Can pfsense support up to 16 Nic?
-
Hi everyone!,
I have a pfsense box on a proliant G5 with 2 quad processors and 24 GB RAM for high troughput and multiple captive portal. The pfsense has 16 Tagged Vlan distributed on 4 intel nics. But sometimes some vlans stops working and the IP address cannot responses. With many tests I found this not happend if no vlan setup in a nic. I think the problem is something in the vlan support on freebsd and a solution can be not using vlan, but a dedicated nic for each Network.
Can pfsense support up to 16 nics?
-
What version of pfSense are you running?
I would diagnose and fix the problem you are having before swapping gear and ditching dot1q on intel NICs. It works fine.
If one stopped responding I would sniff the traffic both using pfSense packet capture and a switch mirror port to see what's really going on. Could be pfSense is working fine and it's the switch that's acting up.
-
Hi Derelict,
Thank you very much for your response.
I am using pfsense 2.2.6, but the problem comes since 2.2.1 version.
I was reviewing the configuration of the switches and I found some ports in access/trunk mode, I decided to change them all to trunk mode. But the problem persists.
Making a tcpdump on the pfsense only shows incoming traffic, but there is no outgoing traffic from pfsense. The firewall rules are any to any and any service and protocol.
I attach some tcpdump capture
-
Which is why I also suggested sniffing at a mirror port in the switch. Without knowing anything about what device is what IP address that capture tells me pretty close to nothing.
-
I presume the firewall's IP on that interface is 10.107.0.5. That capture proves it's still functioning at sending traffic out on the VLAN, since ARP is working. No reply to pings though, could be for any number of reasons. Probably firewall-related, like maybe Snort blocking the IP if you're running it.
Agree you should troubleshoot the problem further, adding NICs isn't likely to help judging by that capture.
-
Can pfsense support up to 16 Nic?
Yes it will be able and there are appliances out there that will be able to offer you many LAN ports as you
need it. One of them would be the scope7-8771 from Landitec it is a official European distributor from Lanner.But if you think it might be that you change even the hardware if something is not really running likes expected
this would be a hard and expensive trail for you as I see it right. Perhaps you might be getting a Layer3 switch
that is then proper routing the VLANs for your network and the pfSense firewall is then only routing the WAN-LAN
part. It would be perhaps the better option, or perhaps if money is not rare booth will fit and makes you happy.
