PfSense + 3750G
-
Hello,
I recently acquired a computer and a Cisco 3750g to play with at home. I am wondering if anyone has done a similar setup. I want to use the following setup Cable Modem <–----> Pfsense <-----> 3750g.
I was wondering if anyone has pointers on this setup and if I should let pfsense do dhcp or let my 3750g.
As for why I needed POE for a future camera system. I would like to setup 3 Vlans if possible 1 for internal network, 1 for camera network, and 1 for guest wifi.
-
If you have the right ios on te device it can do layer 3 for you.
Seems more logic to do the layer 3 on the pfsense if you not neet wire rate between vlans.That 3750G is most likely to be found here:
http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3750-series-switches/product_data_sheet0900aecd80371991.htmlIt consumes quite some energy and with at least 42 dBa it makes a lot of noise..
You will need to make the vlans on the switch, create a trunked interface to the pfsense.
Use dot1q and not isl which is cisco its own trunking mechanism.s Depending on IOs you cannot do isl anymore thoug.
-
When setting up vlans on the 3750g make sure you issue the command on your trunk:
switchport trunk encapsulation dot1q
If not your trunk will use Cisco's ISL technology and your vlans won't talk to PfSense. Also research vlan tagging. If your learning is all Cisco you maybe unaware of the concept of tagged and untagged ports.
The short trunk ports are tagged ports in every other platform.
-
If you are going to run a layer 3 switch with pfsense and you want to keep the VLAN traffic routing in the switch and not load down pfsense with local traffic then use an access port instead of a trunk port to feed pfsense from the layer 3 switch.
This is the way I run my network. I use pfsense for internet traffic and my Cisco layer 3 switch does all my local LAN routing.
-
That is another way to do it. Doing it that way you have less control over what inter-vlan goes on through PfSense. You of course can use access-list to control things but can be tricky for newbies (even well versed Cisco guys) . Will you need dhcp? If so PfSense can do that for you. I forget but I believe you can run dhcp through a 3750. You can also use routing protocols like rip… You have a lot of options and can have some fun. More than likely you can find help on this forum for almost anything you want to do. If you search for vlan-vlan routing performance, you can find some test I have done that show with the right hardware inter-vlan routing is not expensive as it once was (I mean in the context of you needing custom asics) and the performance is virtually the same compared to routing on a stick. I pretty much use the 80/20 rule. 80% of your traffic is switched / 20 routed.
-
I use a Cisco layer 3 switch with DHCP on the switch. All local network routing is processed by the switch not pfsense. So pfsense only controls internet traffic. This saves CPU cycles on the pfsense machine. The trade off is all the VLAN networks are routed traffic on pfsense. I use static routing because my switch does not do RIP. My next Cisco layer 3 switch will do RIP. I run a Cisco SG300-28 switch which only consumes 17 watts of power. I like running this setup. All my local network meat is in the switch which I never reboot. It allows me to change routers in minutes. I guess this is handy if your upgrade goes south.
One other thing I use pfsense for is to feed NTP time to my layer 3 switch.
-
Thanks everyone!!
These are all great suggestions. As of right now I have pfsense doing everything and the internet is up and running which makes the wife and kids happy.
I think I will try having the 3750g do dhcp in the future along with my 3 vlans but for now I will let it function as is.
The first thing on the agenda is to get my media server working again. Have any of you used finch? Thinking about trying to get Pfsense and Plex on the same box. Or building a new pfsense micro router and using the existing hardware for my plex. Any suggestions?