Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VLAN - Member - Just L2

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 2.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      B-C
      last edited by

      Basically I'm thinking of using PFSense as a L2 Gateway…

      Using a Core switch to do the VLAN routing and the PFSense as the Edge Firewall & NAT.

      Center of the network in a lab building will be a 48port switch with most buildings being connected directly to it.

      Other buildings primarily wireless but wired to 24 port in each fiber uplink to Lab.

      VLANs and iprouting on switch.

      From what I see - I can't do DHCP on pfsense if it is not doing the vlan routing correct?
      Don't see DHCP unless I give the VLAN on pfsense an IP address...
      But when I give it an IP address it automatically sets up default routing for that VLAN vs just being a member and being able to untag/tag its traffic.

      I can have the switch do the DHCP scopes - will work - but its only a 1920-48G so not very advanced but works for our needs.

      I know I could just do a larger /8 /16 subnet and not have to assign the vlans to the pfsense for IPRouting - however adding the vlans will give me the ability to do traffic shaping on each VLAN if I understand correctly - is that Correct?

      INet comes from an Edge building and planning to just place the PFSense in that building vs building a non-routed vlan back to LAB and placing pfsense there - just seems be adding too many failure points for my "short fuse"...

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        huh??

        If your going to use pfsense as your edge/nat have some L3 core switch do all your intervlan routing.. Why do you have to do anything with pfsense and the vlans?  The only network pfsense would be connected to would be the transit network you setup between it and your downstream router.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • B
          B-C
          last edited by

          reason being is it is possible at that edge - Using a PFSense with multiple GBit Ports

          • Trunk Not necessary just was wondering if possible..

          • would have preferred for it to handle DHCP but see that isn't possible if it is not handling the Routing for the VLANs correct?

          • Just have it on the transit Network - agreed - just need to make sure add the routes for the other vlans so it knows where to send the traffic…  or yes use /16 if networks are within the B ranges - just prefer the routed method sometimes.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.