Playing with that Aruba S2500 figured I would try to create some VLANs so that I can create a VLAN with MTU 9000 on my 10gb network and a MTU 1500 on my standard 1gb network and let the fast switch handle the inter-vlan routing and the packet segmentation.
It too me a bit to get that working but I did.
One issue I ran into was the PC firewall needed a rule for the other network segment for the ping to work, and I needed the default gateway for each machine to be the Switches layer 3 VLAN IP and let the switches default route be the PFSense IP.
I have not messed with MTU yet, just one thing at a time.
So I have
VLAN1 192.168.1.0/24
VLAN1 Switch IP 192.168.1.234
VLAN10 192.168.10.0/24
VLAN10 Switch IP 192.168.10.234
PFSense LAN IP 192.168.1.1
Uplink from the S2500 to PFSense is a Trunk and both VLANS are setup to be tagged from the access ports.
PC1
192.168.1.4/24
GW 192.168.1.234
PC2
192.168.10.5/24
GW 192.168.10.234
I can ping from one PC to another across the vlans, so I have the inter-vlan routing working.
From VLAN1 I can reach PFSense and the internet.
VLAN10 however cant ping the PFSense interface or reach the internet.
I have been messing with it for a few hours. Surely my traffic is getting there, it just cant get back.
I think 99% of the articles are focused on using a trunk port and using PFSense to do the routing, so you would create the VLAN interfaces, and then assign them an IP and then assign them to your LAN interface.
That means what ever my gateway for each PC is now (the switches VLAN IP) would change to be PFSenses VLAN IP.
That would not be what I want to do since I am sure the Layer 3 switch will be much faster for handling those jumbo frame fragmentations.
I tried to create a LAN Gateway, I tried a static route that said send 192.168.10.0/24 to LAN
I tried doing part of the above with creating VLAN interfaces
I created the outboud NAT rule for 192.168.10.0/24
I created an allow all Firewall Rule for 192.168.10.0/24
I feel like I am close, but just missing something, or the right combination of somethings.
I wonder who here has done this before and knows the magic fix?
I think IamSpartacus has or was going to do it a long time ago - https://forums.servethehome.com/index.php?threads/move-routing-off-pfsense-to-l3-switch.9608/
It too me a bit to get that working but I did.
One issue I ran into was the PC firewall needed a rule for the other network segment for the ping to work, and I needed the default gateway for each machine to be the Switches layer 3 VLAN IP and let the switches default route be the PFSense IP.
I have not messed with MTU yet, just one thing at a time.
So I have
VLAN1 192.168.1.0/24
VLAN1 Switch IP 192.168.1.234
VLAN10 192.168.10.0/24
VLAN10 Switch IP 192.168.10.234
PFSense LAN IP 192.168.1.1
Uplink from the S2500 to PFSense is a Trunk and both VLANS are setup to be tagged from the access ports.
PC1
192.168.1.4/24
GW 192.168.1.234
PC2
192.168.10.5/24
GW 192.168.10.234
I can ping from one PC to another across the vlans, so I have the inter-vlan routing working.
From VLAN1 I can reach PFSense and the internet.
VLAN10 however cant ping the PFSense interface or reach the internet.
I have been messing with it for a few hours. Surely my traffic is getting there, it just cant get back.
I think 99% of the articles are focused on using a trunk port and using PFSense to do the routing, so you would create the VLAN interfaces, and then assign them an IP and then assign them to your LAN interface.
That means what ever my gateway for each PC is now (the switches VLAN IP) would change to be PFSenses VLAN IP.
That would not be what I want to do since I am sure the Layer 3 switch will be much faster for handling those jumbo frame fragmentations.
I tried to create a LAN Gateway, I tried a static route that said send 192.168.10.0/24 to LAN
I tried doing part of the above with creating VLAN interfaces
I created the outboud NAT rule for 192.168.10.0/24
I created an allow all Firewall Rule for 192.168.10.0/24
I feel like I am close, but just missing something, or the right combination of somethings.
I wonder who here has done this before and knows the magic fix?
I think IamSpartacus has or was going to do it a long time ago - https://forums.servethehome.com/index.php?threads/move-routing-off-pfsense-to-l3-switch.9608/