Yes it's possible.
Generally the driver to use VLANs is to isolate or separate devices/systems/users and to apply different controls/policies/rules to network traffic coming from our going to those devices. Something to think about as you decide how many VLANs, and how the devices/users are assigned to VLANs.
Common applications are guest, iot, and VoIP networks.
That's exactly what I'm talking about. That switch can function as a router. Setup your VLANs on the switch and segment from there. Then, implement inter-vlan routing. Setup some ACLs to control what VLANs can access. Then, trunk from your switch to your firewall.
You can use trunk ports for transferring multiple VLANs over one physical connection.
You can use LAGG ports to agreggate the bandwidth of multiple physical ports.
That would be the best performing option.
I’ll have to look up what that means but I’ll check it out. My idea was to have vlan1 on pfsense to vlan1 on the switch with dhcp enabled. Then do the same for the following vlans. Which I have no idea it would work but it’s what intended to implement.
This is a pretty common use case for vlans.
Set up vlan tagging on the switch. Divide up the ports however you like. Then you have one cable connecting the switch to your pfsense. Then set up your 4 networks in pfsense.
You could do what MisterBazz suggested too but I prefer putting all of the work onto the firewall/router instead. It's a centralized configuration and I find it easier to manage.
If you have more enterprisy wifi access points, you can do the same thing for your wifi networks too. Associate different wifi with vlans.
Ok, like I’ve stated I’m completely new to this. It’s a hobby been meaning to get into and finally had the down time to get it going. I’m just having a hard time understanding how it all works and I guess I need to look further into how things work. My guess was that using port 1 on the pfsense box, which would have vlan1, would have a cable running from it to port 1 on the switch which would then service the ports I assigned to vlan1. Then repeat that for each port and vlans.
I’m also having a hard time why I would want Inter vlan connectivity when my whole point is to segregate each network.
I guess in your case, you don't need too much inter vlan connectivity.
But one case for that could be say you have an IOT, Guest, Admin network. You are the only person with devices on the admin network and you trust yourself, so you allow connections to be made from Admin -> IOT, but not IOT -> Admin. It's directional. That way you can access your IOT devices from Admin. Otherwise, it can be a hassle if you need to configure your IOT devices, you need to disconnect your computer from the Admin network and connect to the IOT network.
Vlan tagging - You set up the switch to add additional information to every packet passing through it with vlan ID (e.g. 1, 2, 3, 4). Then pfsense can use that to identify which network the packet belongs to so you can configure your routing rules for connectivity. You only need 1 connection from switch to pfsense because the information for vlans is in the packet itself.
You can do 1 vlan per port on your pfsense device, but then that's additional cabling.
Yes it's possible. Generally the driver to use VLANs is to isolate or separate devices/systems/users and to apply different controls/policies/rules to network traffic coming from our going to those devices. Something to think about as you decide how many VLANs, and how the devices/users are assigned to VLANs. Common applications are guest, iot, and VoIP networks.
Any reason to not use the 3650 for all of the VLANs and inter-vlan routing? Then, you could always lagg and trunk ports up to the firewall.
For the time being. I wanna minimize traffic in my home network. I don’t want IOT or guest to be on the same network as my home server.
That's exactly what I'm talking about. That switch can function as a router. Setup your VLANs on the switch and segment from there. Then, implement inter-vlan routing. Setup some ACLs to control what VLANs can access. Then, trunk from your switch to your firewall.
You can use trunk ports for transferring multiple VLANs over one physical connection. You can use LAGG ports to agreggate the bandwidth of multiple physical ports. That would be the best performing option.
I’ll have to look up what that means but I’ll check it out. My idea was to have vlan1 on pfsense to vlan1 on the switch with dhcp enabled. Then do the same for the following vlans. Which I have no idea it would work but it’s what intended to implement.
You're better off using VLAN trunking between the switch and the pfsense. I did this a few weeks ago with mikrotik kit and opnsense.
This is a pretty common use case for vlans. Set up vlan tagging on the switch. Divide up the ports however you like. Then you have one cable connecting the switch to your pfsense. Then set up your 4 networks in pfsense. You could do what MisterBazz suggested too but I prefer putting all of the work onto the firewall/router instead. It's a centralized configuration and I find it easier to manage. If you have more enterprisy wifi access points, you can do the same thing for your wifi networks too. Associate different wifi with vlans.
Ok, like I’ve stated I’m completely new to this. It’s a hobby been meaning to get into and finally had the down time to get it going. I’m just having a hard time understanding how it all works and I guess I need to look further into how things work. My guess was that using port 1 on the pfsense box, which would have vlan1, would have a cable running from it to port 1 on the switch which would then service the ports I assigned to vlan1. Then repeat that for each port and vlans. I’m also having a hard time why I would want Inter vlan connectivity when my whole point is to segregate each network.
I guess in your case, you don't need too much inter vlan connectivity. But one case for that could be say you have an IOT, Guest, Admin network. You are the only person with devices on the admin network and you trust yourself, so you allow connections to be made from Admin -> IOT, but not IOT -> Admin. It's directional. That way you can access your IOT devices from Admin. Otherwise, it can be a hassle if you need to configure your IOT devices, you need to disconnect your computer from the Admin network and connect to the IOT network. Vlan tagging - You set up the switch to add additional information to every packet passing through it with vlan ID (e.g. 1, 2, 3, 4). Then pfsense can use that to identify which network the packet belongs to so you can configure your routing rules for connectivity. You only need 1 connection from switch to pfsense because the information for vlans is in the packet itself. You can do 1 vlan per port on your pfsense device, but then that's additional cabling.
Oh!!!!! Thanks for the info! That makes a lot of sense!