Hello everyone. I am a complete newbie here, and regarding pfsense and network configuration on a whole, so please forgive me if this has been answered already.
I have a “Chinese” mini pc with multiple 2.5gbs ports running pfsense. 1 configured as WAN, and 4 configured as LANs. Only 2 of the LANs are connected currently. LAN 1 to a couple of 2.5gbs switches which in turn have an AP connected and a few other devices like a NAS, a couple of PC’s, printer etc. LAN 2 is connected only to another AP.
When I’m connected to the AP on LAN 2, I can access the Internet, but none of the devices on LAN 1. Same is true if I’m on LAN 1, I cannot access the AP’s configure gui on LAN 2.
Perhaps you might want to look up vlans, if you have managed switches they should be able to handle vlans. Then if you want to use all the ports on your chinese box you could put them into a LAGG to your main switch. Personally I keep a free port on the router that I can plug my laptop into directly in case I need to access pfsense directly when I’ve messed things up.
Agree with neogrid, use lagg on the switches connecting to PFSense, all vlan traffic is assigned to the lagg port including vlan 1
Have one standaline management port, just in case I need to access pfsense. You can not access pfsense directly connected to a pfsense assigned lagg port
There are several ways how you can use the additional ports…
You could bridge all ports, except the WAN port, in which case they would act like a switch and use the same network segment as your primary LAN port. (Not necessarily recommended)
You could use them for LAGG if your switch supports it, as @neogrid suggested.
You could run completely separate network segments on them, even multiple per port if you use VLAN tags.
In the latter case, you would need to create rules, to allow Internet access for the device(s)/network segment(s) connected/assigned to those ports, as @pavlos suggested.
