VLAN Segmentation🔗
VLANs isolate classes of devices and services.
VLAN Overview🔗
| VLAN | Name | Subnet | Purpose |
|---|---|---|---|
| 10 | Main | 10.0.10.0/24 | Workstations |
| 20 | Server | 10.0.20.0/24 | LXCs and VMs |
| 30 | Media | 10.0.30.0/24 | Jellyfin, etc. |
| 40 | IoT | 10.0.40.0/24 | Smart devices |
| 50 | VPN | 10.0.50.0/24 | Tunnel subnet |
pfSense🔗
- Interfaces → Assignments → VLANs: add VLANs on correct parent.
- Create interfaces (e.g., VLAN10, VLAN20).
- Add firewall rules per policy (e.g., Media → Server: TCP 2049 for NFS).
Switch Example (Trunk/Untagged)🔗
Port 1-4 → VLAN 10 (Untagged)
Port 5-12 → VLAN 20 (Untagged)
Port 24 → Trunk (Tagged 10,20,30,40,50)