> From: David Miller [mailto:[email protected]]
>
> Yes for inter-VLAN routing within the building I'd use the switches to get the
> line speed routing available in the switch. I don't see any reason to send
> the
> traffic to pfSense just to have it send the traffic back if you don't have to.
> Also I just had a look at the 3750 spec sheet it appears to support OSPF and
> EIGRP (Cisco's proprietary dynamic routing solution). It's not too common for
> a Layer3 switch to support dynamic routing protocols so I can't say how
> complete this support is but it's there in some form.
As Adam says:
The Cisco 3750 does support full layer-3 capability, its OSPF
implementation is
about as complete as you’d find in a x800-series router running IPBASE. In
fact, it’s routing speed will be pretty close to what an 1801 router could
do –
i.e., not wonderful.
> ... If they do
> then you could keep all the routing on the Cisco switches and just use
> pfSense to setup the VPN tunnel. Otherwise I would use the hybrid
> approach and let the pfSense boxes route between buildings leaving the
> switches to route between vlans.
I think that if running OSPF on the 3750 is going to bottleneck everything,
I'll just use the static routes I currently have, just change them to point to
the pfSense box instead of the wireless link and let the pfSense box do the
routing between buildings and the VPN backup. If I'm understanding this
correctly, I do not need to set up the pfSense box to be a trunked port as it
will already have VLAN tags stripped by the switch correct? I'll have to look
up info on QoS next and then hopefully get some spare time to set up a box
again to get a feel for everything over the weekend. And then as soon as
everything calms down after the start of the new school year, maybe go in over
a weekend with the boss and try and put it in place to see how it works.
Probably only at one remote building and my office, which is the DMARC for the
building and connected by fiber to the main DMARC.
One concern I just thought of now. How much of an impact would it be having the
pfSense box that acts as the main VPN endpoint at the DMARC in my building
instead of the main DMARC at the other end of the fiber.
Basically,
Building A = Main DMARC
Building B = Connected via Fiber
Building C = Remote Building
Building D = Remote Building
Building E = Remote Building
Building A hosts the main internet connection.
Building B is connected via fiber to Building A (believe it is a 2Gb backbone)
Building C is connected to Building A via ~150Mb wireless
Building D is connected to Building C via 100Mb wireless (Building C has 2
separate wireless radios)
Building E is connected to Building A via 100Mb wireless
All 5 buildings also have a cable connection provided by Comcast over which I
will be running the backup VPN.
The core router (for whatever archaic reason) is located in Building B.
Building B also used to have a second router (it still does, just not active)
that was connected to the T1 lines to the remote buildings. (I believe this is
why the core router is in Building B as the main internet was not always the
wireless tower that was installed at building A.)
Now that I recall how the network is set up, I don't think there will be an
issue having the VPN terminate in my building.
> Good luck. Let us know how it works out.
Will do. :)
Also, I apologize for previously requesting a read receipt on my last email.
--
John McDonnell
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Commercial support available - https://portal.pfsense.org
