Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [RESOLVED] pfSense config when using VLAN routing on an L3 switch

    Scheduled Pinned Locked Moved L2/Switching/VLANs
    7 Posts 3 Posters 761 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      simon_lefisch
      last edited by simon_lefisch

      Hey everyone,

      So I am looking at changing my setup a bit. I have a Netgear GS728TPv2 L3 managed switch and I would like to start using the routing feature of the switch for Inter-VLAN routing rather than have pfSense manage that. How would I go about configuring that?

      I already have the VLANs setup in pfSense (100=LAN, 200=WLAN, 201=Guest WLAN). All the VLANs in pfSense have a gateway of 192.168.xxx.1. How will this effect the use of Inter-VLAN routing on the switch?

      I've never done L3 switching and I have scouring the interwebz about the best way to set this up with my switch but it doesn't take into account how to setup pfSense, so I'm hoping someone can shine a little light on this if possible. As always, your help/advice is always appreciated. If you need anymore info, I will gladly provide it. TIA 😁

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        You would setup a new network/vlan to use as your transit.. You would then create a gateway, and static routes to your downstream networks..

        Create the rules you want on your transit to allow traffic from these downstream network to other networks/vlans still directly attached to pfsense.

        @Derelict has a nice drawing around here showing downstream router.. Might even be linked in his sig..

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 1
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          pfSense-Layer-3-Switch.png

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 2
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by johnpoz

            Yup that's it! Thanks..

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • S
              simon_lefisch
              last edited by simon_lefisch

              Awesome, thank you @johnpoz and @Derelict for your info. I will give this a try. Many thanks for both your guidance.

              EDIT: @johnpoz @Derelict Forgive the noob question, as this is the first time I will be attempting VLAN routing on an L3 switch. .....by creating this layout and configuring it correctly, I assume that the devices will still receive IPs from the DHCP servers set per VLAN in pfSense?

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by johnpoz

                No they will not.. Pfsense can only serve dhcp to network it has an interface in... You will have to run a different dhcp server and then use dhcp relay on your switch.

                Hope you understand that this drastically complicates your network, and really makes firewalling between vlans a pita - unless your L3 switch that has nice easy to use gui to manage its ACLs ;) like pfsense does.

                Other than a learning experience I really see no point to doing what your doing.. its much easier to just let pfsense handle the routing and the firewalling, and yeah the dhcp ;)

                Is your current pfsense not able to route at wire speed? Get a faster pfsense box ;) Or move your boxes that need full speed into the same network. Not like your going to be doing complicated firewalling with your L3 switch ;) hehehe So might was just put the boxes in the same network if speed is a problem that pfsense can not route at fast enough.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                S 1 Reply Last reply Reply Quote 0
                • S
                  simon_lefisch @johnpoz
                  last edited by

                  @johnpoz sorry for the late reply. I did scroll thru the web and found that you are correct. With that in mind, I will not enable Inter-VLAN routing on my switch. Thank you both for your knowledge and insight.

                  1 Reply Last reply Reply Quote 1
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.