JLH
Blog
About

Initial VLAN setup

May 07, 2023

Overview

It was long overdue, but I finally decided to start properly segmenting my home network using VLANs. This was actually much simpler than I expected. Since I was already using pfSense, Unifi, and Proxmox, I was able to easily configure the VLANs across those devices/programs.

pfSense

The “primary” VLAN creation is done in pfSense. Start by navigating to Interfaces -> Assignments -> VLANs and add your VLAN. Then jump back to Interface Assignments and add the newly create VLAN. Be sure to check the Enable box and add a useful description. In my scenario, I chose the IPv4 Configuration Type to be Static IPv4. I then added an IPv4 Address and set the prefix to /24. Once that is done, go to Services -> DHCP Server and select the newly added interface. Check the Enable box and optionally add an IP range for the DHCP server to use. Be sure to go to Firewall -> Rules and create any rules you may need for this new VLAN.

That may be all that is required for most folks. In my case, I’m not using automatic outbound NAT rule generation, so I’ll need to make a few additions there to allow this new VLAN to access the internet. This can be done from Firewall -> NAT -> Outbound. There should already be two rules per interface listed. I simply duplicate those two rules from another interface and update the source to match my new IP range.

Unifi

After logging in to the console, go to Settings -> Networks. Select Create New Network and fill in the network name and VLAN ID. Since I’m using pfSense for my routing, the router section just says Third-party Gateway. Once that is done, the Unifi switches can be configured to have ports pass all traffic or only specific ports for a specific network. To do this, go to Devices and select the switch to be configured. The select Ports and Port Manager. If WiFi is needed for the new network, this can be created from Settings -> WiFi -> Create New WiFi. Then add your SSID name and password and select the network to use with that SSID. There are several other options here that can be adjusted for the WiFi network.

Proxmox

I was worried that it may be rather difficult to get VLANs setup in Proxmox, but that was definitely not the case. Once logged in, go to your node then System -> Network. Select the interface that will be used for the VLAN and edit it. Check the box for VLAN aware and save. It’s that simple. When creating a new VM that should be on the VLAN (or editing and existing VM), just add the appropriate VLAN tag to the network device settings.

Conclusion

I was able to get some initial VLANs established fairly easily. I’m still working on defining the final layout of my home network and setting up all of the rules for access (or lack of access) between the VLANs. At least it’s a step in the right direction though.