The networks we have contemplated so far have been relatively simple networks with two interfaces (WAN and LAN). As our networks get larger, we have two primary concerns. The first is the increase in broadcast traffic (packets received by every node on the network). The second is the need to segregate network traffic based on management and/or security concerns.

One way of solving these issues is to divide our networks into different segments. For example, in a corporate network, we may have different subnets for the engineering department, the sales department, and so on.

The problem with this approach is that it does not scale well in the traditional networking paradigm. Each subnet requires a separate physical interface, and there is a limit to how many physical interfaces we can place in a single router.

A better solution is to decouple the physical organization of our network from the logical organization of it. Virtual LANs accomplish this objective. By attaching a special header to an Ethernet frame (known as an 802.1Q tag, named after the IEEE standard that defines VLANs), we can accomplish two feats we could not otherwise do: single interfaces can now support multiple networks, and networks can now span multiple interfaces (less common, but possible).

In addition, VLANs provide some advantages over traditional networks. With VLANs, if a user moves from one location to another, the user's computer's network settings do not have to be reconfigured—the user just needs to connect to a switch port that supports the VLAN of which the user is a member. Conversely, if the user changes their job function, they do not need to move—they only need to join a different VLAN that contains the resources they need to access. Moreover, since broadcast traffic is confined to a single VLAN, it is significantly reduced, cutting down on unnecessary network traffic and improving security, since it is less likely a user can eavesdrop on network traffic not intended for that user.

Since this book is aimed at those whose knowledge of networking and pfSense is at a beginner’s level, our discussion of VLANs will not go into the depth that it might otherwise. In particular, we will only discuss how to configure pfSense for use with VLANs, and we will not discuss how to configure a managed switch, which is a necessary step in setting up VLANs. Instead, consult the documentation provided with your switch for more information.

As with DHCP, will we cover the two methods of adding VLANs: at the console and within the web GUI.