Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    More then 500 vlan's

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 3 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      chiel
      last edited by

      Hi,

      I need to configure more then 500 vlan interfaces in pfsense.

      All these need to have a

      • private IP /28 address which will be NATted
      • IPv6 address
      • DHCP on each subnet

      Will pfsense be able to do this? And if so is there a easy way to configure it or does everything need to be done via web gui?

      1 Reply Last reply Reply Quote 0
      • H Offline
        heper
        last edited by

        technically yes. is this a gonna work nice & smooth: no

        the webgui isn't meant to handle that ammount of interfaces. its been reported in the past that it becomes incredibly slow & unusable.

        you might be better of using private-vlans on your switch & work with a transit network towards pfSense.

        1 Reply Last reply Reply Quote 0
        • C Offline
          chiel
          last edited by

          Thank for responding.

          Is this due of the "interface" tab that expands with all the available interfaces when you hover over it? If this is the case then will the upcoming release of pfSense 2.3 with nginx also be affected by this?
          IF so then will it be fixable when I made request in "Post a bounty"  to make a checkbox somewhere that says "Don't list interfaces in main menu"? Then I can still view and edit them when I click "(assign)". And something similar for the DHCP settings I guess.

          I'm I on the right track here? or are there any other things that need attention? Reason that I don't want to do it on a router/switch is because I need to NAT all of these 500+ networks. A router/switch is not as powerful for this as a server with pfSense. If the webgui is the only thing that is preventing this then I willing to help with development by posting a bounty for it.

          1 Reply Last reply Reply Quote 0
          • DerelictD Offline
            Derelict LAYER 8 Netgate
            last edited by

            There is nothing stopping you from using pfSense to NAT for 500 ports on a layer 3 switching infrastructure.

            It would do that quite well.

            • private IP /28 address which will be NATted

            Seems like for 500 ports you really want a layer 3 switching solution. Are all these 500 ports within 100m of each other or are you dealing with multiple wiring closets?

            • IPv6 address

            I assume you mean IPv6 /64

            • DHCP on each subnet

            You will want to use your switching infrastructure or an external DHCP server with helpers for this. pfSense will not be the way to go.

            But if you want to build all that behind pfSense, it will NAT for you beautifully.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.