Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    setting up 2 Internets coming from 2 mikrotiks to 1 pfsense box with 2 nics and unmanaged switch

    Scheduled Pinned Locked Moved General pfSense Questions
    16 Posts 7 Posters 1.9k Views 7 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R Offline
      RaiN 0
      last edited by

      So I'm setting up this dell optilex as a pfsense box, it had 1 Ethernet port but I bought a second one for it and installed it. I also got an unmanaged switch. Now when I connect the 2 mikrotik Cables to the switch and connect the switch to 1 of the Ethernet ports and setup 2 vlans I cannot connect to the ISP after setting up each vlan as a PPPOE interface and spoofing mac. So my question is how am i supposed to do this . I also need a cable going out from the pfsense box to a DDWRT wifi router that I will use for the house.
      Thanks in advance for the help.

      1 Reply Last reply Reply Quote 0
      • JKnottJ Offline
        JKnott
        last edited by

        PfSense? Microtik? DDWRT? Perhaps you'd better include a sketch, so we know what you're talking about. Also, where are you setting up the VLANs? What is their purpose in this situation?

        PfSense running on Qotom mini PC
        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel 1 Gb Ethernet ports.
        UniFi AC-Lite access point

        I haven't lost my mind. It's around here...somewhere...

        1 Reply Last reply Reply Quote 0
        • johnpozJ Offline
          johnpoz LAYER 8 Global Moderator
          last edited by

          If you want to do vlans you need a vlan capable switch... Or you need different physical switch for each vlan.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

          1 Reply Last reply Reply Quote 0
          • R Offline
            RaiN 0
            last edited by RaiN 0

            @johnpoz said in setting up 2 Internets coming from 2 mikrotiks to 1 pfsense box with 2 nics and unmanaged switch:

            If you want to do vlans you need a vlan capable switch... Or you need different physical switch for each vlan.

            is it possible to make this setup happen with 2 NICs and 1 unmanaged switch? In other terms, is it possible to plug this switch to 1 NIC and plug 1 PPPOE cable into it and use one of its port as a LAN port for the wifi router

            JKnottJ 1 Reply Last reply Reply Quote 0
            • JKnottJ Offline
              JKnott @RaiN 0
              last edited by

              @rain-0 said in setting up 2 Internets coming from 2 mikrotiks to 1 pfsense box with 2 nics and unmanaged switch:

              @johnpoz said in setting up 2 Internets coming from 2 mikrotiks to 1 pfsense box with 2 nics and unmanaged switch:

              If you want to do vlans you need a vlan capable switch... Or you need different physical switch for each vlan.

              is it possible to make this setup happen with 2 NICs and 1 unmanaged switch? In other terms, is it possible to plug this switch to 1 NIC and plug 1 PPPOE cable into it and use one of its port as a LAN port for the wifi router

              We really need to know more about what you're doing. VLANs are typically used to create logically separate networks. In order to create a VLAN in that situation, you need a managed switch. Unmanaged switches can pass VLANs, but you still need to configure them elsewhere, such as at a router or on individual computers. Given that you're now talking about 2 NICs, I assume you're talking about the WAN side of this. In this case, you'd have 2 interfaces to configure. Same with VLANs, except one would be the VLAN. However, you'd still need some way to create the VLANs. However, without further info, I'm just guessing at what you're trying to do.

              PfSense running on Qotom mini PC
              i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel 1 Gb Ethernet ports.
              UniFi AC-Lite access point

              I haven't lost my mind. It's around here...somewhere...

              R 1 Reply Last reply Reply Quote 0
              • R Offline
                RaiN 0 @JKnott
                last edited by RaiN 0

                @jknott Hmm, i'll re-explain and try to be more clear. I have 2 NICs in my box and I have an unmanaged switch. I have 2 internet connections each coming in a seperate cable. I want to load balance them so I can get faster speeds when downloading large files. How can I achieve this with the hardware I have if I also want a cable out of the box into a wifi router that serves wifi inside the house.

                1 Reply Last reply Reply Quote 0
                • johnpozJ Offline
                  johnpoz LAYER 8 Global Moderator
                  last edited by johnpoz

                  @rain-0 said in setting up 2 Internets coming from 2 mikrotiks to 1 pfsense box with 2 nics and unmanaged switch:

                  so I can get faster speeds when downloading large files.

                  It doesn't work that way.. Are you going to be doing multiple sessions like over torrents/p2p or downloading a large file over a server that would be via 1 session?

                  Where did you learn the term vlan? I am guessing you don't actually understand what it means or how it is accomplished.

                  Sounds like you have 1 switch with 2 nics and want at min 3 different networks. Trying to run multiple tagged vlans over a dumb switch is just plain borked.. Trying to run multiple layer 3 on the same layer 2 is borked..

                  If you want to run 3 different networks over a switch that connect to 2 physical nics on your router then get a vlan capable switch - Period and of story.. Talking about "what" could be done in some jury rigged hacked up BORKED config is beyond the scope of what should be discussed. If you want to talk what "can" actually be done and works techy wise over a few beers and your tech buddies have at it. But suggesting such stuff here where 100's if not 1000's of new users and not so techy users read is just plan bad practice.

                  It comes down to these basic facts - if you want to use vlans, then you need a switching infrastructure that understands and supports the tags.. Talking about what current modern dumb switches do or don't do with the tags is not the point..

                  You have 2 internet connections, you have hardware to run pfsense on, you clearly must have multiple devices behind this router, etc. You can afford a freaking $30 switch that can do vlans correctly.

                  Come back when you have either a smart switch that can do vlans, or get another nic in your router if you want to run 3 different networks.

                  That all being said - your not going to see faster downloads over 2 internet connections downloading http://whatever.com/file.zip

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                  R 1 Reply Last reply Reply Quote 0
                  • R Offline
                    RaiN 0 @johnpoz
                    last edited by

                    @johnpoz thank you for the super passive aggressive reply. When it comes to this place or the arch linux forums people decide to be just plain pricks. Get your act together and thanks once again

                    ivorI 1 Reply Last reply Reply Quote 0
                    • JKnottJ Offline
                      JKnott
                      last edited by

                      I don't want to be super passive aggressive, but I have to agree with johnpoz. You can't just connect 2 ISP connections and expect to get load balancing. As stated above, you need multiple users to get balancing. One user would be over one connection and the next over the other. The more users you have the closer you can get to balanced traffic over the 2 links. One other consideration is that unless you're properly configured for this sort of thing, the 2 ISPs will provide different addresses, which rule out sharing traffic between the 2 for balancing. If you were to set up load balancing properly, you'd need to use a method that balances the traffic. Look up redundancy protocols. You'd also have your own IP address block, which both ISPs can route to.

                      Stop and think a moment about what you're trying to do. With TCP, a connection is set up between 2 addresses. If you have 2 routers on different ISPs, those routers will have different addresses. Now, when you try to send packets from that TCP connection, what will be the source address? If you try to send alternately between the 2 routers, half the packets will have the wrong source address for that TCP connection, which means it will fail.

                      With redundancy protocols, virtual routers are created, so that no matter which path is taken, they still have the same address. They will also use virtual MAC addresses, so that a computer behind them has no idea which router is used. It's just transparent. One method used to balance the load is for the ARP requests to return a different MAC address for the same IP, so that each user can be assigned to one of the available routers. So, first user gets the first router, 2nd gets the 2nd, etc. The more users, the better they're distributed over the available links and the better the overall load is balanced. Another method, which could work with more than one ISP is to simply hand out different router IP addresses, so that a user will always use the same router.

                      As you can see, load balancing is more than just connecting multiple ISPs to a router.

                      Here's some info:
                      Virtual Router Redundancy Protocol

                      PfSense running on Qotom mini PC
                      i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel 1 Gb Ethernet ports.
                      UniFi AC-Lite access point

                      I haven't lost my mind. It's around here...somewhere...

                      1 Reply Last reply Reply Quote 0
                      • ivorI Offline
                        ivor @RaiN 0
                        last edited by

                        @rain-0 said in setting up 2 Internets coming from 2 mikrotiks to 1 pfsense box with 2 nics and unmanaged switch:

                        @johnpoz thank you for the super passive aggressive reply. When it comes to this place or the arch linux forums people decide to be just plain pricks. Get your act together and thanks once again

                        There's no need for this. Johnpoz is trying to help.

                        Need help fast? Our support is available 24/7 https://www.netgate.com/support/

                        1 Reply Last reply Reply Quote 0
                        • A Offline
                          aclouden
                          last edited by

                          The simple answer to your question bro is you cannot do this with the switch you have. You need at least a L2 managed switch to do this the right way. 2 WAN links will not double you bandwidth either. What you have been told (as far as I know) is completely correct. JohnP might be abrasive but he is correct from a technical perspective. For a cheap managed switch stay away from Trendnet. I don't think they handle vlans properly. For a consumer grade switch, a Netgear or a Dlink will do. Personally, depending on what you internal requirements are, a used Cisco Catalyst or an Adtran Netvanta would work wonders. But the others would work too...

                          Good day to you.
                          ACL

                          JKnottJ 1 Reply Last reply Reply Quote 0
                          • JKnottJ Offline
                            JKnott @aclouden
                            last edited by

                            @aclouden said in setting up 2 Internets coming from 2 mikrotiks to 1 pfsense box with 2 nics and unmanaged switch:

                            For a cheap managed switch stay away from Trendnet

                            I don't know about Trendnet, but that's certainly the case with TP-Link.

                            PfSense running on Qotom mini PC
                            i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel 1 Gb Ethernet ports.
                            UniFi AC-Lite access point

                            I haven't lost my mind. It's around here...somewhere...

                            1 Reply Last reply Reply Quote 0
                            • jimpJ Offline
                              jimp Rebel Alliance Developer Netgate
                              last edited by

                              @jknott said in setting up 2 Internets coming from 2 mikrotiks to 1 pfsense box with 2 nics and unmanaged switch:

                              @aclouden said in setting up 2 Internets coming from 2 mikrotiks to 1 pfsense box with 2 nics and unmanaged switch:

                              For a cheap managed switch stay away from Trendnet
                              I don't know about Trendnet, but that's certainly the case with TP-Link.

                              That isn't universal, though. The low-end/cheap TP-Links can be iffy, there is a long thread about how they suck, but the 1Us like the TL-SG2216 or the T1600G-28TS/TL-SG2424 have been great in my experience.

                              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                              Need help fast? Netgate Global Support!

                              Do not Chat/PM for help!

                              JKnottJ 1 Reply Last reply Reply Quote 0
                              • JKnottJ Offline
                                JKnott @jimp
                                last edited by

                                @jimp

                                Perhaps, but I'll still avoid TP-Link entirely, as they clearly have some incompetent people. Perhaps if enough people discuss this problem they'll hear about it and get the message.

                                PfSense running on Qotom mini PC
                                i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel 1 Gb Ethernet ports.
                                UniFi AC-Lite access point

                                I haven't lost my mind. It's around here...somewhere...

                                1 Reply Last reply Reply Quote 0
                                • DerelictD Offline
                                  Derelict LAYER 8 Netgate
                                  last edited by Derelict

                                  When you can get a Brocade ICX6430-24 on eBay for $75 I have no idea why anyone would buy anything less at the gigabit level.

                                  Chattanooga, Tennessee, USA
                                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                  1 Reply Last reply Reply Quote 0
                                  • A Offline
                                    aclouden
                                    last edited by

                                    Sorry guys.. I meant the TP-Link devices..... My bad...

                                    1 Reply Last reply Reply Quote 0
                                    • First post
                                      Last post
                                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.