L3 switching with pfsense
-
So I have a question with pfsense 2.8 which I really like now that I have run it. My gateways are much faster with lower RTT times. I think you did a good job on the code.
I run all my vlans in my Cisco L3 switch including DHCP which hands out gateway IP addresses for clients. There are no vlans defined on pfsense. So my setup is pfsense which has an IP address on a class C network between my L3 switch and pfsense. When I assign an IP address to pfsense for the LAN side should I add a gateway pointing to my layer 3 switch? My L3 switch then routes it back to pfsense at layer 3. All my clients on the connecting network between pfsense and my L3 switch have a gateway pointed to my Cisco L3 switch. I route from my L3 switch to the LAN pfsense IP address. It works and is very fast not adding a gateway for pfsense on the LAN side. I guess it works because they are directly connected, so maybe a gateway is not needed.Great work on 2.8.
-
@coxhaus said in L3 switching with pfsense:
All my clients on the connecting network between pfsense and my L3 switch have a gateway pointed to my Cisco L3 switch.
there should not be any devices on a transit/connector networks - this leads to asymmetrical flow..
-
@johnpoz I think a transit network sucks donkey dong. I tried it once and hated it. If you understand networking it should not be problem to by pass it.
If they make software changes to force that than I am out and I will find other software.
-
@coxhaus yeah you do you dude with your asymmetrical flow. Without a gateway, or your downstream router doing nat - how does pfsense even send traffic back to networks off downstream router.
Have fun with that nonsense..
Your setup sounds like a real mess..
-
@johnpoz My core big Cisco L3 switch had it for 15 years back before I retired. It is called networking.
I don't know why you are even replying to this as you run your Cisco switch as layer 2.
-
@coxhaus What a waste of a thread. I feel like pfsense let me down. I was considering plus but not now. I want to wait and see what happens.
-
@coxhaus sorry you did networking like for 15 years.. Sorry I call BS - nobody that has clue one would setup an asymmetrical mess like that..
What your doing is not networking.. My home switch is in L3 mode, I could route on it if I wanted to - I just have zero need too.. It would make my network less useful.. When I can have pfsense route and firewall between my segments..
As to why I am replying - I don't know 30 some years doing this.. Having been a network engineer for a fortune 100 company, a major MSP, and currently running a global network as my main gig..
But yeah ok - you do you.. And point some clients on what is your transit network to your downstream router.. Have fun with that.
-
@johnpoz You just don't get the different in working on layer 3 and layer 2. It is why you have default gateways and default routes and they are different. ThAT SEEMS TO BE OVER YOUR HEAD. Your firewall to the world is going to be layer 3. You are lost in pfsense and you can't see the forest for the trees.
Go away John please do not reply to my threads. I will try not to post any more here.And yes I ran a small team of network people a long time ago. I had over 4000 PCs and around 50 locations so get over it.
You ran me off last time and I went back to Cisco over pfsense. Look back in the threads years ago.
Plus pfsense was having routing issues or slowdowns on routing as I was doing layer 3 back then at home. Version 2.8 is fast now which is good. Having a connection of 10gig reduces your latency whether you run full 10gig or not. I have 1 gig of data on a 10gig connection. I think this is best you can do now for home. I have a Cisco 10gig layer 3 switch I plan to install soon. So I can push the extra data bandwidth.
