PfSense with 1 NIC + managed switch = ?
-
usb nics pretty much blow, and its a OLD laptop you ay - so highly doubt usb 3 ;)
As I said, I do not have USB3.0 but USB2.0 should be enough for WAN. Then the native GbE connection can be used to route intranet traffic.
Why can you not leverage your esxi box??
Because I want to run pfSense in a separate box.
it is not the typical enterprise ios that runs on their enterprise line - this ios is different. While many of the commands are the same
Hmm that could be a deal breaker. Will keep it in mind.
-
USB NICs, under FreeBSD at least, are unpredictable. A quick look through the forum will show the many, many threads with people having problems with USB. I would choose a router-on-a-stick setup over USB.
There are people running both types of setup without any issues.There are several reasons not to use a router-on-a-stick configuration:
If you're completely unfamiliar with VLANs then setting it up may prove frustrating depending on what switch you use.
The bandwidth through pfSense will be reduced as all your traffic has to travel in both directions along a single ethernet connection. However if your WAN connection is relatively low speed and the connection to the switch is gigabit this is unlikely to be a restriction.
There's a security risk. If your switch should forget its settings for some reason you could end up with the WAN connected directly to the LAN. This is a pretty minimal risk in my opinion, i've never seen of heard of it happening, but you need to consider it yourself.There are much cheaper switches you can use.
Steve
Is it a compatibility issue or something?
I am still considering which switch to buy and watching for good deals.
-
Is what a compatibility thing? USB?
-
Yes, its a compatibility thing. Drivers.
BSD and Linux doesn't work well with manufacturers who change chipsets like people change underwear.
And even when you get lucky, its still USB, so still not great compared to everything else.
-
we've build a pfsense on a old desktop ( HP sf5000 or something) only one nic.
in our case we were able to install the free version of ESXi on the desktop and installed Pfsense as an vm.
connected the NIC to a managed switch (HP procurve 1810-24g)
added 3 vlans
vlan 4 ( WAN)
vlan 10 (LAN) ip 192.168.17.254
vlan 20 (OPT1) ip 10.0.10.254connected a switch port to hour modem and untagged it vlan4
the desktop connected to the switch port, tagged vlan 4, 10 and 20other switch ports untagged vlan 10 or vlan 20
all works fine using 2 different dhcp scopes on vlan 10 and 20
hope this helps.
-
Exactly.
-
we've build a pfsense on a old desktop ( HP sf5000 or something) only one nic.
in our case we were able to install the free version of ESXi on the desktop and installed Pfsense as an vm.
connected the NIC to a managed switch (HP procurve 1810-24g)
added 3 vlans
vlan 4 ( WAN)
vlan 10 (LAN) ip 192.168.17.254
vlan 20 (OPT1) ip 10.0.10.254connected a switch port to hour modem and untagged it vlan4
the desktop connected to the switch port, tagged vlan 4, 10 and 20other switch ports untagged vlan 10 or vlan 20
all works fine using 2 different dhcp scopes on vlan 10 and 20
hope this helps.
I am still not quite clear about how the router talks to the modem via a switch, just put them in the same VLAN and things just magically work?
-
Yes. ;)
There's nothing special about the modem-router connection it's standard ethernet.
Steve
