In this pfSense video, I walk through creating and configuring VLANs the way I actually do it in my home lab. A VLAN is just a way to take the same physical network—your router, switch, and cabling—and split it into separate logical networks. That’s usually for security (keep risky client devices away from sensitive servers), and it can help performance when you’ve got a lot of clients on the network. I start in pfSense under Interfaces > Assignments > VLANs to create a new VLAN (I use tag 25), then I assign it as a new interface, enable it, and give it a static gateway IP (192.168.25.1/24). After that I enable DHCP for the VLAN and show the exact ranges I like to use: .1-.9 reserved for network gear, .10-.99 for DHCP, and .100+ for statics (or use DHCP static mappings). Then I show the switch side using an HPE 2920: tag the uplink port back to pfSense and make the client port untagged for that VLAN. Finally, I cover the part that trips people up: firewall rules. By default, your new VLAN has an implied deny, so nothing gets out until you add rules on that VLAN interface. I also show the extra “built-in switch VLAN” step on devices like the Netgate SG-1100, and I give a real lockdown example using an IP camera VLAN that only allows DNS and NTP to the pfSense router—nothing to the internet.