Hi,
I currently have my inter VLAN routing done via Pfsense and all works fine. However, I would ideally like to go to L3 routing. I have trawled the web but most of the info I find relates to CISCO and not Draytek, which I use.
I have removed the VLANs from Pfsense and re-created them on the draytek core L3 switch and enabled a DHCP server for each VLAN. I know I need a transit VLAN to get non-VLAN traffic to Pfsense and back again but this is where I struggle. I have created a transit VLAN on the switch but am now struggling as to what exactly I put in the static routes
My Pfsense is addressed as 192.168.0.1
My VLANs are addressed along the lines of 192.168.20.1, 192.168.30.1 etc
My transit VLAN is 10.10.0.1/248
So what would be needed in the static route to / from Pfsense?
Switch - Default Route 0.0.0.0/0.0.0.0 next hop *** what address would the next hop be? Would 10.10.0.2 suffice?
Pfsense - no idea but think I need to do it for all VLANs except the Transit
Thanks
Steve
What are you trying to accomplish with this setup? Is it simply for learning or?
I would like to do this both for learning and also accomplish the routing via a switch and ensure wire speed for inter VLAN routing to NAS etc. Will also be setting up for 10G both on the LAN and in the near future WAN side.
Steve
This might get you in the right direction.
It is worth noting that Any firewall rules defined in pfSense for those vlans will never come into play. You will have to implement ACLs at the switch as well if your switch is capable of that. Otherwise all your VLAN traffic is wide open to each other.
Cheers for the link, I’ll take a look and have a go setting it all up.
I’m aware that I will have to redo the existing pfsense firewall rules on the switch using ACLs, which is a bit of a pain but fortunately the switch is capable of it.
Steve
Hi,
Have configured the switch as per the guide above, with points 1-6 & 8 complete. However, with regard to point 7 I am a little unsure how this is achieved.
I have set up the VLANs including a L3 transit VLAN as below:-
The switch has this screen for the static route:-
Note : Pfsense LAN interface gateway is 192.168.0.1
Would I be correct in setting the static route at the switch as below:-
If this is correct then I can move onto the Pfsense configuration.
I have built a second Pfsense PC to test with so I do not completely cock up my current working system and will get that installed asap once switch config is complete. Haven’t set up any ACLs yet but doesn’t appear to be too difficult!
Steve
