Home lab vlan config help
-
Actually, you probably want to leave the switch in layer 2 mode.
If you had this on pfSense:
LAN em0_vlan100
DMZ em0_vlan200
SRVRS em0_vlan300You would do something like this on the switch:
int gig 0
switchport mode trunk
switchport trunk allowed vlan 100,200,300Then all your firewalling will be done with pfSense.
Now if you want to use the switch in Layer 3 mode, creating virtual interfaces for the VLANs and using access lists, that's cool too. I have never really looked at it but I don't think those switches are stateful firewalls. Pretty much just packet filters.
-
The reason I like the idea of L3 switching is for my NAS and ownCloud: because they are not accessible from and do not have access to the internet it seems to make more sense not to pass them through pfSense - an unneeded hop.
-
Absolutely and the switch is routing at link speed whereas you have to throw a whole lot of hardware onto pfSense to have it routing 1Gb/s constantly.
-
That is a fine use for a layer 3 switch.
Please share your ACLs when you get something working.
-
Got the basic ACL's working, its pretty easy. I'll write a tutorial later.
-
I was just looking for the ACLs you used. But if you want to write a tutorial, all the better.
-
Yeah I'm gonna write one so no one else has to reinvent the wheel. I'll include screenshots and CLI commands.
-
good stuff! I've been eye'in a SG300 myself… Not sure if I need more then 10ports and if I want the PoE version. Only have 2 devices have could use.
-
The naming of those SG300 switches in regards to PoE capabilities is a bit … non-intuitive (P, PP, MP)
Other than that, to supply PoE to two devices I'd shoot for the -10P switch with the smallest amount of available power. Saves you two inserters and probably two walwart PSUs as well... -
Yeah I'm gonna write one so no one else has to reinvent the wheel. I'll include screenshots and CLI commands.
Can you hint it's availability in THIS thread, please. I'll get notified of it automatically then.
Thanks! -
I'm still working on the MAC ACL used for the wireless connection.
Expect a full tutorial in a day or two.
-
So I finally wrote a basic IPv4 ACL tutorial for the Cisco SG300 series (I've been busy with work).
It's really basic, it's a little guide for blocking traffic to 2 other VLANs and allowing all other traffic. With a little thinking someone could adapt it for more specific needs.
http://kb.the-pds.net/?p=66When I get some more time I'll post the tutorial on here.
