Setup HA (CARP) with Multiple LANs. Multiple L2 Switches?
-
We have fiber connect with multiple Public IPs and those IPs are assigned to specific LANs(different subnets), IE Websites(DMZ), Phones, LAN etc.. i seen you need a L2 switch for the WAN and LAN connections. Do i need a L2 switch for all the separate LANs. So if we had 4 LANs, would we need 4 L2 switches?
Thanks in advance..
-
@hpa_support said in Setup HA (CARP) with Multiple LANs. Multiple L2 Switches?:
Do i need a L2 switch for all the separate LANs. So if we had 4 LANs, would we need 4 L2 switches?
If you don't have a managed L2 switch with the capability to segment it respectively, yes, than you need separated switches for proper segmentation.
-
@hpa_support Better to use two managed L2 switches with VLANs. Then you only need 2 switches for as many VLANs as you need.
A basic setup is something like:
- 2 x pfsense devices (i.e. CARP MASTER and BACKUP)
- 2 x Managed L2 switches
Plan VLANs and configure on pfSense, i.e.
- VLAN 10 - WAN1 (provider 1)
- VLAN 11 - WAN2 (provider 2)
- VLAN 20 - LAN
- VLAN 30 - Phones
- etc
Run 1 cable from each of the pfsense device to each switch (2 cables leaving each pfsense device, 4 cables in total). Configure as trunk ports on the switch so pfSense can pass traffic for any VLAN. Cross connect the two pfsense devices on another network port to handle pfsync.
Now configure VLANs on pfSense on those interfaces, pfsync on the cross-connected port, you can have as many VLANs as you need (WAN, LAN, DMZ, phone, etc) without extra switches or cables now.
You will want to cross-connect (or stack) the L2 switches between each other (configure as trunk ports) so they can pass the CARP heartbeat as well as any other VLAN traffic across switches. Consider enabling spanning tree on the switches to save yourself some frustration if you accidentally create a loop.