SG-3100 Unconventional Multiwan?

  • Searching on SG-3100 multiwan, I see howtos for load balancing and failover. Instead, I'm hoping to connect 3 independent VLANs to the WAN port (connected to "ISP #1") and 3 independent VLANs to the OPT1 port (connected to "ISP #2"). I then want to send all 6 VLANs (tagged) out the LAN2, LAN3 and LAN4 ports.

    Is this possible? Hints or links appreciated. Thanks.

  • Netgate Administrator

    VLANs on different NICs are treated as different interfaces. So what you would have there is 6 external interfaces.

    You can then create 6 VLANs on the LAN NIC to have 6 internal interfaces. pfSense will route/NAT between them as required. If you only want those VLAN available on LAN ports 2-4 you would need to configure the switch to dot1q mode and exclude LAN1 from those VLANs.

    However it sounds like there may be more to it that that. What exactly is on the three VLANs coming from the ISPs? How do you need to access them?


  • Think of the 3 VLANs as "Trusted, "Guest" and "IoT". I'd like each VLAN to be isolated from each other but be able to access their respective ISP.

    I am reading and watching Youtube and experimenting with the SG-3100 and have made some progress with my understanding. Two things I'll be trying to solve today is how to get a VLAN I've created to route through the OPT1 interface, and how to get all of my VLANs using IPv6. I can get IPv6 addresses on my ISP #1 "Trusted" VLAN but not on it AND my ISP #1 "Guest" VLAN. I haven't had think about IPv6 for years so my IPv6 chops need some refreshing!

  • I'll answer my original question: Yes, this can be done. It only took this non-IT guy 2 days of reading, watching and experimenting.

    I come from the DD-WRT and Tomato universes. I was of tired of tripping over bugs and performance issues in those firmwares and finally stepped up to Netgate equipment. I don't think I've found a bug (*) or performance issue yet which makes me happy I spent the big bucks.

    (*) Maybe allowing the selection of a DHCPv6 prefix delegation size that isn't a multiple of 4 is a bug?

  • Netgate Administrator

    Ah so the 6 VLANs are all internal? I was wondering what ISP would be providing you with 3 VLANs and imagining IPTV etc, which would be far more complex!

    You would need policy routing from each VLAN to the correct WAN. Pretty normal multiwan config.

    Did you get the IPv6 working?


  • @stephenw10 I did get the IPv6 working on 3 VLANs. I was originally using a DHCPv6 64-bit prefix which left no room for subnetting. I asked the ISP (Spectrum) for a 60-bit prefix and got one no problem. My second ISP (TDS) won't be supporting IPv6 for a while but I'll be ready when they do!

Log in to reply