Another subnet sanity check.
-
This post is deleted! -
I messed up my octets in the first post...
I feel like I grasping how I want my network subnetted. This is all running on a Protectli 4-port, non-switching, router box. I would appreciate any input if this won't work:
em0 interface= WAN assignment
em1 interface= LAN, VLAN40, VLAN50, and VLAN60 assignments; Two daisy-chained Unifi Flex mini switches connecting physical devices.
em2 interface= VLAN10, VLAN20, and VLAN30 assignments. All wifi networks from a Unifi AP AC Pro.
Unless I can't subnet a /24 across two interfaces, here are my subnets.
3rd) LAN (Main PC and servers, 4-5 devices):
172.24.0.48/292nd) VLAN10 (5Gwifi, 10-12 devices)
172.24.0.32/281st) VLAN20 (IOTwifi, 14-18 devices)
172.24.0.0/274th) VLAN30 (Guestwifi, 2-4 devices...I don't entertain that often)
172.24.0.56/295th) VLAN40 (Camera network, 4-6 devices)
172.24.0.64/296th) VLAN50 (HueHub, 1-2 devices)
172.24.0.72/307th) VLAN60 (Printer, 1-2 devices)
172.24.0.74/30If this is feasible, then the only real question I have is: What IP address do I set for Pfsense itself?? I can't do my usual and set it as 172.24.0.1, right? I need to set it in the LAN subnet, most likely as 172.24.0.50, correct?
OR
Would it just be simpler to do this?
LAN
172.24.0.1/29
VLAN10
172.24.1.1/28
VLAN20
172.24.2.1/27
VLAN30
172.24.3.1/29
VLAN40
172.24.4.1/29
VLAN50
172.24.5.1/30
VLAN60
172.24.6.1/30 -
While I applaud the use of correctly sized subnets.
/30 kind of taking it to the extreme - and will be problematic if you want to actually add a device in the future - ie maybe another printer ;)
Since you really have full use of the rfc1918 space, wouldn't it be easier to just use /24 each of your subnets.. 172.24.1, .2, .3, 172.24.4/24 etc..
You can for sure use 172.24.0.32/28 on vlanX, and then 172.24.0.56/29 on vlanY if you want.. But its easier for the brain to see 172.24.1 and 172.24.2 as different network..
-
@nerlins said in Another subnet sanity check.:
What IP address do I set for Pfsense itself
It will need an IP on each subnet if the subnet is to communicate with/through the pfSense. (the printer's gateway is the pfSense IP in that subnet)