Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    L3 Switch, vLans, ESXi, 6 NICs – Help

    Virtualization
    2
    2
    1.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      salvationd
      last edited by

      For a graphical overview of what I'm planning to do:
      http://i.imgur.com/lwEx8T6.jpg

      I have an ESXi box, connected to a Cisco c3560g (Supports EtherChannel)

      Right now I am using a Motorola SBG6580 in Bridge mode which is directly connected to one NIC (pfSense WAN), my 2nd NIC is connected to Port 1 on my Cisco Switch (pfSense LAN) with all of my VM's on the same vSwitch.  This is leaving me 4 NIC's unused.

      I am planning to restructure my network to what's in the picture above that I posted which breaks down to:
      –Cisco Switch enable 'ip routing' and give the virtual interfaces IP's and let it handle all the VLAN traffic
      --pfSense (LAN) to Cisco Switch Port 1 [192.168.0.0/30]
      –Wired Devices on Cisco Switch Port 2-14 [10.10.10.0/24 - VLAN 10]
      –Wireless Access Point Port 15 [10.10.15.0/24 - VLAN 15]
      –ESXi and all virtual machine servers Port ??? [10.10.20.0/24 - VLAN 20]
      –Experimental Network (ACL controlled) Port ??? [99.99.99.0/24 - VLAN 99]

      My question is, what should I do for:

      1. In pfSense to facilitate the Cisco Switch handling the VLAN's? 
        –Assuming just make static routes to each of these networks and call it a day?

      2. With 6 total NIC's, how is the best way to utilize this?  I understand I will not be able to saturate this, but it's a home network and used for learning, so why not make use of it a bit?
        --Is it best to let pfSense (LAN) have it's own Port with no other VM's on it and then use the other 4 NICs in ONE vSwitch with all of my VMs separated from pfSense (LAN)
        -OR-
        --Is it better to leave pfSense (LAN) in the same vSwitch as the other VMs and put all 5 NIC's on one vSwitch and let ESXi handle all of it?

      Any input or potential issues would be greatly appreciated!  Thanks!

      Sal

      1 Reply Last reply Reply Quote 0
      • T
        Tarcas
        last edited by

        If you want to use more of your NICs, I would set up a portchannel between ESXi and your Cisco switch. (This is what I've done with my own ESXi host.) You could either trunk all the VLANs over this portchannel to let pfSense do the routing (and record logs, and apply firewall rules, etc) or you could let your intra-VLAN routing be handled by your Cisco, as you suggest… or a combination of these. If a combination, make sure that the Cisco has no IP in the VLANs that should be handled by pfSense, or a host in that VLAN could set the Cisco as its gateway to get around whatever firewall restrictions you put in place (unless of course you want this capability!)

        If you want the Cisco to handle the routing, just set up pfSense so that it has a static route to 10.0.0.0/8 pointing to the Cisco. (You don't want this traffic going out anyway, so no harm in making this overly broad.)
        If you want pfSense to handle the routing, only give the Cisco a management IP, and turn off routing. (no ip route) then it will act as a layer 2 switch.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.