Before your VLAN configuration is complete, you must configure each of the switches that will be connected to the VLAN interfaces. The process will be different depending on which switch you are using; in this section, we will first discuss switch configuration in general, and then walk through a concrete example of VLAN switch configuration.

There will be differences in switch configuration depending on who the manufacturer is and what type of switch it is; however, all switch configurations include at least the following steps:

1. Trunk ports (the ports that connect the switch with the router and other switches) must be configured
2. The VLANs must be created
3. Ports must be assigned to the VLANs

Some switches also require you to configure a Port VLAN ID (PVID), which sets a default VLAN ID for each port.

Switches differ in the types of interfaces provided. Some provide only a command line interface; some provide a web-based interface; some provide both. Still others provide their own utilities for configuration. In cases where you have to use a vendor-provided utility to configure the switch, be aware that these utilities often do not have the ability to detect switches not on the current subnet, so you won't be able to configure the switch from another network.

Most switches support 802.1Q VLANs, but some also support port-based VLANs. With port-based VLANs, each port is statically assigned to a VLAN; any traffic that enters or exits the port does not have a VLAN tag. With 802.1Q VLANs, traffic entering a port assigned to a specific VLAN is tagged with an 802.1Q header. This allows for VLANs spanning multiple switches. Traffic between two nodes on the same VLAN and different switches can be sent out over a trunk port, which provides connectivity to other VLAN-capable switches. The switch on which the destination node resides will then recognize the destination port as a local switch port (by looking up the destination MAC address), and will send the traffic to the destination.

Since 802.1Q VLANs are supported by pfSense, we will use 802.1Q VLANs in the example. Assume that we have created two VLANs in pfSense: a DEVELOPERS VLAN (VLAN ID = 2) and an ENGINEERING VLAN (VLAN ID = 3). Our example demonstrates VLAN switch configuration with a Cisco switch. If you are deploying networks in a corporate environment, you are likely to encounter Cisco switches at some point, and they have even found their way into some SOHO networks.