Configuring sg-2440 opt sockets

detox

Hello All!

I have purchased a sg-2440 appliance and would like to use 3 of the OPT ports in addition to the LAN port, on the same network.

I have the LAN Port set as 192.168.10.1  with DHCP active.  So, If I attach a switch behind this port, all PC's pull IP's and I have internet for all.
I'd like for OPT 1,2 to join in.  I have read what I can find but cannot see any help in this.
Can someone explain how to include multiple ports with 1 network?

Thanks

KOM

There is a big difference between wanting to do something because you can, and doing something because you need to.  I wouldn't bother with the OPT ports if you only have the one network and everything is working.  I use OPT1 for my DMZ so that my NATed servers are separated from my LAN.

detox

KOM
Thanks for the response.  The reason I bought that specific one was for the horsepower that was not available on the base unit.  Now I'm trying to figure out how to use some of the OPT ports.
Saying that, your advise is very sound.  I will use the main LAN port and leave the OPT ports alone for now.
Thanks again!

stephenw10

Pretty much what KOM said.  ;)

It is possible to bridge the ports and put them in the same subnet but it's almost always a bad idea. A switch on the  LAN is going to be better than bridging interfaces on the firewall in most ways.

If you need devices to be in the same subnet but also need to filter the traffic it can be useful. For example if you had a media server that can only be 'discovered' if it's in the same subnet but you also want to filter which clients can reach it.

Of course if you have those ports available and this isn't a production device then experiment away.  :)
Just make sure you have a backup config available as it's easy to get locked out when configuring bridges.

Steve

Guest

I'd like for OPT 1,2 to join in.  I have read what I can find but cannot see any help in this.
Can someone explain how to include multiple ports with 1 network?

On top of the bridge method shown by @stephenw10 you could try out two
other options that will run nice.

1.) You may create a LAG (LACP) with all three LAN ports to the switch that must be then also
supporting that LAG (LACP)! Cons, are that you will be creating one big pipe that is shown then
also as one Port only.

2.) You may need for this option also only dump switches that are coming without any web interface,
CLI or program to insert configurations.
set up for each Ethernet or LAN port one subnet likes;
eth 1 / LAN Port 1 = 192.168.1.0/24
eth 1 / LAN Port 2 = 192.168.2.0/24
eth 1 / LAN Port 3 = 192.168.3.0/24

And then you connect to each LAN port a dump switch that is then high up the entire port density
of your whole network! For sure this is based then on plain routing and not only one great network
but based on the routing capacity of your pfSense you will be able to regulate all your client PCs
and network devices that will be enrich the entire network too.

Not really 100% matching your criteria and what you want but able to realize with dump switches
without configuring them too.