Network Design Ideas, included a diagram, CARP, VLANS, etc.



  • Here is the setup:

    • /29 Block of Static IPs from my ISP

    • x2 pfSense Boxes with 4 NICs each

    • Several Managed/VLAN Capable Switches

    • Several Unifi APs (VLAN/SSID Tagging Capable)

    What I have done so far:
    I have configured each pfSense box with one static WAN IP, I have also created the sync interface and the appropriate firewall rule to permit traffic. pfSense #1 is currently acting as a DHCP server but all of my devices (besides wireless clients) are configured for static IPs. I want to keep the 192.168.1.0/24 subnet strictly for management. I would like to create 2 more networks. One for public wifi access and another for secure office LAN/WLAN. That means that I need to create two VLANS and each needs to serve out IPs via DHCP. What I'm confused about is how all of this blends together with CARP?



  • The client devices on your network (besides the two pfsense boxes) don't need to know anything about CARP.
    You'll have to configure your DHCP server to hand out the appropriate carp IP to clients as their gateway.

    PS: Btw iirc Unifi APs had certain peculiarities in their VLAN/SSID configuration (possibly fixed in newer firmware)

    PPS: I'd choose an rfc1918 range other than 192.168.1.0/24 for the management LAN (just think about the probability of conflict if you ever need to access it from elsewhere).



  • @dhatz:

    PS: Btw iirc Unifi APs had certain peculiarities in their VLAN/SSID configuration (possibly fixed in newer firmware)

    Mine work fine.


Locked