Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense as ethernet router? versus cisco sg-300….

    Scheduled Pinned Locked Moved Hardware
    4 Posts 3 Posters 3.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      ineti
      last edited by

      Hi,

      I'm currently using a cisco-sg-300 in layer-3 mode. It is very fast but not the best solution for my internal firewalling.
      I'd like to use the cisco as a layer-2 switch und I'd like to do my pfSense box the internal subnet routing (much smoother firewalling in pfSense).

      Would a Atom D525 be sufficient to da gigabit routing?

      Have a look at my current layer-2 und layer-3 layout at those links:

      http://www.köller.de/pics/layer3.png
      http://www.köller.de/pics/layer2.png

      the pfsense box is in subnet 10.1.5.0 aka vlan5 and just doing the outbound traffic…It has 2 NICs...I would just add another dual gigabit card to it...

      So the new topology would be:

      10.1.2.0 (Servers)---------------> pfSense
      10.1.3.0 (cabled clients) ---------------> pfSense
      10.1.4.0 (wifi) ---------------------------> pfSense

      pfSense should do the routing and firewalling; the cisco sg-300 would go to layer-2 mode and host some vans tagged and untagged...

      I'd like to abandon the cisco as a router not only because of it's crappy rule setting but also because it doesn't do IPv6 routing, that my ISP will enable soon in native mode...Sure I could use the pfSense for internal ip6 routing and the cisco do the ip4 routing, but I don't want to service two systems...

      I hope someone can help me.

      Marcus

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        @ineti:

        Would a Atom D525 be sufficient to da gigabit routing?

        No.  ;)
        You will get something like ~550Mbps with a D525.
        Instead you should use one of the low end Sandybridge CPUs which are similarly priced and only consume slightly more power. E.g.:
        http://forum.pfsense.org/index.php/topic,45439.0.html

        Steve

        1 Reply Last reply Reply Quote 0
        • N
          Nachtfalke
          last edited by

          But you should ask yourself if it is neccessary that there is an avarage of gigabit bandwidth used or if gigabit is only a peak. But the CPU is to low for that - you are additionally using a proxy and VPN which need CPU power.

          1 Reply Last reply Reply Quote 0
          • I
            ineti
            last edited by

            Thanks for the fast replies.

            I think I'll stay with my current setup and use the cisco for ip4 routing…I need the gigabit speed to access my file servers in 10.1.2.0/24 in a proper way.
            I'll just add another NIC to my pfsense and let it do the ip6 traffic....

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.