Simpler Network Setup

jlee_eye · July 13, 2022, 5:48pm

Hello,

We are paring down our connections (VLANs) to our Aruba switches. We would like to have the following configuration for our office network. It is not ideal, but this is what we want to do.

Two Aruba switches that are connected to each other
PFSense connected to Aruba1
Three VLANS:

First VLAN will contain our Servers, DNS, Domain Controllers and have the configuration of 192.168.1.xxx subnet, and be connected to Aruba1
Second VLAN will contain our computers and printers of 192.168.10.xxx subnet, and be connected to Aruba2
Third VLAN will contain our wireless network of 192.168.50.xxx subnet

The computers and printers are not on the same network as the servers, but MUST be able to communicate and talk with each other (log in, etc)

How best to implement this simpler network?

Much appreciated,
James

g-aitc · July 13, 2022, 7:52pm

I can see problems with printers not connecting to the servers when it is a print job originating from a server. For some reason printers in MS Win want to be on the same network. There is a solution but I did it to many years ago to remember the solution.

xMAXIMUSx · July 14, 2022, 2:03am

If it were me I would setup a LAGG interface with LACP on pfsense to both switches and then from there pass all your VLAN traffic through the LAGG interface. From the switches you would break out whatever VLANs you want on either switch. In this way you will have a more highly available setup and simpler in my opinion.

LTS_Tom · July 14, 2022, 8:56am

LAGG would be more complicated, based on the title of “Simple”

Define VLAN’s and rules in pfsense
Define VLAN’s in Aruba
Make sure ports that connect from pfsense to Aruba1 and Aruba1 to Aruba2 are set trunk
Ste tag/untagged ports for the ports needed on the Aruba switches
If WiFi Access point is VLAN aware then set port from Aruba to access point to trunk and define SSID with VLAN tag.
Hope printers and servers being on separate network don’t cause issues.

jlee_eye · July 14, 2022, 8:04pm

Thank you for the information. We will keep the printers on same network as the Servers to make sure they can “talk” with each other.

Question: If the computers are on a separate network (subnet) as we want, how will they connect to the DNS server to log into the domain?

Much appreciated again

LTS_Tom · July 14, 2022, 9:02pm

The computers, servers, & printers go on the same network.

g-aitc · July 15, 2022, 1:45pm

Like your item #6 , especially true with MS-Win.