Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Connection Switch L3 and Firewall

    Routing and Multi WAN
    2
    5
    278
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      robertog last edited by

      Hello everyone!
      I hope someone can help me with my configuration…Below you can see it:

      firewall:
                    ip lan:  192.168.0.1/24
                    vlan68: 192.168.68.0/24
                    vlan69: 192.168.69.0/24
                    ip wan:  10.2.X.X/24 default gateway 10.2.x.x/24
      lan port connected with port 5 switch
      rules  lan/vlan68/vlan69 any any (just at moment...)

      switch L3:
                    ip lan: 192.168.0.3/24
                    vlan68: 192.168.68.0/24
                    vlan69: 192.168.69.0/24
      port 5 switch tagged for these vlan (68 and 69)
      default gateway 192.168.0.1

      If I ping from switch (192.168.0.3) to 8.8.8.8 is fine!
      ..........................................with source ip 192.168.68.x and 192.168.69.x to 8.8.8.8 not works...(:

      I hope someone can help me and thanks in advance!!!
      bye

      1 Reply Last reply Reply Quote 0
      • Derelict
        Derelict LAYER 8 Netgate last edited by

        You are calling it an L3 switch, but it looks like you are using it as an L2 switch. Or you're trying to do both which is nonsensical.

        A Layer 3 switch is just a router. A layer 3 switch VLAN without a VIF/SVI on it is just a Layer 2 switch.

        Need to know what, exactly, you are trying to do.


        1 Reply Last reply Reply Quote 0
        • R
          robertog last edited by

          Hello Derelict,
          thank you for your answer I confirm the switch is configured as layer 3 and I created interface vlan with ip address for each vlan.
          from your answer I understand that I have downgrade the switch in layer 2 and probably it will be fixed.

          Thank you very much for you help!
          Bye

          1 Reply Last reply Reply Quote 0
          • Derelict
            Derelict LAYER 8 Netgate last edited by

            There is nothing wrong with using the layer 3 capabilities of your Layer 3 switch to route packets if that's what you want to do.

            But if you want to use the firewall capabilities of pfSense between the VLANs then you really only need a Layer 2 switch and should not be putting VIF/SVI on the switch itself on that VLAN. That will make all traffic have to go though the firewall to get from VLAN to VLAN.

            You can do both but it's pretty much one or the other per VLAN.

            1 Reply Last reply Reply Quote 0
            • R
              robertog last edited by

              thank you again, to finish my explanation…still I have home router (no manage inter-vlan) so long time ago I bought switch Layer 3 to create different
              subnet for each department in my office.
              In few days I want to replace my router with the firewall and I thought to keep the same configuration for switch (it's a pity downgrade to L2)
              and the setup properly the firewall but I see nosense...

              bye

              1 Reply Last reply Reply Quote 0
              • First post
                Last post

              Products

              • Platform Overview
              • TNSR
              • pfSense Plus
              • Appliances

              Services

              • Training
              • Professional Services

              Support

              • Subscription Plans
              • Contact Support
              • Product Lifecycle
              • Documentation

              News

              • Media Coverage
              • Press
              • Events

              Resources

              • Blog
              • FAQ
              • Find a Partner
              • Resource Library
              • Security Information

              Company

              • About Us
              • Careers
              • Partners
              • Contact Us
              • Legal
              Our Mission

              We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

              Subscribe to our Newsletter

              Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

              © 2021 Rubicon Communications, LLC | Privacy Policy