Multi lan subnet on same physical interface
-
i ran into this issue when i was trying to add a virtual ip alias to the lan itnerface. i have a single wan connection and single lan but i need to create multiple ip subnets on the lan and give itnernet access to clients on both subnets but block communication between subnets, no i dont have a VLAN tagging switch so cant use that, subnets required r:
192.168.0.1/24
192.168.2.1/24so i used the virtual ip section and added an ip alias on the lan interface and the second subnet was created, but now the issue is how do we give out ip to clients using DHCP in the second subnet range because in current dhcp server settings u can only add static mapping for the current subnet which is the first 1 only
-
How are you going to determine what is computers are going to be in the 2.0/24 network? Static mapping only? Even if you did, the static mappings won't hand out the correct gateway, or DNS (if you are using pfsense). Are you doing this to gain more IPs in the LAN or to separate traffic between local resources?
-
static mapping for second subnet
i want to separate a few clients on my lan using a separate subnet so they can access the internet but not other lan devices on the first subnet, my switch doesnt support VLAN tagging, how would some1 go about this?
-
recent snaps have static mapping which also can hand out dns server, gateway etc if u try to add static mapping under dhcp server
-
If it a small enough number, I would just put them on static IPs. Otherwise, I don't know if this is possible.
-
just 2 clients at max
-
For just 2, I would just set them up with static IPs pointing to 2.1/24. Are they Laptops or something that requires the IP to be more dynamic?
-
but dhcp wont allow giving those ip out of the 0.1/24 subnet nor can i assign static maps in dhcp for 2.1/24 subnet. yes one is a laptop and the other a PC
-
That is because pfSense goes by the DHCP standard very strictly. You are only allowed to use one subnet per interface and it will only let you use the one assigned to the interface.
-
so i guess its more suited for SOHO type of networks without the extra flexibility
-
No it can do enterprise and complex installs but you will find in those environments they have switches that do Vlans and use Vlans to seperate the network
-
so i guess its more suited for SOHO type of networks without the extra flexibility
Usually SOHO is where you have those crazy requirements like this. In the enterprise, like anthonysomerset said, they would use VLANs. They could also just use another NIC.
pfSense is quite flexible. You can use it at home all the way to a datacenter to an enterprise office. -
considering datacenter, pfsense still cant give out subnet mask as 255.255.255.255 which usually isps do
-
I have been in 5 different datacenter setups and none handed out /32 addresses. Now I do know a couple of ISPs on DSL that did that, but they were home setups.
Update:
Actually none used DHCP even. They expected you to hard set an IP. -
No worthwhile colocation datacenter uses DHCP, they assign a dedicated VLAN to each customer. No ISPs assign /32 masks with the exception of point to point types of connectivity (PPP, PPPoE, etc.) where that's just how things work.
Real, serious networks don't put multiple subnets on the same broadcast domain. It's nuts the OP starts out with "i dont have a VLAN tagging switch", then goes on to claim this is some kind of "datacenter config". No, a datacenter would be using VLANs and doing things right, what you're describing is an amateur hack attempt that no one should ever do.
-
1and1 gives out /32, multacom used to earlier i guess and there r many data centers that give out /32 ips using dhcp
-
the part about VLAN, the reason i said that is coz i wanted to know if pfsense is capable of doing such a thing without a VLAN switch coz i dont have that as of now but would have to get one if it wasnt able to do the thing i wanted
-
Some large super low rent hosting providers will hand out /32s but very few. In that case it's a matter of doing things to scale a network extremely cheaply, it's still questionable, but it's one method you may see if you have a $5/month web hosting account. Most of us aren't thinking a $5/month web hosting account when you say "datacenter", no reputable colocation facility hands out IPs via DHCP. That's a technique to provide cheap crappy web hosting at large scale.
There are OSes including BSDs and others that will not function with a /32 IP because they will not ARP their gateway because ARPing something off a locally connected subnet is technically wrong.
What you're trying to do is a bad idea and to some degree impossible (serving multiple scopes off the same interface without statically defining everything in all but one scope isn't doable with anything). Handing out /32 DHCP IPs also doesn't do anything to prevent hosts from talking to each other where the person controls the host.
-
ok got it.
now can some1 tell me which is the cheapest VLAN switch i can find for home networks.
i wonder y switch firmware cant be hacked to enable VLAN tagging, most small switches use a realtek or broadcom chip -
Netgear GS108T is my personal favorite for a cheap managed fanless gigabit switch.
What features a switch supports depends on what its hardware supports, it's not like a typical firewall or router box where you can run basically everything on a CPU, the hardware itself has to support such things. In an unmanaged switch, that hardware support isn't there and you can't hack the hardware short of completely replacing it.