
The best practices for setting up management VLANs for the network, ensuring ACLs will work the way I intend, and the correct setup of the pfSense as the default gateway for all non-VLAN traffic (i.e. 168.9.253 That is the setup on my switch. Then you can get to it from any other network routed by pfsense. I suppose this depends on the IP/netmask used by pfSense and whether or not it will be VLAN-aware. Only route you would need on your switch is the default route, pointing to pfsense Ip in whatever vlan you put your management IP in. I do not know yet how to set up default routing. I have tried to interpret as much as I can from online tutorials and documents, but I am having trouble making it all look right to me. All VLAN ACLs should be on the "core" switch, no ACLs on other switchesĪgain, I am entirely new to L2+/元 on switches.VLAN routing and VLAN "firewalling" will be taken care of by switch ACLs.Change pfSense LAN IP to 10.1.1.1/16 with no more VLAN configuration.Probably also continue using this as the DHCP server, as well, as I have alot of persistent MAC-IP bindings. I want to continue using pfSense as the internet gateway router (NAT),WAN firewall, and VPN tunnel. All 4 switches have L2+ static routing features.īased on no personal experience, I want to run my ideas by you fine folks and get your feedback and corrections.

2x GSM7228PS switches make up the rest of the network for security cameras, client end points, and UAPs. 1x GSM7328S is in the rack for 1GbE connectivity.

1x XSM7224S (24x 10G SFP+) is the core switch. I have 4 Netgear switches in a 2-Teir design. Running a 10GbE network now, I think offloading as much inter-VLAN routing to the switch would be ideal.right?

I currently have a pfSense custom box as my main NAT router, firewall, gateway, and DHCP server using VLANs.
