pfSense to cisco 10gb
-
Hi,
I just got into the office an intel X550-T1 that i will install to my pfSense this evening instead of/or with a I350-T4
i was thinking of moving everything that is actually connected behind my switch SG350XpfSense+vlan ---- 10GB ----- switch(layer2) ------- 1GB/vlans
what would be the best solution here,
should i/can i set MTU to 9000 between the pfsense and the switch(layer 2) and 1500 from the switch to my device/server/pc ?
would be better to set the switch as layer 3 and manage vlan there? but that would make a double nat i suppose
pfSense ----10GB(vlan1 untagged only) --- switch (layer3)+vlan ---- 1GB/vlansalso, it would be interesting if there is a way to test this 10GB from the pfsense to the switch.. ?
any suggestion?
-
@kiokoman said in pfSense to cisco 10gb:
should i/can i set MTU to 9000 between the pfsense and the switch(layer 2) and 1500 from the switch to my device/server/pc ?
It won't do much good to have the 9000 MTU at one end only. Set everything on the network to the same MTU. Also, if you go with 9000, you'll have to connect WiFi through a router, rather than directly on the LAN, as it can't handle 9000 MTU.
-
@JKnott said in pfSense to cisco 10gb:
@kiokoman said in pfSense to cisco 10gb:
should i/can i set MTU to 9000 between the pfsense and the switch(layer 2) and 1500 from the switch to my device/server/pc ?
It won't do much good to have the 9000 MTU at one end only. Set everything on the network to the same MTU. Also, if you go with 9000, you'll have to connect WiFi through a router, rather than directly on the LAN, as it can't handle 9000 MTU.
+1
Re the "would be better to set the switch as layer 3 and manage vlan there? but that would make a double nat i suppose
pfSense ----10GB(vlan1 untagged only) --- switch (layer3)+vlan ---- 1GB/vlans"Just because your thinking of creating SVI interfaces on the switch doesn't mean it will be doing NAT.
You'd just need to put static routes on pfSense pointing to the handoff interface.
How many 10GB interfaces does the switch have ?
-
the switch have 2 x rj45 + 2 sfp+ port 10gb + 24 port 1000
but for the moment i have only pfSense with a network card able to do 10GB
-
Is it only 10G between the switch and pfSense then?
In that case you are probably adding complexity for little or no gain if the the routed traffic is on the 1G switch ports.
If you use the switch in Layer3 mode the traffic won't ever go across the 10G link.
Interesting as an experiment only perhaps.
Steve
-
yes i'm experimenting. you know that i love it
but i think i will leave the switch as a layer 2 for the moment at least. i love the dhcp server of pfsense and all the static ip i've set. plus it would be a pain to move the ipv6 tunnel from pfsense to the switch..
i must wait the week end to adjust stuff better -
@kiokoman said in pfSense to cisco 10gb:
yes i'm experimenting. you know that i love it
I just tried experimenting with WiFi MTU. The most I could get is 2304, which is the max specified. Apparently there is some support for jumbo frames at 7935, but my ThinkPad won't do that.
PfSense running on Qotom mini PC
i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
UniFi AC-Lite access pointI haven't lost my mind. It's around here...somewhere...
-
If you have loads of VLANs with firewall rules I'd suggest create a trunk between your firewall and the switch, let the router deal with the firewall task.
ACLs are a pain in the arse to deal with on Cisco switches, if the 350x can even do ACLs.
The only benefit you'll see would be if you were to connect something like a NAS to the second 10GB port IMO.
-
@JKnott said in pfSense to cisco 10gb:
@kiokoman said in pfSense to cisco 10gb:
yes i'm experimenting. you know that i love it
I just tried experimenting with WiFi MTU. The most I could get is 2304, which is the max specified. Apparently there is some support for jumbo frames at 7935, but my ThinkPad won't do that.
I did some more research on this. This is from "802.11n A Survival Guide" by Matthew Gast, page 41.
"Frame Changes
The 802.11 data frame is only slightly changed by 802.11n. Figure 5-1 shows the format
of an 802.11 Data frame as modified by 802.11n. The major changes from the tradi-
tional 802.11n Data frame are the increase in size, the addition of the optional HT
Control subfield, and the fact that the QoS Control field is utilized extensively in block
acknowledgment. The payload of the MAC is increased about fourfold, which can be
used to aggregate higher-layer frames together for efficiency."So this, if implemented, would provide better efficiency and could use jumbo frames According to the book, there are 2 types of aggregation to support large frames. There is A-MSDU, which supports about 8 KB and A-MPDU, about 64 KB. I expect the 7935 bytes I mentioned above would be A-MSDU.
Matthew Gast is one of the IEEE 802.11 engineers.
-
i've installed the card yesterday. all seems to work without problem. MTU still set to 1500. to be honest i saw a not that high .. but noticeable increase of performance on my network like browsing the cisco web interface and browsing the pfsense interface are more responsive. the routing are done from pfsense. i will experiment with MTU tomorrow since i work even on saturday ..
-
well i can't set MTU to 9000. raspberry does not support MTU greater than 1500, and i have one with kodi that i use with my NAS and one configured as ntp server
