New network and vlan for real

Posted on
unifi pfsense network vlan

I thought I knew how VLANs worked - I couldn’t be more wrong. It’s far more than a tag, that is pretty much all got to have to do when using VLANs in Unifi. And they make everything backward as well.

And again I say that I have a new network, not really, it is “only” the router that has been replaced.

See not that big of a difference, sure I got some nice icons but other than that, there is not such a big difference.

So here is where it all begins:

In the image above the Dell server is where we begin, from there pfSense receives WAN and delivers LAN. Since it is a home network one port is enough to deliver all the VLANs.

So VLAN is not only a number, as one might come to think it is of working with VLANs on Unifi. Because Unifi makes it a bit backwards, if you create a VLAN it assumes that you want to be able to talk to all other networks and vlans.
That is not correct.

A VLAN is a separated virtual LAN, easiest is to think of it as two physical ports.
Mind the word separated, that says that two VLANs can not talk to each other, if you want that, you have to allow that.
This is the first and biggest mistake I made when setting this up.
I got great help from Bubbagump20 over at Reddit, he showed me one way to solve this. His way was one way to solve this, but I had an itch in the back of my neck that there must be another way to skin the cat.
And in my research on why one network couldn’t speak to another, I came across this video, that later showed itself to be the solution.

Thus pfSense handles VLAN as the should be made. They are separated and you need to allow traffic between them.

This is the golden rule:

Here you tell, in this case, that the Guestnet can talk to every other network, this is need to talk to the internet. After this, I block the networks the guestnet shouldn’t have access to.