Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to connect 2 bridged WAN to a switch ?

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    1 Posts 1 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      slagr
      last edited by

      I have inherited 2 pfsense instances (2.0 and 2.0.1) behind a baystack 350-12T switch.
      pfsenses have the same config : WAN,LAN,OPT2 - bridged.
      WAN (with assigned IP) connected to baystack, LAN (no IP) to DMZ
      OPT2 is connected via CARP and is used for pfsync.
      I'd like to have a WAN VIP address, which would be used as a default gw for DMZ network (a few /24 networks) and load balancer.
      For the moment one switch port is disabled to not have a network loop. And for that reason CARP fro WAN doesn't work (both are in master status).
      In case of any issue with one of pfsense, baystack switch ports (pfsenses are connected to) are manually swapped (en/dis to dis/en).
      That's the current situation.

      What I want to get, is to enable both baystack ports, and have a real failover configuration.
      What is the best approach we can go with ? baystack support a kind of STP. STP is disabled on both pfsense bridges.
      I have read many opinions, that STP may cause issues, I cannot afford (everything is in production).
      Is STP a way to go with, or to use devd, as it is described here http://forum.pfsense.org/index.php/topic,4984.msg87793.html#msg87793

      What would you recommend ?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.