Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Another subnet sanity check.

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 3 Posters 699 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • nerlinsN Offline
      nerlins
      last edited by nerlins

      This post is deleted!
      1 Reply Last reply Reply Quote 0
      • nerlinsN Offline
        nerlins
        last edited by

        I messed up my octets in the first post...

        I feel like I grasping how I want my network subnetted. This is all running on a Protectli 4-port, non-switching, router box. I would appreciate any input if this won't work:

        em0 interface= WAN assignment

        em1 interface= LAN, VLAN40, VLAN50, and VLAN60 assignments; Two daisy-chained Unifi Flex mini switches connecting physical devices.

        em2 interface= VLAN10, VLAN20, and VLAN30 assignments. All wifi networks from a Unifi AP AC Pro.

        Unless I can't subnet a /24 across two interfaces, here are my subnets.

        3rd) LAN (Main PC and servers, 4-5 devices):
        172.24.0.48/29

        2nd) VLAN10 (5Gwifi, 10-12 devices)
        172.24.0.32/28

        1st) VLAN20 (IOTwifi, 14-18 devices)
        172.24.0.0/27

        4th) VLAN30 (Guestwifi, 2-4 devices...I don't entertain that often)
        172.24.0.56/29

        5th) VLAN40 (Camera network, 4-6 devices)
        172.24.0.64/29

        6th) VLAN50 (HueHub, 1-2 devices)
        172.24.0.72/30

        7th) VLAN60 (Printer, 1-2 devices)
        172.24.0.74/30

        If this is feasible, then the only real question I have is: What IP address do I set for Pfsense itself?? I can't do my usual and set it as 172.24.0.1, right? I need to set it in the LAN subnet, most likely as 172.24.0.50, correct?

        OR

        Would it just be simpler to do this?

        LAN
        172.24.0.1/29
        VLAN10
        172.24.1.1/28
        VLAN20
        172.24.2.1/27
        VLAN30
        172.24.3.1/29
        VLAN40
        172.24.4.1/29
        VLAN50
        172.24.5.1/30
        VLAN60
        172.24.6.1/30

        johnpozJ S 2 Replies Last reply Reply Quote 0
        • johnpozJ Offline
          johnpoz LAYER 8 Global Moderator @nerlins
          last edited by

          While I applaud the use of correctly sized subnets.

          /30 kind of taking it to the extreme - and will be problematic if you want to actually add a device in the future - ie maybe another printer ;)

          Since you really have full use of the rfc1918 space, wouldn't it be easier to just use /24 each of your subnets.. 172.24.1, .2, .3, 172.24.4/24 etc..

          You can for sure use 172.24.0.32/28 on vlanX, and then 172.24.0.56/29 on vlanY if you want.. But its easier for the brain to see 172.24.1 and 172.24.2 as different network..

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • S Offline
            SteveITS Rebel Alliance @nerlins
            last edited by

            @nerlins said in Another subnet sanity check.:

            What IP address do I set for Pfsense itself

            It will need an IP on each subnet if the subnet is to communicate with/through the pfSense. (the printer's gateway is the pfSense IP in that subnet)

            Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to reboot, or more depending on packages, and device or disk speed.
            Upvote 👍 helpful posts!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.