Ethernet Ports… how many?
-
I plan on building my pfsense box this weekend. The MoBo I'm getting has two onboard Intel ethernet ports. One will be for my WAN connection to my FIOS ONT. The other will be for LAN. The LAN will go to my switch. I have a server that is handing out DHCP and DNS connected to the LAN.
1. Will this work if I turn off the DHCP/DNS in pfsense?
2. Would I connect my APs to the switch (not managed) to get wireless through my home?
3. Will I need more ports than that (i.e. for VLANs, etc.)? Checking on this as I'll order a NIC also.
Thanks again for all the help and input from everyone.
-
1. Sure. As long as somebody is doing those task.
2. Yes, in bridge mode if you can swing it, so one easy flat subnet.
3. Don't know, but if ur gonna buy anyway, it doesn't hurt. -
3. Will I need more ports than that (i.e. for VLANs, etc.)?
Well you certainly won't need ports for VLANs that's pretty much the point of VLANs. You can just run them on the LAN port.
However we do recommend not running tagged and untagged on the same port if possible. More ports is usually better in general, you'll probably find yourself using them at some point.
Steve
-
"Well you certainly won't need ports for VLANs that's pretty much the point of VLANs"
I do not agree with such a statement at all, sorry. Putting multiple vlans on the same physical interface hairpins any intervlan traffic and can be a huge it on the available bandwidth.
The point of vlans is isolation of networks, and yes tagging allows multiple networks/vlans to run over the same physical wire/interface.
But if your worried about bandwidth between these vlans or just in general the total available.. All vlans on a physical interface share the bandwidth… So through multiple on there when you could spread them over multiple physical interfaces would be better idea for sure.
-
@johnkeates:
Why is there another server doing DHCP and DNS? pfSense does both just fine and you get the DHCP host-in-DNS registration, DNS overrides and DNS-level filtering.
Super-duper fail-safe DHCP/DNS with Master-Slave boxes? Windows Enterprise can also be a convenient one-stop-shopping to manage all aspects of the LAN.
-
"Well you certainly won't need ports for VLANs that's pretty much the point of VLANs"
I do not agree with such a statement at all, sorry. Putting multiple vlans on the same physical interface hairpins any intervlan traffic and can be a huge it on the available bandwidth.
No argument from me there. But that's why I italicised 'need'. You don't actually need more interfaces to add VLANs. If someone was under the impression they needed a separate interface per VLAN I was hoping to correct that.
Of course having more total bandwidth available helps, though you might argue on a two port firewall 1Gbps it likely to be sufficient. ;)
I'll stick with my statement that the point of VLANs is to allow multiple network segments to occupy one transmission space; port, wire, LAGG etc.
Steve
-
Very true.. At a min you can get by with a 2 port box for the firewall sure could do a 1 arm bandit even.. I would feel better with 4.. The SG4860 I have, all of them are used up and the vlans are spread across the physical interfaces. There are some that share the same to be sure. But these are wireless vlans and no intervlan traffic between them so no hairpins, etc.
All comes down to what your plans for future might be. If what your putting together has no options of expansion of nics, then might be prudent to get a something with a couple extra just to cover you for something you might want to do 6 months from now, etc.
How many vlans to you plan on having out of the gate? Will there be any significant intervlan traffic between them where where you would be wanting to have full wire speed?
-
Using 3 of my 4 Ports on the Qotom
1: Wan
2: Fast Vlans (Just my 2 main vlans served)
3: The other Vlans (8..10 vlans)
4: Waiting for ?/Bingo
