Here is my current setup. I have an SG-1100 (v 23.09.*) connected to a cable modem (WAN), managed switch (LAN) and wireless access port (OPT). The SG-1100 provides DHCP, DNS, VLANs for my network. This setup is working fine. I’d like to replicate this setup on a second network using Pfsense CE 2.7 on a PC with 2 NICs, but connected to a different managed switch for its LAN and have internet access through the cable modem. Don’t need an AP on the second network. I want to do this to have a separate environment to test pfsense and managed switch configurations without impacting users on the first network. I want the same services on both networks (including DHCP) for each network.
I’ve tried to set this up but can’t get LAN setup to work on the second network. I am particularly interested in DHCP as I know there are problems with two DHCP servers active in the same network. Also, by default I’ve noticed both pfsense instances have FQDN pfsense.home.arpa.
Any suggestions how to set this up would be greatly appreciated.
I can see two ways to go about this. The simplest way is to deliberately double NAT. Just plug the WAN port of your lab pfSense box into one of ports on your primary switch. Set it up with DHCP on it’s WAN port. Set it up with its LAN on a different subnet than the primary LAN For instance, use 192.168.5.1 for the primary LAN, and 192.168.10.1 for the lab network.
Only slightly more complex is to plug your lab pfSense box into the Opt port on your Netgate 1100. In the 1100, setup a VLAN on the Opt interface, with a DHCP server. Then add firewall rules to allow outbound WAN access. You’ll probably also want firewall rules to prevent access to LAN and any other VLANS on the 1100.
Edit:
You get around the “problem” of only being able to have one DHCP server on one network because the lab LAN subnet is a separate network. It’s no different than VLANs having their own DHCP servers.