Hello all,
I currently have a pfSense custom box as my main NAT router, firewall, gateway, and DHCP server using VLANs. Running a 10GbE network now, I think offloading as much inter-VLAN routing to the switch would be ideal.......right?
I have 4 Netgear switches in a 2-Teir design. 1x XSM7224S (24x 10G SFP+) is the core switch. 1x GSM7328S is in the rack for 1GbE connectivity. 2x GSM7228PS switches make up the rest of the network for security cameras, client end points, and UAPs. All 4 switches have L2+ static routing features.
Based on no personal experience, I want to run my ideas by you fine folks and get your feedback and corrections.
I want to continue using pfSense as the internet gateway router (NAT),WAN firewall, and VPN tunnel. Probably also continue using this as the DHCP server, as well, as I have alot of persistent MAC-IP bindings.
So my thoughts....
Again, I am entirely new to L2+/L3 on switches. I have tried to interpret as much as I can from online tutorials and documents, but I am having trouble making it all look right to me.
I currently have a pfSense custom box as my main NAT router, firewall, gateway, and DHCP server using VLANs. Running a 10GbE network now, I think offloading as much inter-VLAN routing to the switch would be ideal.......right?
I have 4 Netgear switches in a 2-Teir design. 1x XSM7224S (24x 10G SFP+) is the core switch. 1x GSM7328S is in the rack for 1GbE connectivity. 2x GSM7228PS switches make up the rest of the network for security cameras, client end points, and UAPs. All 4 switches have L2+ static routing features.
Based on no personal experience, I want to run my ideas by you fine folks and get your feedback and corrections.
I want to continue using pfSense as the internet gateway router (NAT),WAN firewall, and VPN tunnel. Probably also continue using this as the DHCP server, as well, as I have alot of persistent MAC-IP bindings.
So my thoughts....
- Change pfSense LAN IP to 10.1.1.1/16 with no more VLAN configuration
- VLAN routing and VLAN "firewalling" will be taken care of by switch ACLs
- All VLAN ACLs should be on the "core" switch, no ACLs on other switches
Again, I am entirely new to L2+/L3 on switches. I have tried to interpret as much as I can from online tutorials and documents, but I am having trouble making it all look right to me.