3 WAN 1 LAN



  • HI,

    is it possible to have 3 WAN and 1 LAN using 2 NIC from ALIX?

    i have setup pfsense 2.0 but i have this 4NICS, but we are planning to go to ALIX which has 2-3 NICS., and i dont know if it works on 3 WAN 1 LAN.

    THank in advance



  • The Alix is reported to be able to support a maximum throughput of about 85MB which is less than the bandwidth of one of its NICs.

    You could use a small (say 5 port) VLAN capable switch as a "port multiplier": connect one switch port to the Alix and three switch ports to your three WAN interfaces and create VLANs in pfSense and your switch to run the three "virtual" LANs over the one pfSense physical interface.

    If you search the pfSense forms for VLAN and port multiplier you will probably turn up a few posts discussing the concept.



  • Hi, thanks for your reply..

    i have layer 3 cisco 3560G switch here. its being used, sad to say can't use it for practice, i have no experience in vlan, or any routing, ive been using pfsense just for months, but i can easily learn from it. i tried using the web interface for manageable switch (layer 2) Netgear GS108T for practice.. it has 8 ports, i am just using pfsense in my vmware. here is what i made.

    Ports. | Vlan ID 
    1              1  = 172.16.0.0/16 Macmini and PFSense Virtual Machine
    2              1
    3              2
    4              2
    5              2  = 172.16.0.0/16 Macbook Connected
    6              3 
    7              3
    8              3  = Physical Network Connected/ which has many computers in it (ranges 172.16.0.0/16 subnet)

    this is what i understand from your diagram

    ports
    1=pfsense
    2=wan1 in /vlan
    3=wan2 in /vlan
    4=wan3 in /vlan
    5=lan out/network
    6
    7
    8

    is this correct? thanks



  • Lets ignore the vmware for the time being and consider just the pfSense WAN physical interface supporting three VLANs to which we will assign VLAN IDs 100, 200, 300. (VLAN ID 1 is often used for "default VLAN" - there is no default VLAN here, all the VLANs will be explicit.

    Then we have on the GS108T:
    @proverbian:

    ports
    1=pfsense
    2=wan1 in /vlan
    3=wan2 in /vlan
    4=wan3 in /vlan
    5
    6
    7
    8

    switch port 1 is configured as "trunk" port (Netgear may call it something different from "trunk"), retaining VLAN tags on entry to the switch and exit from the switch and is a member of VLANs 100, 200 and 300.
    switch port 2 is configured as a member of VLAN 100, stripping VLAN tags on exit from the switch and adding them on entry.
    switch port 3 is configured as switch port 2 but with VLAN ID 200.
    switch port 4 is configured as switch port 2 but with VLAN ID 300.

    I don't have any experience with vmware or Netgear GS108T but hope this is enough to give you the flavour of what needs to be done in your particular configuration.



  • Thanks for the Reply..

    so im gonna try this one..

    so,

    port
    1=pfsense with 2NIC?  - member of VLAN100/200/300
    2= wan1 - VLAN100
    3= wan2 - VLAN200
    4= wan3 - VLAN300

    WANS
    1      2    3
    |_||
          switch
            |
      pfsense
            |
            |
      Network

    is this the structure?



  • @proverbian:

    is this the structure?

    Pretty much. I would plug ONE pfSense network port into switch port 1 and that then becomes the physical interface for the three WAN VLANs. I would then use the other pfSense network port as the pfSense LAN port and that could be connected to a single computer or to one port of a dumb switch or even to (say) port 5 of the GS108T with ports 5 through 8 all members of VLAN 400 and configured in the switch to add VLAN tags on entry and strip VLAN tags on exit so ports 5 through 8 look just like a non VLAN LAN and three computers can be connected to switch ports 6 through 8.

    I think it is useful to have the pfSense LAN port as simply configured as possible (no VLANs) so that if you mess up our pfSense configuration and have to recover by restoring factory defaults you can do so with configuration information and minimal changes to your surrounding infrastructure.


Log in to reply