advice on physical layout plans for new PFSsense router setup
-
Either you setup VLANs in pfSense and use those as interfaces to route / filter between.
Or you use separate interfaces for each subnet. In which case any VLANs you might have would be all be handled in the switch.
If you have multiple switches and access points and are carrying multiple VLANs across them I would choose the VLANs in pfSense option. You only need one link between the switch and pfSense to carry all the trunked VLANs but that could be a LAGG of multiple Ethernet connections.
Steve
-
@stephenw10 Yeah I've got two Unifi USW-24-POE switches, a U6-Lite access point, and a U6-LR access point (all managed by a CloudKey Gen2) - the plan is to have all VLANs be available on each of those devices. None is an L3 device.
My initial plan was to have each NIC on the Protectli pfSense router dedicated to an individual VLAN, but it seems like maybe I'd be better off just aggregating a few of those ports and then trunking all the VLANs at once?
-
Yup, that's what I would do. Use two ports there to create an LACP LAGG to the first switch and trunk all the VLANs across that.
Steve
-
@alexeymohr said in advice on physical layout plans for new PFSsense router setup:
but it seems like maybe I'd be better off just aggregating a few of those ports and then trunking all the VLANs at once?
You loose control of which physical interface is actually used for traffic - and "depending" you could end up with hairpin traffic over the same physical interface for intervlan traffic.
I personally prefer more control and like placing vlans on specific physical interfaces so I am sure that intervlan traffic where there is a lot of it not possible to hairpin over the same physical interface.
If you have the ports not a problem doing this... Only thing lagg/lacp gets you is if 1 of the interfaces fail, cable fails or unplugged etc you don't loose connectivity.. I like control more than redundancy for interface failure..
-
Does anyone have any links/references to a step-by-step guide on how to achieve this setup using switches for VLANs (with/without LAGG)? Thanks!
-
There are a bunch of video walk throughs on YouTube. Tom Lawrence's probably the best. For example his LAGG tutorial: https://www.youtube.com/watch?v=VULKulpXBYU
-
@stephenw10 dude - bet you beer that is spammer.. Look at his other posts..
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 24.11 | Lab VMs 2.7.2, 24.11 -
Meh, could be.
-
@stephenw10 thank you so much!
-
@johnpoz Was this intended for me?
-
@johnpoz said in advice on physical layout plans for new PFSsense router setup:
stephenw10 dude - bet you beer that is spammer.. Look at his other posts.
Just his question made me wonder if he's serious. Physical layout? Really?
