Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Another subnet sanity check.

    General pfSense Questions
    3
    4
    92
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nerlins last edited by nerlins

      This post is deleted!
      1 Reply Last reply Reply Quote 0
      • N
        nerlins last edited by

        I messed up my octets in the first post...

        I feel like I grasping how I want my network subnetted. This is all running on a Protectli 4-port, non-switching, router box. I would appreciate any input if this won't work:

        em0 interface= WAN assignment

        em1 interface= LAN, VLAN40, VLAN50, and VLAN60 assignments; Two daisy-chained Unifi Flex mini switches connecting physical devices.

        em2 interface= VLAN10, VLAN20, and VLAN30 assignments. All wifi networks from a Unifi AP AC Pro.

        Unless I can't subnet a /24 across two interfaces, here are my subnets.

        3rd) LAN (Main PC and servers, 4-5 devices):
        172.24.0.48/29

        2nd) VLAN10 (5Gwifi, 10-12 devices)
        172.24.0.32/28

        1st) VLAN20 (IOTwifi, 14-18 devices)
        172.24.0.0/27

        4th) VLAN30 (Guestwifi, 2-4 devices...I don't entertain that often)
        172.24.0.56/29

        5th) VLAN40 (Camera network, 4-6 devices)
        172.24.0.64/29

        6th) VLAN50 (HueHub, 1-2 devices)
        172.24.0.72/30

        7th) VLAN60 (Printer, 1-2 devices)
        172.24.0.74/30

        If this is feasible, then the only real question I have is: What IP address do I set for Pfsense itself?? I can't do my usual and set it as 172.24.0.1, right? I need to set it in the LAN subnet, most likely as 172.24.0.50, correct?

        OR

        Would it just be simpler to do this?

        LAN
        172.24.0.1/29
        VLAN10
        172.24.1.1/28
        VLAN20
        172.24.2.1/27
        VLAN30
        172.24.3.1/29
        VLAN40
        172.24.4.1/29
        VLAN50
        172.24.5.1/30
        VLAN60
        172.24.6.1/30

        johnpoz S 2 Replies Last reply Reply Quote 0
        • johnpoz
          johnpoz LAYER 8 Global Moderator @nerlins last edited by

          While I applaud the use of correctly sized subnets.

          /30 kind of taking it to the extreme - and will be problematic if you want to actually add a device in the future - ie maybe another printer ;)

          Since you really have full use of the rfc1918 space, wouldn't it be easier to just use /24 each of your subnets.. 172.24.1, .2, .3, 172.24.4/24 etc..

          You can for sure use 172.24.0.32/28 on vlanX, and then 172.24.0.56/29 on vlanY if you want.. But its easier for the brain to see 172.24.1 and 172.24.2 as different network..

          1 Reply Last reply Reply Quote 0
          • S
            SteveITS @nerlins last edited by

            @nerlins said in Another subnet sanity check.:

            What IP address do I set for Pfsense itself

            It will need an IP on each subnet if the subnet is to communicate with/through the pfSense. (the printer's gateway is the pfSense IP in that subnet)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy