Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    2 WANS with dedicated routing - VLANs or not?

    Scheduled Pinned Locked Moved Routing and Multi WAN
    4 Posts 2 Posters 436 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Y
      ytn
      last edited by

      I am currently running pfsense version 2.4.0 on a Supermicro A1SRi board.

      My setup is fairly standard / basic… the only thing I changed from the default setup was I enabled a LAGG group for the LAN side using 2 of the ports (using LACP).

      I have a managed switch (TP Link TL-SG2216) which is also on default settings except for the LAGG group setup for the 2 LAN ports on the pfsense box.

      I currently have a single WAN port but am having a new install setup tomorrow which will give me another WAN.

      I would like to create the following setup (I already have the spare port for WAN1):

      WAN0 - for half my network
      WAN1 - for the other half of my network

      Would VLANs be the recommended route for this? I am not looking for load balancing... I would just like to split my network and have each route out through a specific WAN.... although failover would be nice if either WAN went down. I would also like each network to see and be able to talk to each other (on the LAN side).

      Any pointers / advice on how I could set this up would be much appreciated. My experience in this area is extremely limited, and I am not sure where to begin. There are a million posts here on this topic, somewhat similar, yet different.

      Thanks!

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Multi-WAN doesn't really care if you use VLANs or not. VLANs happen at Layer 2 of the OSI model.

        If you need to leverage one physical port into two logical Layer 2 networks (two WANs) you can certainly do that.

        "Best practices" dictate that you not use the same physical switch for WAN (outside) and LAN (inside) traffic. Reality dictates that it is done all the time (as I do here, since I trust my switch.)

        I have two VLANs with two untagged ports on each. One VLAN has my cable modem and pfSense WAN on it. Another VLAN has my DSL modem and pfSense WAN2 on it.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • Y
          ytn
          last edited by

          @Derelict Thanks for the response!

          My pfsense box has 4 ports. I have my TP-Link switch connected to 2 of then (LAN side tied as a LAGG). My cable modem is directly connected into port 3 (WAN) and is using DHCP, and I will be using the 4th port for my additional WAN which is supposed to be hooked up today (also DHCP).

          I am not sure if this setup still warrants using VLANs, or if there is another / better way to route specific traffic / machines to WAN0 vs WAN1.

          Thanks!

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            pfSense Multi-WAN does not care if they are VLANs or physical interfaces. It works the same way.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.