Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Typical connection with L3 switch

    L2/Switching/VLANs
    3
    4
    830
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dono
      last edited by

      Hi. This is my first post here.
      After more than four months waiting, I finally received a notice from my local vendor that my pre-order for the Netgate 6100 Max will be shipping soon. While I am new to pfSense, I have some experience with Cisco networking. On the LAN side, I will be connecting the pfSense appliance to a L3 Cisco switch running about 10 VLANs. I see two options:

      1. Router on a stick. Create a trunk on the switch and subinterfaces for each VLAN on the pfSense appliance.
      2. A routed interface on the switch, creating a L3 interface. (The switch can do the necessary routing.)

      Typically when connecting to a router in a point-to-point configuration I would prefer option 2 as there is no need for a VLAN. However, I am unsure how this would affect my ability to create separate firewall rules for each VLAN. From the perspective of firewall rules, without the VLAN tags I suppose pfSense would see all "VLANs" as a single flat big subnet, right? That is not desirable, so that leaves router on a stick.

      With a L3 switch, what is the typical configuration? I would appreciate some feedback / suggestions.

      Thank you.

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @dono
        last edited by

        @dono said in Typical connection with L3 switch:

        so that leaves router on a stick

        Why is it a router on a stick? 6100 has multiple interfaces to work with. Why should all your vlans share 1 physical port?

        Router on a stick refers to when wan/lan are using the same physical interface.. If the router has more than 1 physical interface not really on a stick.. How many vlans you put on an interface is up to you, I wouldn't normally put high inter vlan traffic vlans on the same physical interface, etc.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        JKnottJ 1 Reply Last reply Reply Quote 0
        • JKnottJ
          JKnott @johnpoz
          last edited by

          @johnpoz said in Typical connection with L3 switch:

          Router on a stick refers to when wan/lan are using the same physical interface.

          Or when VLANs are used with all inter VLAN traffic having to go back to the router to move between VLANs. At least that's the example used in the Cisco training, IIRC.

          Of course, you'd need VLANs if you have both LAN & WAN on the same interface.

          PfSense running on Qotom mini PC
          i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
          UniFi AC-Lite access point

          I haven't lost my mind. It's around here...somewhere...

          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @JKnott
            last edited by

            @jknott anything that hairpins could be considered on a stick. But the 6100 is not going to force that type of setup for anything, it has plenty of interfaces to work with.

            He could chose to setup vlans that hairpin when they talk to each other - or he could set it up so vlans that talk use different physical interfaces. He has plenty of interfaces to work with ;)

            But to me the whole router on a stick term came from being forced to run a router with only 1 actual physical interface. I would not consider a router 8 physical interfaces "on a stick" ;)

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.7.2, 24.11

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.