Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Setup HA (CARP) with Multiple LANs. Multiple L2 Switches?

    Scheduled Pinned Locked Moved
    HA/CARP/VIPs
    3
    3
    1.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      HPA_Support
      last edited by

      We have fiber connect with multiple Public IPs and those IPs are assigned to specific LANs(different subnets), IE Websites(DMZ), Phones, LAN etc.. i seen you need a L2 switch for the WAN and LAN connections. Do i need a L2 switch for all the separate LANs. So if we had 4 LANs, would we need 4 L2 switches?

      Thanks in advance..

      V M 2 Replies Last reply Reply Quote 0
      • V
        viragomann @HPA_Support
        last edited by

        @hpa_support said in Setup HA (CARP) with Multiple LANs. Multiple L2 Switches?:

        Do i need a L2 switch for all the separate LANs. So if we had 4 LANs, would we need 4 L2 switches?

        If you don't have a managed L2 switch with the capability to segment it respectively, yes, than you need separated switches for proper segmentation.

        1 Reply Last reply Reply Quote 0
        • M
          mjh_ca @HPA_Support
          last edited by

          @hpa_support Better to use two managed L2 switches with VLANs. Then you only need 2 switches for as many VLANs as you need.

          A basic setup is something like:

          • 2 x pfsense devices (i.e. CARP MASTER and BACKUP)
          • 2 x Managed L2 switches

          Plan VLANs and configure on pfSense, i.e.

          • VLAN 10 - WAN1 (provider 1)
          • VLAN 11 - WAN2 (provider 2)
          • VLAN 20 - LAN
          • VLAN 30 - Phones
          • etc

          Run 1 cable from each of the pfsense device to each switch (2 cables leaving each pfsense device, 4 cables in total). Configure as trunk ports on the switch so pfSense can pass traffic for any VLAN. Cross connect the two pfsense devices on another network port to handle pfsync.

          Now configure VLANs on pfSense on those interfaces, pfsync on the cross-connected port, you can have as many VLANs as you need (WAN, LAN, DMZ, phone, etc) without extra switches or cables now.

          You will want to cross-connect (or stack) the L2 switches between each other (configure as trunk ports) so they can pass the CARP heartbeat as well as any other VLAN traffic across switches. Consider enabling spanning tree on the switches to save yourself some frustration if you accidentally create a loop.

          1 Reply Last reply Reply Quote 1
          • First post
            Last post