Routing networks correctly.
-
Hello
I have a question in regards to the correct way to have multiple networks on one pfsense box. (Meaning assigning the correct subnet and IP's.
I have Pfsense setup with 2 wans (TW 50/5) and (ATT 18/3) along with one LAN. The Lan connects to a Cisco 3750G switch, then all my stuff is connected to the switch.
So my question is if I want 2 networks: Home and Lab is it better to run this thru the switch with vlans or thru pfsense? Both works from what I read.
Example 1: From Pfsense
Lan1: 10.0.10.1/24
Lan2: 10.0.20.1/24or
Example 2: From switch
Pfsense : 10.0.0.1/16
Switch Vlan 10: 10.0.10.1/24 - Home
Switch Vlan 20: 10.0.20.1/24 - LabI would like to use example 2 because I can just have the one switch instead of 2. But other question will be what address will I give the switch?
10.0.0.x/16 or 10.0.10.x/24 or 10.0.20.x/24?
-
Depends. Do you want to be able to control access in pfSense, or via ACLs in the Cisco box? Keep in mind that you can assign VLAN interfaces within pfSense just like you would on a Cisco router/switch. Cleanest way, in my opinion, would be to tag VLANs on the port connected to pfSense, and route within pfSense. That way you have a simple logical configuration. If it were a situation where you absolutely needed the best performance possible, I'd say route it at the switch.
-
A third VLAN as a management VLAN is another option. Or choose one and use that as your management VLAN.
