From: Giles Coochey <gi...@coochey.net<mailto:gi...@coochey.net>>

I'm not criticizing your choice configuration, there is absolutely no reason 
not to use VLANs, however, in your design you appear to have a number of VLANs, 
but I didn't see that (at the moment) you actually showed a need to be using 
them (4 interfaces in total, one I assume is a WAN interface, three interfaces 
remaining, you say you are not using the default VLAN, and you have two VLANs 
plus an ILO subnet - so you could just use physical interfaces). dot1Q VLAN 
trunks on your interfaces is a good design, especially if you might want to add 
later VLANs to the design...

VLANs complexify your needed configuration, and might be where other admins 
could trip up.

Might be good to have a look at your routing table, on the diagnostics menu in 
the Web interface.

--
Regards,

Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7584 634135
http://www.coochey.nethttp://www.netsecspec.co.ukgi...@coochey.net<mailto:gi...@coochey.net>

Hi Giles,

My routing table looks like this:
Destination     Gateway Flags   Refs    Use     Mtu     Netif
default 178.78.221.93   UGS     0       25456153        1500    em0
10.0.0.0/24     link#10 U       0       2829    1500    em2_vlan2
10.0.0.1        link#10 UHS     0       0       16384   lo0
10.1.0.0/24     link#4  U       0       7927    1500    em3
10.1.0.1        link#4  UHS     0       0       16384   lo0
31.211.230.216/30       link#1  U       0       0       1500    em0
31.211.230.218  link#1  UHS     0       0       16384   lo0
84.246.88.10    178.78.221.93   UGHS    0       34164   1500    em0
84.246.88.20    178.78.221.93   UGHS    0       25712   1500    em0
127.0.0.1       link#7  UH      0       37469   16384   lo0
178.78.221.92/30        link#1  U       0       589543  1500    em0
178.78.221.94   link#1  UHS     0       0       16384   lo0
192.168.1.0/24  link#2  U       0       672     1500    em1
192.168.1.1     link#2  UHS     0       0       16384   lo0
192.168.2.0/24  link#9  U       0       1342636 1500    em1_vlan10
192.168.2.1     link#9  UHS     0       0       16384   lo0
192.168.10.0/24 192.168.10.2    UGS     0       2718508 1500    ovpns1
192.168.10.1    link#11 UHS     0       0       16384   lo0
192.168.10.2    link#11 UH      0       16      1500    ovpns1

I can't see anything wrong in the routing table EVEN if they are on different 
physical interfaces. I guess I could have all VLANs on one physical interface 
but that seems like another discussion and I still don't understand if this why 
pfsense is struggling with the routing.
Is it supposed to be supported?


_______________________________________________
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Reply via email to