[RESOLVED] pfSense config when using VLAN routing on an L3 switch
-
Hey everyone,
So I am looking at changing my setup a bit. I have a Netgear GS728TPv2 L3 managed switch and I would like to start using the routing feature of the switch for Inter-VLAN routing rather than have pfSense manage that. How would I go about configuring that?
I already have the VLANs setup in pfSense (100=LAN, 200=WLAN, 201=Guest WLAN). All the VLANs in pfSense have a gateway of 192.168.xxx.1. How will this effect the use of Inter-VLAN routing on the switch?
I've never done L3 switching and I have scouring the interwebz about the best way to set this up with my switch but it doesn't take into account how to setup pfSense, so I'm hoping someone can shine a little light on this if possible. As always, your help/advice is always appreciated. If you need anymore info, I will gladly provide it. TIA
-
You would setup a new network/vlan to use as your transit.. You would then create a gateway, and static routes to your downstream networks..
Create the rules you want on your transit to allow traffic from these downstream network to other networks/vlans still directly attached to pfsense.
@Derelict has a nice drawing around here showing downstream router.. Might even be linked in his sig..
-
-
Yup that's it! Thanks..
-
Awesome, thank you @johnpoz and @Derelict for your info. I will give this a try. Many thanks for both your guidance.
EDIT: @johnpoz @Derelict Forgive the noob question, as this is the first time I will be attempting VLAN routing on an L3 switch. .....by creating this layout and configuring it correctly, I assume that the devices will still receive IPs from the DHCP servers set per VLAN in pfSense?
-
No they will not.. Pfsense can only serve dhcp to network it has an interface in... You will have to run a different dhcp server and then use dhcp relay on your switch.
Hope you understand that this drastically complicates your network, and really makes firewalling between vlans a pita - unless your L3 switch that has nice easy to use gui to manage its ACLs ;) like pfsense does.
Other than a learning experience I really see no point to doing what your doing.. its much easier to just let pfsense handle the routing and the firewalling, and yeah the dhcp ;)
Is your current pfsense not able to route at wire speed? Get a faster pfsense box ;) Or move your boxes that need full speed into the same network. Not like your going to be doing complicated firewalling with your L3 switch ;) hehehe So might was just put the boxes in the same network if speed is a problem that pfsense can not route at fast enough.
-
@johnpoz sorry for the late reply. I did scroll thru the web and found that you are correct. With that in mind, I will not enable Inter-VLAN routing on my switch. Thank you both for your knowledge and insight.