Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Network Design Ideas, included a diagram, CARP, VLANS, etc.

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 3 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • cmcdonaldC
      cmcdonald Netgate Developer
      last edited by

      Here is the setup:

      • /29 Block of Static IPs from my ISP

      • x2 pfSense Boxes with 4 NICs each

      • Several Managed/VLAN Capable Switches

      • Several Unifi APs (VLAN/SSID Tagging Capable)

      What I have done so far:
      I have configured each pfSense box with one static WAN IP, I have also created the sync interface and the appropriate firewall rule to permit traffic. pfSense #1 is currently acting as a DHCP server but all of my devices (besides wireless clients) are configured for static IPs. I want to keep the 192.168.1.0/24 subnet strictly for management. I would like to create 2 more networks. One for public wifi access and another for secure office LAN/WLAN. That means that I need to create two VLANS and each needs to serve out IPs via DHCP. What I'm confused about is how all of this blends together with CARP?

      Need help fast? https://www.netgate.com/support

      1 Reply Last reply Reply Quote 0
      • D
        dhatz
        last edited by

        The client devices on your network (besides the two pfsense boxes) don't need to know anything about CARP.
        You'll have to configure your DHCP server to hand out the appropriate carp IP to clients as their gateway.

        PS: Btw iirc Unifi APs had certain peculiarities in their VLAN/SSID configuration (possibly fixed in newer firmware)

        PPS: I'd choose an rfc1918 range other than 192.168.1.0/24 for the management LAN (just think about the probability of conflict if you ever need to access it from elsewhere).

        1 Reply Last reply Reply Quote 0
        • J
          jasonlitka
          last edited by

          @dhatz:

          PS: Btw iirc Unifi APs had certain peculiarities in their VLAN/SSID configuration (possibly fixed in newer firmware)

          Mine work fine.

          I can break anything.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.