Is this possible??
phantom99b last edited by
I currently have a Pfsense box version 2.2.6 with 4 Ethernet ports on it, with 1 wan and 3 lan ports. I currently have the 3 Lan ports in a bridge and each port is going to a different switch. I am wanting to setup multiple vlans on all 3 switches. Is it possible to setup the vlans on a bridged interface or do I need to change from a bridged interface to a LAGG setup, or do I need to setup the vlans on each interface and bridge them? If I need to use LAGG will my setup still work with 1 port to each switch or will I have to purchase another switch to trunk all of the vlans to the other switches? I am currently doing 1 port to each switch due to no core switch. I have been trying to find any information on this topic, and I am having difficulty finding anyone with a setup similar to what I am trying to accomplish. Any help on this topic would be greatly appreciated.
heper last edited by
your current design isn't very good (and that's me being polite).
pfSense is not a switch, it'll never be a switch. Using it as a 'core' switch will result in horrible performance compared to a real switch.
its best to get a 5-8 port switch that can handle vlan's and trunk your vlans towards it (either by LAGG or only 1 interface, up to you)
I have been trying to find any information on this topic, and I am having difficulty finding anyone with a setup similar to what I am trying to accomplish.
The reason for this is exactly as Heper said: pfSense is not a switch (yet – future hardware could change this). You can't find anyone with a similar setup because it is not something anyone should do.
Attempting to use a bridge as a switch, especially uplinking to other switches that all carry the same networks, is not going to work out how you want. The performance will be poor, trunking is not going to work, etc.
There are plenty of good, inexpensive, managed switches with low port counts. TP-Link and Netgear have decent ones for well under $100 and they'd do a much better job than attempting to use router ports for switching.
The only way it might work is if each switch carried only one network, and they were each separate networks. In that case it would just be plain routing.
"to what I am trying to accomplish"
Which is what exactly? If what you want is 3 networks, and you already have 3 switches why are you bridging the interfaces on pfsense? As mentioned already interfaces on pfsense are not switch ports trying to make them so via bridging is not efficient and not going to get you performance anywhere close to what you would get with a switch.
You could run your 3 networks on pfsense interfaces and then connect them to switches where all devices on that switch would be on that network.
What sort of switches are you using now? What are their port density and are they just dumb switches with no vlan support? How many clients/devices do you have on your network and what are you wanting to accomplish by putting them on 3 different networks - I assume you want to firewall between these networks?
As mentioned already as well you can get low port density smart switches that do vlans for well under $100, under $50 quite possible in the 5 and 8 port density models. Why do you think you want/need to lagg to pfsense? Is this for failover or is your wan/internet connection much higher than your interface speed connected to your lan side networks?
If you could describe or better yet draw your dream network, then we can discuss the multiple ways and best ways to accomplish that goal.
phantom99b last edited by
Thank you for this information I will change my configuration and get a core switch. The reason I bridged the interfaces is so that the switches could utilize some of the additional bandwidth. I currently only have 10/100 switches and thought that if I bridged the interfaces which are gigabit I could better utilize the bandwidth, but now I understand that I was in that thought process.
Thank you for pointing me in the correct direction.