newbie help with router

qbhatti · Feb 23, 2023, 9:03 AM

Hi.
I have a forcepoint 1100 router which has 2x 10gig + 8x 1gb ports.
I have another 10g switch connected via the 10g port and from that go one server and one 10gbaseT adapter to a 10g switch in another part of my house.
I have a bunch of 1gig devices also connected to this 10gig switch, but i want to remove this switch from my devices.

in pfsense..
i have lan0 (port 0 ) set as WAN and it works well.
i cant seem to get to use the other ports like a switch - i have tried making a bridge but it doesnt seem to work.

can i have some help please.

bingo600 · Feb 23, 2023, 9:30 AM

@qbhatti said in newbie help with router:

i cant seem to get to use the other ports like a switch - i have tried making a bridge but it doesnt seem to work.

Don't use the pfSense as a switch (bridge) if it can be avoided.
L3 Bridging is CPU Cycle costly , and will never perform as on a real L2 switch.

Buy a "cheap" Vlan capable switch for the 1G devices.
You can get 8-ports for around $40..50 , and 24-Ports for around $150 ... Even cheaper if you et a used from *Bay.

Create some Vlans on pfSense , and on the 1Gb switch , connect the two ...
Done

/Bingo

qbhatti · Feb 23, 2023, 11:25 AM

@bingo600

OK, no thats fine - I have the equipment already, I was thinking to use less equipment, but if you are saying it is better to leave the switch to switch i wont move anything around!

bingo600 · Feb 23, 2023, 12:29 PM

@qbhatti
If you want to have your 10G Switch dedicated to Servers , there is no issue in connecting your 1G switch to a free pfSense 1G IF.

That would perform fine.

It all depends on how your traffic flows , and if you have some kind of L3 (inter vlan) routing capability in the 10G Box.

If you have and are interested in utilizing L3 functionality in the 10G Box.
I would just connect 1 or 2 pfSense 1Gb interfaces to the 10G Box, and let that do the "internal heavy lifting".
Note: L3 routing in the 10G Box, would prevent pfSense from filtering traffic on/between those "10G-Box L3 routed interfaces", as it would never see the traffic.

/Bingo

stephenw10 · Feb 23, 2023, 2:48 PM

Yup, a real external switch is almost always the better choice here. Only use a bridge if you need to filter between two network segments in the same subnet.

That said is should be possible to add ports to a bridge. If you're not using the ports for anything else and the traffic across the bridge will not be too large it would probably be fine.

Steve