Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multiple ports, one vlan.

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 499 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      erasedhammer
      last edited by

      I know people have asked this question before, but I have a use case that I havent seen yet.

      I have pfsense set up with a x710-da4 (4 port 10gig SFP+). I have a core switch with 24 1gig ports and 2 10gig uplink ports. One of the 10gig ports is dedicated to another internal router, so that can't be used. The other port is a dedicated uplink port to the firewall as a trunk for all subnets.

      I have a server (server1) that I need two full 10 gig connections to but I have another server (server2) that will be on the same subnet as the 10 gig server that also needs connections. I don't have enough ports on the firewall to connect up server2, and I dont have enough 10gig ports on the switch to connect up server1.
      So I was going to connect server2 to my switch and use the switch's 10gig uplink trunk. Then I wanted to have server2 to connect directly to the firewall.
      I'm not sure how I would configure pfsense to use a physical port and a trunk port to handle the same subnet? Is it even possible?

      Adding another switch is a possibility if I can't do this as planned, but I don't really have enough space for one.

      netmap.PNG

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by johnpoz

        Why does the server need to be in dmz and or lan? Why can it not just be on a different network?

        Not sure how you think that is going to get you 10ge speed. Your dmz/lan are on the same single physical 10ge port.. So there is limit of total 10ge.. Where is the extra traffic going to come from that would need 20ge?

        Even if you bridge the interfaces, its not going to be wirespeed..

        Your server 2 seems to only have 1 gig interfaces..

        Connect server 1 with lagg, using your 2 ports. Put it on vlan X..
        Same for server 2 connect with lagg to your switch. In vlan Y.

        Your uplink of 10ge to pfsense would be vlan Y. And any other vlans you want, other than X.

        Even if you could make how you have it drawn work - Multi homing servers into a dmz and a lan - defeats the whole purpose of dmz and lan.. Because this server has legs in both networks - so how are they isolated?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • E
          erasedhammer
          last edited by

          I forgot to include both of these servers are esxi's. Multiple vms that sit on each network.
          I used LAN as a generic term. LAN in this case is a segregated VM network for devices that need access to the lan but are not accessible by the internet.

          As for 10gig need, I really only need 10gig for the dmz on server1, which could free up one port on the firewall for server 2 dmz, except I currently have another hardware device that sits in the dmz.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.