hits the link speed max .
I'm pretty sure this is incorrect.
1 Gbit/s in full-duplex means that 1 Gbit/s can be sent and 1 Gbit/s can be received.
In other words: a 1 Gbit/s port can handle 1 Gbit/s incoming & 1 Gbit/s outgoing traffic -> you will be okay.
Only exception: you have a symetric 1 Gbit/s connection. Than you won't be able to fully saturate your connection in both directions at the same time.
I need some guidance, can you help
Thank God I read this comment before placing an order for this switch
Hi, thanks for your videos. Is it better to use USB Nics or VLANs? I will use: LAN, ISP1 (100mbps), ISP1 (80mbps). Please let me know if possible the best configuration for my PFsense router with i5 8gb ram SSD. Thanks and continue these videos. Subscribed. Thanks,
@Mr. Nick's Hardware & Food so the best would be to stick with my one LAN with Vlans. What about USB nic failover? Is it possible? Could you please do a video on it? Would be amazing. Thanks,
with a notebook you really don't have any other options.
@Mr. Nick's Hardware & Food thanks for the answer. I will stick with Vlans. Is there any better solutions? I have a Hp 840 G1 it 8gb ram. Thanks,
the usb nics seem to fail/freeze over time. I would go with vlans if I had to choose between those options. And 100Mbs should be fine as long as your network ports are gigabit.
Bonjour, merci pour cette vidéo qui m'a permis de comprendre comment faire. J'ai le même pc !.
My MAN, THANK YOU for this, I finally have a solid use for my old laptop
this is clever. plus you can use that dell's wifi (i'm guessing that's a wifi antenna port at the back) as an AP and will make it a solid setup. definitely be doing this kind of rig.
@Zeus Uki Wifi NICs are not suited for use as an AP but if you have an old wireless router sitting around most likely it can be used in AP mode. In the past I've used an Archer C9 and Asus RT-AC68U and they worked well.
unfortunately the wifi isn't detected.
thank you! this is a very simple to understand guide
glad you liked it.
after some days of researches i finally have found your video and gave me more hope of using a spare old laptop as a pfsense router, yes it has no aes-ni unfortunately but for my first try i wanted to try it this way, to not use an desktop instead (power usage).
the question i've got is: after doing what you did i guess i can just put my crappy modem/router in bridge mode and stick it into the switch, and then configure pfsense to connect the internet after that right ?
We still use old adsl over phone line here so i am obliged to go through the dlink 2750 in bridge mode.
And i guess i can't use any switch for this to work, (no dumb switch i mean) or else i cannot configure it so that it works this way.
Sorry if my question seems dumb but i'm really new to networking and to pfsense too ^^"
@Mr. Nick's Hardware & Food thanks you very much for your answer.
since getting new hardware or alternative low power hardware here is very expensive, going the old hardware i have in my house seems to be the best solution for me, at least for now until i get something better with time, yes it's an old laptop but it's half the power draw from the wall than the lga 775 cpus and mobos i have. ( monthly payment for is 140€ really so yeah ......)
all i wanna do i create a small home network on our new house so that i can monitor it and manage the bandwidth that each user can use at max, (4mbps or maybe 8 in the future) that would hurt if someone just use it all. and there's no way a 10/100 ethernet port can bottleneck the internet too.
i will experiment with the "add-on" we can install on pfsense too but i know that i'm limited by the old dual core it has.
only two or three devices will use ethernet, the rest of the users are the multiples wifi devices (will try to hook up an access point for those ) i'm thinking something like this if i can manage to get a smart switch with how you explained it
laptop router ----------------------> switch with bridged modem
if you are using this laptop just for learning pfsense you can also use USB ethernet. I have another video where it shows which brand i used.
the switch you need will be either labeled a smart switch or managed switch. And it should say that it supports VLAN's. You normally have to login to some kind of GUI in order for this to be configured.
if your switch does not have an ip address or web interface than probably not the right switch.
Perfect. No waffle. Just info.
Great video! It would have been easier and faster to use cli on the switch though ;)
I don't think this switch is capable of CLI.
Is there any performance loss? i.e. I have gigabit ethernet, would your setup make it single duplex? or only 500mbps? Could you put a PC on the wan side and run a throughput test and see if you get full gigabit? Thanks!
Bilinmek Istemiyor you basically split the bandwidth between vlans. ei. 2 vlans on a single gig cable then each vlan gets only half (500 mb).
I can add this to my list of things to check...but yes there is a performance hit. if your internet (not ethernet) speed is more than 500Mb this setup is not good.
Thanks. Very useful. I think you are not connecting pfsense PC directly to your ISP line, I mean there is another router or modem in between because your WAN IP is in the private IP range.
I bought a used sg300-28 switch and tried your way it worked.
However when I connected the pfsense PC directly to my ISP line, where I needed to enter some pppoe settings (ISP username & password), the vlan interface settings changed.
So sad to use my USB to NIC again !
Thanks again for the knowledge
@Mr. Nick's Hardware & Food Thanks man. You are really kind.
for ppoe setup you need to go to INTERFACES -> WAN
switch the IPv4 configuration to PPPoE
Now scroll down to the PPPoE configuration section and enter your USERNAME and PASSWORD
and click the SAVE button at the bottom of the page.
If you you see apply changes at the top of the page hit that as well.
Is there any performance drop doing this? I would ask if it could handle 200 Mbps internet connection
Great video!!, I'm looking a way to virtualize pfsense on a synology NAS that has 4x 1gb ports , my goal is to simply connect the modem to one of the ports and my unify AP to another one using the remaining ports as a switch.. do you know if it's possible on DSM?
@Mr. Nick's Hardware & Food Just received this message from Synology
You can assign specific NICs to be used for VM networks but this does not dedicate the NIC to only being used by VMs: www.synology.com/en-us/knowledgebase/DSM/help/Virtualization/network
Since the DSM can act as a router already it's technically possible. I can't guarantee anything but it would be interesting to see.
Excellent and timely info, please keep up the good work.
I agree with xeress! informational and fast walk through without unnessary "crap talk". Keep up the good work Nick
Thanks - much appreciated.
Most people like Top from Lawrence and others show it with setting up with both wan and lan. But most of us as using it for homelab only have 1 port. This was especially useful. I only realized it after setting it up and getting into pfsense that we can use vlan to separate the port. This makes it so much clearer. LOL thanks!!!
Nick, unfortunately couldn't get this running on my Netgear Prosafe GST108, but... for fun tried your dual USB 3.0 gigabit adapters on my 4th gen i3NUC, worked but wasn't too stable, just got in my Cisco SG-200, and OMG... Running like a champ!!! Thank you SO MUCH for these tutorials, appreciate your work, time and effort u put in to these for enthusiasts / tinkerers like myself. Speeds from wired and wireless APs (WiFi6 / ax) running circles around my recently purchased Ubiquiti USG. If u have a Patreon, etc, please direct me to that. Thanks again!!!
Hey I am glad everything worked out. thanks for the donation offer but i am good, i have day job.
Hi there, why you didn't use wifi as secend lan port option??
I have the same hardware, but i use virtualization. So PC works as router, file server and there's a lot of ram and storage to act as lab for tests. Just Install VMware, Hyper-v or smth. and install pfsense as usual without vlans. Inside host create virtual ethernet adapters with vlan. That's it. Profit: you can backup whole VM, you can make snapshot before update, so you will never get failed router.
Just one tip: use zfs instead of ufs. Pfsense sinse 2.4 has strange behavior in Hyper-v. It cannot save state correctly, so after host restart pfsense starts as after power failure. And once i got problems on UFS installation. ZFS is steady for unexpected "power off". VMs with pfsense 2.3/2.2 work on UFS without problems (due to correct state saving).
@Mr. Nick's Hardware & Food Even on fanless 4 watt Intel Celeron N2807 averages are: 0.72 0.42 0.36
It has MultiWan (summary ~70 Mbit/s), OpenVPN. Several PCs, mobiles and ip phones. Ip phones over vpn work flawlessly, That's mean there is no packet drops or smth other problems
what's the performance like?
Legend man! I literally have the same optiplex micro and wanted to use it as a pfsense router and I have a tp link switch but no idea how to vlan.
Awesome video sir, thank you
Dude, I really wish you used a HP switch for this great tutorial. Trying to convert what you're doing in the CISCO config to HP is giving me a headache.
I have an older single port Celeron powered NUC and a HP ProCurve 1810G-8 that I 'thought' would be fun to setup with pfsense.
I recently came into a hp procurve myself! How has it been working out for you?
Any advice for running Pfsense on Proxmox? I cannot seem to get this setup going, and I suspect its down to not having the host or vm networking set up correctly. I lose access to Proxmox (and thus pfsense running in a VM) when I try.
Does the WAN need any configuring or firewall rules set with this 1-port setup? Or, is pfSense set to its default - block any into WAN/allow any out from LAN - like it is on a 2-port setup? Thank you.
Once the Vlans are created, LAN & WAN interfaces are assigned. PFSense will treat the interfaces exactly as if they are hardware ports just like a 2 or more port setup. No other special configuration needed.
What is the difference between 1 port to share WAN and LAN vs 1 port for WAN and 1 Port for LAN?
it's always better to have a dedicated nic(port) for your lan and wan. If you want to use a micro PC as a router there no place to install a second nic(port). This method allows you to do that by configuring a small switch.
I was really wondering if I really needed to buy extra NICs or not. I've got a 10G nic and a 10G switch, there's probably not much need to buy anything else. Thanks for the video.
trying to follow your configurations and it seems to me it is similar to cisco inter vlan router on a stcik configuration. Im going to try it.
Thank you very much for this guide. I get lost on setting port 8 as access point as I have a netgear gs908e. Any ideas?
in the manual it shows vlan usage but i am not entirely sure.
Thank you, i never trought about doing this. Im going to use a old Mikrotik router instead of a managed switch.
thank you so much man, i was suck on one part and this helped get it all working finally!
Hi there, if we have laptop and we want to use wireless instead of the rj45 cable to connect to the pfsense then what should we do? In this case you have 1 pc, 1 switch and connect your laptop with rj45 cable to the switch, my question is we want 2 more laptops connect to network by wireless? In this case what should we do?
just plug a wireless access point in one the other ports
I was looking for this thanks. My situation though I have those ISP provided (sagemcom fast 5250 ) wireless router/modem combo. I have FTTN 50/10 mbps connection DSL to modem; PFsense will be Dell inspiron 530 (1 nic). It will just be those 2 devices for now. PFsense box and ISP box, will this work? I want the ports on the ISP box to still work and use it for Wifi.
yes. you would need to put your is[ modem /router into bridge mode. yes wifi can still operate in this mode but you won't be able to route through it with pfsense. Your wifi will be completely on a separate network this way.
Your other option is to do a double NAT setup. and for any public port forwarding you would need to do this at 2 levels. the isp router and pfsense - really messy.
how secure is it compare to have 2 different nics?
Nice!!! Probably missed the part where the cable from WAN coming? Did you have your ISP modem as bridged opassing through the connection or coming from the wall to the port8 and through that straight to the pfsense?? - in which case you didnt configure pfsense with your ISP credentials so how come and you have internet? (Pf sense doesnt have ero touch configuration to auto setup itself)
Am I missing something here?
WAN is on DHCP by default. WAN port was created as a vlan in the console mode section. you probably jumped directly into the GUI portion and missed this critical step.
kzclip.org/video/z59_MWWPL-Q/бейне.html
You didn't talk about the compatibility of the NIC itself on the Dell - is yours 802.1q compatible or is there something nuanced that you left out?
The only thing i can add is if it is supported by freebsd drivers it should work. I didn't do anything outside of the video to make this setup work. There are times when certain hardware (network card or switch) that advertise supported features are still not compatible under certain operating systems. So going by 802.1q alone i can't say that every card that has this feature will work. Best is to try.
it will work nice solution but, to prevent packet collisions from not having separate WAN LAN, in order to rx and tx simultaneously, on one port, it has to receive and store and send if its clear, or the Ethernet will work half the duplex for each network or even 1/4 duplex, since it has to handle 4 lanes, 2 lane WAN tx/rx, and 2 lane lLAN rx/tx, the NIC has still the same principle right. nice solution, but it cannot be a standard, or everyone should only buy a 4 port smart switch for a 8 port or even 16 port requirement. nice video
I'm about to build a pfSense router using a HP mini PC with 1 NIC connected to a Cisco 3560 12p PoE switch. Can the pfSense WAN interface VLAN 10 be configured as a PPPoE connection? Excellent KZclip vid also!
did not test with PPPoE but i think it should work.
Hi,
I am a retired pilot and I am teaching myself some IT. Would appreciate some guidance.
I have a ubiquiti switch 8-60w, can I use it for this?
Yes you can.
if it's a managed switch it should work. I haven't tested on those switches yet.
Thanks for the video. can I use one of the remaining trunk ports for a access point?
yes...you can use the remaining ports on the switch plugin what ever you like.
Great awesome video. I have tried puting a vlan on both lan and wan just our of curiosity and that does not work. Does anyone have a clue as to why this failed?
Correction : it worked but i had to reboot pfsense and make sure the port connected to the pfsense box was tagged to both VLANs used for LAN & WAN.
nice video man keep them up
Wish i could get this figured out on a cisco sg300-10 as similar in some ways, but not so in others on latest fw
@Mr. Nick's Hardware & Food can you possibly do some tutorials please for setting up separate wireless ap on pfsense with firewall setup for it being on it's own subnet as netgate recommend it to be setup like that and not just be a bridge
@Mr. Nick's Hardware & Food I was all for opnsense even purchased the practical opnsense book...but if pfsense works i will stick with that and it helps with all the video guides on youtube all pretty much pfsense
@Mr. Nick's Hardware & Food i did get it working in the end...followed your guide and did my best to matchup the switch even though you were using an older model, it only worked once i added ppoe on to the wan settings, i will upload my switch settings as would be good for others to learn. Now i need to try settingup openvpn to only direct specific ip's through a tunnel and also adding a access point.
Those were my thoughts as well. But I also had problems with getting the usb nics to stay configured with opnsense. Just a little bleeding edge for me at this time. Will look at again though in a few months and see if things improved.
@Mr. Nick's Hardware & Food guess i will go back on pfsense to see if it's any different...i dont see why it shouldn't work as both based on same code just opnsense has faster updates and different arrangement of menu
Hi there, if we have pc mini with only 1 rj45 lan port, can we use normal switch or we must to use switch with vlan support?? Thnx
vlan switch
You are amazing!
Do you need a L3 switch for this to work or could a L2 switch with vlan work?
You can do routing on the router and/or via layer 3 switch.
I have layer 3 for internal VLAN routing (IP cams VLAN and LAN VLAN) and as well single interface access to VLANS IP CAM, Internet Modem and LAN) which requires routing on the PFSENSE (I actually use OPNSense)
In this way internal cam access is offloaded from the PFSENSE. The switch and PFSense are both gateways but the gateway in the switch uses the PFSense as it's default gateway so that the switch will be the internal gateway for all and anything not routable by the switch is passed to PFSense.
PFSense uses the switch as it's LAN gateway.
Super complex... Satisfies my IT guy max complexity requirements
I'm trying to replicate what you did with D-Link DGS-1100 but still fail. Any idea how to do it with DGS-1100 ?
sorry...have not tried with dlink.
This is so helpful, even 4 years later, as many people will be running into the issue of greater than 1Gbit Internet access and how to accept/distribute it without spending a fortune.
I am having trouble with creating VLAN's, testing on VM with a NIC with single port, i did exactly the same thing as you, but when i try to get to the webConfigurator, i got timed out for no reason, tryed to reboot pfSense, but it doesn't respond. It just works if i don't create or configure a VLAN, what do i do? I have tested the same version as you and newest ones. (I am not using any switch)
This is definitely something different than what i am doing.
if you are working with VM's you can create an additional NIC for the VM. that would make more sense than vlans
@nicks hardware
How do you setup with a Cisco 2960 switch
nice video , i have a dusty HP old workstation, it has 16 GB RAM and a Opteron Processor but i don't know if it will be enough
for a Pfsense firewall... what do you think about it ?
I would definitely give it a try. that plenty of ram and opteron is 64 bit. i think it's only dual core but should be ok still.
Will this work in docker? Thanks!
What if I want to set other VLANs on my switch? How can I "link" them to pfsense in order to make them go through PFsense? Thank you
@Mr. Nick's Hardware & Food I think I've understood. Thanks!
you can create additional vlans off the main nic (in pfsense gui). you need to configure ports on switch to match vlan id. Use firewall rules to allow routing between vlans
Hi there , on your mini pc that you had setup as pfsense there was one lan and wifi card !! why you didn't use network card as WAN and wifi card as LAN?? ,so from network card you get internet from wifi card give internet to all your devices. then all your devices on your network can connect to your pfsense wirelessly and access to the internet, and you hadn't used vlan or use a switch ?????thankyou
Is this still an option? Are you saying you no longer trust vlans? I was planning to use an old laptop to do this but now i'm not sure..please advise
Should work fine. - It does for me.
How much power does this pc consume?
super helpful. thanks for making this.
Nice video. But, in no means, should this ever be used in a production state. Single port networking will cause throttling, and should that one port go down, the whole network will go with it, even more a risk, when it's a realtek NIC, which is something I tell everyone to stay far away from.
Thanks but not everyone has the same requirements. This is an option and should be tested like any other option. If it works for someone it is perfectly fine. This is not a recommended setup for everyone. This is just how to do it with a single port PC and Switch with VLAN support. Different hardware combination will give different results (performance and reliability). This is true if they are single port or multiple port. If the LAN port on a multiple port router goes down your entire network also goes down if that is all you have configured.
obviously you need a smart switch .. or you can also buy anther Ethernet port for your mini pc :)
Best I've seen this week using my SANdisk Cruiser install media was 1007 files/sec.. Nice video buddy :D
I tried this with a cisco sg200-08 and a old Gateway laptop and never could get the WAN...got 0.0.0.0. I was wondering if the NIC has to be gigabit...I'm not sure what that laptop's capability is. I have Suddenlink cable internet if that helps.
@Mr. Nick's Hardware & Food Well I assumed the Gateway nic was working on some level with vlans. There would have to be some bi-directional abilities going on here. I've had the trunk port hooked up to the switch and was getting connectivity to the lan leading to my other computer to get the web ui up and running. I wasn't sure if there maybe was some limits to what the NIC could actually handle. Same switch works fine on my main pfsense box with vlans. I just wanted to try this for fun mainly. One thing in your video about the switch that's different from my setup is the other ports 2-7 you left as default Trunk where as mine are all Access allow all untagged. I can't imagine that would matter though.
it would need to support vlan's (the gateway laptop nic port), don't think gigabit would be the issue.
Why did you get a private IP address allocated on your WAN interface?
In my case I intend to configure 2 PCs to the VLANs, I do not have a switch. Is it possible to connect everything to the router (5 ports)? How would the configuration be in that case?.
Can you help me?.
@Mr. Nick's Hardware & Food But the problem is that I can't configure a VLAN on the router.
just plug everything into your isp router/modem. it doesn't sound like you have a reason to use pfsense
Hi question in msc tab there was power option, can we undervolt under pfsense? like in windows with xtu...
yeah that makes sense. maybe someone else can chime in on this...not sure if this is possible in freebsd.
@Mr. Nick's Hardware & Food let says you get your cpu down to 1v instead of its 1.1v its tdp will be less the heat output will be reduced and your power bill will also be less. ~0.08cent power * 24/7 365days 10watts egal to $5.80. Not hard to tweak under windows, but some hp mono etc offer no bios option, thats why I asked if freebsd offense as the option.
did not check that system is out of my hands now...but what would undervolting do? not sure what the benefits would be.
Lol but your port is still in vlan 1, you need to change the PVID of your wan port to 10 as well because it is still touching your internal LAN so anything you plug into that switch can totally bypass pfsense. It is also suggested to change the default vlan to something other than 1 and have the default PVID matching whatever you set the new vlan to. Doing this will basically give you the ability to separate at the psudo-physical layer. You DO NOT want your wan traffic to be switched at the same level internally on the switch. Router on a stick is not good for wan.
Do you have video on how to setup a Cisco Catalyst 2960c 8 port?
no...not something i use in day to day setups.
Can you do the same thing using esxi instead of a switch? If so... how?
you should but i don't know my way around esxi.
do you have a video of vlan configuration on a dlink switch?
What model is that?
no dlink - but i did pick up a cheap tp-link switch that can do vlan's. Maybe in the future i will have something
Nice one. Thanks
Nice video tutorial, thanks for sharing!!!
It's your basic router on a stick setup, I didn't know pfsense supported virtual interfaces. Very cool.
Hi im using pfsense in my vmware, but i couldnt get pfsense to detect my smart switch LAN interface when i plug it in. do you know why?
maybe you need to add an additional virtual nic in your vmware config.
So WAN is port 8, it has to send it out over port 1, router receives it and routes the traffic, then has to send it back over the same interface, switch gets it back in on 1 then routes it over to the destination. I'm kind of new to this, help me understand, if there's local traffic within the same subnet the switch should be able to see the destination and just handle it right there without it needing to go over to the router, correct? However if multiple hosts are needing to route out to the WAN its all having to go over that single interface, is this fine since normal http traffic ect shouldn't bottleneck that?
@Mr. Nick's Hardware & Food I see, thank you.
vlan's are a compromise in a every solution that i have seen. you get a feature at the cost of something. In this case it's performance or full capacity of WAN/LAN speed. Yes it's possible to saturate the LAN/WAN if you have enough traffic. With 10 GB nic's now shipping with some PC's it becomes less of a problem.
Would you add info on using a dd-wrt router instead of cisco ?
doesn't pfsense handle everything dd-wrt does and more?
Gunnvald Kleveland lol ddwrt should be put away. Use ubiquiti
I can add that to my list of things to do next. what are you using dd-wrt on? what kind of hardware?