Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Netgate SG-3100 - Can it host multiple internal LANs (NOT vlans)

    Scheduled Pinned Locked Moved Official Netgate® Hardware
    5 Posts 3 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jamesp81
      last edited by jamesp81

      As the question asks. A little background.

      My company needs to provide networking hardware to support a phone system upgrade we are performing for a partner. The chief requirements are 1) that the replacement router we provide can provide two internal LANs (not vlans) and 2) that it support site to site VPN.

      I'm pretty certain the SG-3100 provides on #2. My big question is about #1. The need here is that one of the phone system devices we are installing will have two NICs. One of these NICs will be on the main internal LAN, and the other will be in a different network that will accept traffic from outside. The outwardly facing NIC can be in a DMZ with a publicly routable IP address, or it can be behind a NAT. Either of those work fine, however, what it CAN'T be is inside the same LAN as the internal NIC.

      In case it matters, the phone equipment we are deploying is going to be deployed mostly as virtual machines running on a VMWare host. Every component except the physical interface between the PBX and the T-1 handoff from the telco will be virtualized, including the device I listed above that requires a private and public facing NIC.

      I am not strictly against doing VLANs for this, but I prefer to avoid it if possible. We have not needed to use VLANs up to this point, and I don't want to introduce any unknown elements to a new deployment that needs to go well.

      Edit: from my previous reading about the SG-3100, my perception is that the device only has three actual NICs. One for the WAN port, one for the OPT port, and one attached to a switch that provides the four "LAN" ports. That makes me think this should be possible. That is one port for WAN, one of the four switchports for the regular internal LAN, and the OPT port for a separate LAN to serve the needs of our dual NIC'd PBX device (in case it matters to the question, I would not be doing a public IP assignment here; I will be NATing traffic associated with the aforementioned device into the secondary LAN). I just want to make sure this is actually correct before buying anything.

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        You can but you will still be using VLANs internally because you are putting the switch ports on separate broadcast domains. Nothing outside the SG-3100 would know VLANs were involved though. They would just see untagged traffic.

        I would put it like this:

        If you want a device with two router ports and a four-port switch, I would get the SG-3100.

        If you want a device with six discrete router ports I would get the SG-5100.

        If all you need is one WAN and two LANs, though, you can use the SG-3100 and put WAN on WAN, LAN on LAN, and LAN2 on OPT1 without messing much with how it comes out of the box. All you would have to do is configure the OPT1 interface.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        A 1 Reply Last reply Reply Quote 0
        • A
          aah57 @Derelict
          last edited by aah57

          @derelict

          Hi Derelict,

          I believe your response pretty much answered my question. Just to confirm, the SG-3100 in addition to a 4-port switch, offers two logical ports, which each could have its own interface within pfSense. But, the SG-5100 has 6 logical ports, which enables you to assign either a WAN or LAN interface to each one separately?

          Essentially, I have 4 WANs (different ISPs - for multiwan and failover), and two LANs (different subnets). Should I go with the SG-5100 or the SG-3100 does the job as well? Thanks.

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            Yes. SG-3100 has two router ports and a trunk port to a 4-port switch. You can make multiple "interfaces" there using VLANs just like you can on any managed switch.

            SG-5100 has 6 router ports.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            A 1 Reply Last reply Reply Quote 1
            • A
              aah57 @Derelict
              last edited by

              @derelict Thank you. That could be a candidate for the fastest response time in the year 2018.

              1 Reply Last reply Reply Quote 1
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.