Understanding Router on a Stick


Active Member
Dec 17, 2015
Winterpeg, Canuckistan
Naive question time,

I've been trying to wrap my head around the various configurations - pros/cons.

I have an 24 port layer 2 switch and have been slowly working my way towards a pfsense router with default, DMZ, home, work, lab vlans.

Actual bandwidth from the wan is ~150Mbits and the lan is gigabit.

What are the pros/cons of configuring my firewall/router on a stick?
- Is the risk one of MAC Spoofing?
- Bandwidth bottlenecking?

As I understand it my switch handles ethernet traffic within vlans by MAC address,
The router moves traffic between vlans at layer 3 by IP address.

In my home environment I have the ability to plug everything I run into a single switch and it can currently handle all the bandwidth I am sending it a daily basis.

I've been looking at a little J1900 to serve as pfsense router or a use i5 sff box for half the price and twice the watts. I haven't been able to decide why I would choose a multi-nic router over a single nic router.



Active Member
Mar 11, 2015
What are the pros/cons of configuring my firewall/router on a stick?
1) if you have multiple internal networks, it will bottleneck
2) it will fail open if someone fumble-fingers the config or (on many soho switches) while the switch is resetting. the real impact of this is probably limited as the internal devices won't readily route to the internet, but it's ugly
3) it leaves the switch open to attacks from the outside. again, in practice this is of limited impact because the switch is probably using a non-routable IP, but it's still ugly.
4) if you're on an ISP topology that provides a WAN that lets you see your neighbors, the last couple of points are more compelling, but your neighbors probably don't know how to exploit this. :)

So mostly it's a matter of aesthetics, but the quality most switch firmware is so bad I'd rather not put it on the public internet if it's pretty easy to buy another NIC and avoid the issue.