I was using a Cisco SG300-28 switch in L3 10 years ago. They are a nice switch but old. I have changed the last couple years and use a Cisco SG350-10P now. I have a Cisco SG350X-24 but the fans bother me. I used pfsense for about a year and switched to a Cisco RV340 router as all the DHCP and local routing was on my L3 switch. Pfsense updates did not work as they usually broke something and I got tired of testing my router over and over. So, I dropped pfsense. I ran Untangle as a UTM behind my Cisco router for 4 or 5 years. Maybe that is why I did not appreciate pfsense as I ran Untangle as a UTM device before pfsense.So I'm trying to figure out what went wrong trying to replicate kapone's post but can't seem to find the culprit of it.
First of all, you'll have to forgive me if I don't make too much sense, since English is not my first language but always try to do my best to communicate with it.
Right now my home gear network consists of the following:
PC Engines APU2 - PfSense
Cisco SG300-52 L3 enabled
ICX7250-48 L3 10Gb license (Thanks @fohdeesha)
ICX6610-48 Fully licensed too (1 PSU rev3, 1 FAN) - Not in use, too loud after a few minutes (maybe will sell it since PSU and fan will cost me as much as another unit)
What I am trying to achive?
Have a native L3 network after a while since FW was handling the VLANs as a Router on a Stick approach, right now it can't handle inter-vlan 1Gb network traffic after doing so for a "some time", since I have the gear that can do all the L3 at its core.
My core networking/services/servers (more APU2s) are on a 12U startech rack is hangin on my apartment's entrance corner and my office is a few meters away cabled with 6 CAT6 ethernet drops, maybe more, but don't tell my wife.
My first approach was to use the ICX7250 as a Core switch for my place on the aforementioned startech rack, and the ICX6610 for my 24U rack with 6 SM servers all with 10Gb NICs and a 40Gbps NIC on my main ESX/NAS server, short long story, as I mentioned the switch is too loud to have it 24/7 on my apartment I didn't even setup up correctly on both ends. - Currently discarded until further notice or until christmas bonus. lol
Then I tried to use the SG300 as my Core L3 switch and the ICX7250 as my rack switch with inter-VLAN routing on my main LAN, this worked "well" can access the SVIs, setup the firewall rules, static routes both the switches and FW can see and communicate, everything was ok but then I realized L3 routing was performed at the Cisco so 10Gb traffic was limited to 1Gb as you might guessed. - Discarded for the time being, maybe will get back to this if could find the routing issue on the ICX.
So third attempt, since the APU has 3 ethernet ports (WAN, LAN, OPT1) tried the Kapone's post guideline, using the OPT1 which was unused to connect one of the cable drops to my office directly to the ICX, created a /30 transit VLAN, gateway, static route on FW, static route on SW, FW rules and what not, but can't communicate from my main home network to the VLANs associated on the ICX, I'm still using the SG300 on my LAN, nothing has done yet in there (No L3 switching, VLANs SVIs, nothing really, just a dumb SW ATM), was thinking to use it as an access L2 SW for the VLANs needed for the APU2s VMs and LXC containers using a second drop back from my rack to the startech rack.
So with all this, which approach will be the best to execute, and more important, am I missing something on my config, steps that might be overlooked?
Basically TDLR;
Need to setup a L3 network using Cisco SG300, ICX7250 and pfsense, but have failed doing so.
Here's the precious data if needed:
If you need more info I'd gladly provide it.
Using an L3 switch is still better than L2 if you are using network VLANs. I always assign a network to a VLAN. I use several in my home.
Using a Cisco SG300 switch in L3 will require you to turn on L3 mode. This is only required on these older Cisco switches. The Cisco SG350 switches do not have a mode.
Last edited: