4. 2 WANS with dedicated routing - VLANs or not?

2 WANS with dedicated routing - VLANs or not?

  • Y

    I am currently running pfsense version 2.4.0 on a Supermicro A1SRi board.

    My setup is fairly standard / basic… the only thing I changed from the default setup was I enabled a LAGG group for the LAN side using 2 of the ports (using LACP).

    I have a managed switch (TP Link TL-SG2216) which is also on default settings except for the LAGG group setup for the 2 LAN ports on the pfsense box.

    I currently have a single WAN port but am having a new install setup tomorrow which will give me another WAN.

    I would like to create the following setup (I already have the spare port for WAN1):

    WAN0 - for half my network
    WAN1 - for the other half of my network

    Would VLANs be the recommended route for this? I am not looking for load balancing... I would just like to split my network and have each route out through a specific WAN.... although failover would be nice if either WAN went down. I would also like each network to see and be able to talk to each other (on the LAN side).

    Any pointers / advice on how I could set this up would be much appreciated. My experience in this area is extremely limited, and I am not sure where to begin. There are a million posts here on this topic, somewhat similar, yet different.

    Thanks!

    0
  • LAYER 8 Netgate

    Multi-WAN doesn't really care if you use VLANs or not. VLANs happen at Layer 2 of the OSI model.

    If you need to leverage one physical port into two logical Layer 2 networks (two WANs) you can certainly do that.

    "Best practices" dictate that you not use the same physical switch for WAN (outside) and LAN (inside) traffic. Reality dictates that it is done all the time (as I do here, since I trust my switch.)

    I have two VLANs with two untagged ports on each. One VLAN has my cable modem and pfSense WAN on it. Another VLAN has my DSL modem and pfSense WAN2 on it.

    0
  • Y

    @Derelict Thanks for the response!

    My pfsense box has 4 ports. I have my TP-Link switch connected to 2 of then (LAN side tied as a LAGG). My cable modem is directly connected into port 3 (WAN) and is using DHCP, and I will be using the 4th port for my additional WAN which is supposed to be hooked up today (also DHCP).

    I am not sure if this setup still warrants using VLANs, or if there is another / better way to route specific traffic / machines to WAN0 vs WAN1.

    Thanks!

    0
  • LAYER 8 Netgate

    pfSense Multi-WAN does not care if they are VLANs or physical interfaces. It works the same way.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy