Alix2d3 with 3 LANs - I need more than 3!
-
Hello!
I am about to buy an Alix 2d3 to use PFSense with. The board has 3 LANs, but I need more since I have 3 ADSL connections. Can I use an external switch, and what must I do with PFSense to use more ports?
Regards
Kostas
-
buy manageable vlan supporting switch and then you can use more virtual lans
-
buy manageable vlan supporting switch and then you can use more virtual lans
To add to this reply, the suggested option has been described a number of times in these forums: you could search for VLAN port multiplier
-
Thank you all.
Kostas
-
As an alternative: If your 3 ADSL modems are also a router you could set up something like this:
[10.0.0.1]
ADSL-Modem/Router_1–------|
|
[10.0.0.2] | [10.0.0.4]
ADSL-Modem/Router_2–--- Switch--------------pFsense---------------- Switch------ internal network
| [192.168.0.1]
[10.0.0.3] |
ADSL-Modem/Router_3–-----With pfSense 2.0 it is possible to manually create additional gateway.
In such a setup you would have 10.0.0.1 as the first (default) gateway. 10.0.0.2 and 10.0.0.3 would be added as additional gateways.
These gateways then can be used in a balancing or failover pool.(This is also possible with 1.2.3 but requires some manual changes of the config.xml)
-
Thank you. In that case I do not need VLAN capable switches, I think.
In your diagram, you mean that the 10.0.0.4 will be the WAN port and the 192.168.0.1 will be the LAN, and these are all the ports I need?
Regards
Kostas
-
Basically yes.
But this really only works if your ADSL-Modems can also act as router.Also be aware that in such a setup double NAT is involved which may or may not break some protocols and "can" complicate stuff.
(I personally have had such a setup for years and never had any problems)
You would probably want/have to forward everything from your ADSL-modems to the WAN of the pfSense (10.0.0.4). -
Thank you!
I already have a TP-Link load balancer fir our 3 .ADSL lines, but I though to get rid of it and give all the workload to the Pfsense Alix.
Regards
Kostas
-
Grab a cheap Netgear GS-108T, use VLANs to turn 1 port into 7 :-) (8 port VLAN switch, one trunk port for pfSense, 7 ports untagged on separate VLANs)
-
Thank you!!!
Can you refer me to documentation for the VLAN setup (I have pfs the definitive guide book).
Regards
Kostas
-
Chapter 10 in the book covers VLANs from head to toe, including configuring them on some switches. I believe the Netgear web interface is covered in there
-
Thanks for the quick answer! I will study and get back!
Kostas
-
We ave a Cisco VLAN capable switch that is being used right now. Can I use some ports of this as a VLAN to extend the Alix ports?
Regards
Kostas
-
We ave a Cisco VLAN capable switch that is being used right now. Can I use some ports of this as a VLAN to extend the Alix ports?
Yes. I have a VLAN capable switch and use it to "multiply" a single physical port on my pfSense box to two switch ports, one to my ADSL modem and one to my DMZ. The "shared" physical port on the pfSense box has two VLANs and connects to a "trunk" port on the VLAN switch.
-
Well, all are explained very well, however I have issues with VLAN setup, and I need some help to accomplish this.
Here is my setup and the procedures I have followed so far, with no luck with the VLAN setup:
Setup
We have a Cisco SLM2048 switch as the main company switch, and I need to use some port of the switch to create the appropriate VLANs for extending PFSense.Procedures
1. Created vlans on pfsense interface (3 vlans (VLAN10, VLAN20, VLAN30) -1 interface port) and in switch (3 vlans in 3 different ports and 1 port for all).
P.S. the SLM2048 does not have a "trunk port". I have used a port set to "all" for this. All the switch ports have in "Port Settings" -> Acceptable frame type -> All or Tagged. All the ports are set to All. I have changed the VLAN ports to "Tagged", however I havent changed the PVID setting (left it to 1). Each VLAN contains its assigned port and the "trunk" port (VLAN10 = port 29 and port 32, VLAN20=port 30 and port 32, VLAN30=port 30 and port 32).2. Connect each router (in bridge mode) to the relevant vlan port of the switch.
3. Connect PFSense to the "trunk" port
4. Created 3 OPT interfaces in pfsense and assign them in the relevant vlan (VLANOPT1, VLANOPT2, VLANOPT3)
5. Enabled opt interfaces as PPPoE and assign the credentials for ISP.
Now, in Interfaces assignments I have the VLANOPT1 configured as "PPPoE4 (vr2_vlan10) - username@isp.gr
However the VLANOPT1 interface shows with the red X on the dashboard. If I change the assignment of the interface as vlan10 the port shows as connected (green).
Sorry for the long post.
Thanks in advance
Kostas
-
can you provide screenshots from that switch if there is something to fix
-
I don't have any experience with the switch you are using but I suspect the switch ports connecting to the modems should be configured as "Untagged" (that is, the switch should strip VLAN tags on output to the modems and add VLAN tags on input from the modems).
If I change the assignment of the interface as vlan10 the port shows as connected (green).
Please give more detail of what you have changed: VLANOPT1 physical interface changed from vr0_vlan10 to what?
-
Thank you all for your answers.
Here are the screenshots of the VLAN relevant areas of the switch.The ports used for VLANs is VLAN10=port 29, VLAN20=port 30, VLAN30=port 31, "trunk" port=port 32.
Each VLAN contains its port and port 32.
Best regards
Kostas
-
try client access ports with untagged, then it should work
-
You mean the ports connecting the modems?
Regards
Kostas
