Client should be educated on how dumb this design is and why it should not be used. Get a smart switch installed (they are CHEAP on the used market) and do it right or not at all. My $0.00 worth.
On 2011-09-01, at 5:01 PM, Ivanildo Galvão - IT Services<[email protected]> wrote: > > Let me explain what I want to do. > > I have a client who was using Linux as a proxy server it had this one LAN > interface and a WAN, LAN NIC in the virtual one he had, as follows: eth0: 1, > eth0: 2, eth0: 3, so he had: > > Eth0: 1 - 192.168.0.0/24 > Eth0: 2 - 192.168.1.0/24 > Eth0: 3 - 192.168.2.0/24 > > In each network that had a DHCP server, the machines that were registered in > the MAC eth0: 1 gave the DHCP IP with full access, same with the Mac machines > connected to eth0: 2, but only with Internet just released, unknown machines > fall directly on eth0: 3, do not access anything, not even the internet. > > The client took the pfSense me and wanted this same scenario, then how is the > pfSense I added in VMware virtual network adapters 04, and a WAN, a LAN, a > OPT1 and OPT2, enable DHCP on all but the WAN so I did: > > LAN - 192.168.0.0/24, OPT1 - 192.168.1.0/24, OPT2 - 192.168.2.0/24 to apply > the same concepts, I went on Static DHCP Mappings and added the MAC address > of each machine, tying the IP on the LAN and on OPT1, the OPT2 I left a > little gnashing of IPS, without tying MAC intrusive machines fall into it, at > first the plan was working, only two days later, he began to mess with MAC > machines defined in the 192.168.0.0 network / 24 falling on the > 192.168.1.0/24 network or OPT2 and vice versa, then stopped the mess When you > disable DHCP and OPT1 OPT2, I left the DHCP enabled LAN, OPT1 and just let > DHCP Static Mapping, is working well, but the machines that are on DHCP > Static Mapping in OPT1 only take IP and subnet mask, no gateway and no DNS, > then they do not sail, navigate maybe if I force the use of proxy in the > browser. > > In the DHCP service for each network I enabled - "Deny unknown clients" If > this is checked, only the clients defined below will get DHCP leases from > this server. > > This should not only ensure that the machines contained in the Static DHCP > Mappings ranger caught that IP? > > Well gentlemen, the question remains, what is the best solution that I adopt > to this scenario? How can I leave the pfSense like the way things were when > the client was using Linux? I know this is kind of workaround, but there is > no switch and wireless AP to make extra VLAN, then traffic from three > networks are on the same switch, but it is the pfSense sort out who belongs > to which network. > > > > Thanks, > > > > > Ivanildo Galvão - MCP, MCT, MCSA, VSP > > > > > -----Mensagem original----- > De: Jim Pingle [mailto:[email protected]] > Enviada em: quinta-feira, 1 de setembro de 2011 17:38 > Para: [email protected] > Assunto: Re: [pfSense Support] Static ARP > > On 9/1/2011 4:19 PM, Ivanildo Galvão - IT Services wrote: >> What does this function in pfSense DHCP? > > The ARP command, and ifconfig. > > Static ARP entries are added using the arp command and the info provided in > the GUI, and then the interface is configured to be "staticarp". It's all > handled by the OS then (FreeBSD). > > Note that it did not work properly in 1.2.3 (it never applied at boot time, > only when saved), but it does work in 2.0. At least it did last time I tried > it. > > Jim > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] For additional > commands, e-mail: [email protected] > > Commercial support available - https://portal.pfsense.org > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > Commercial support available - https://portal.pfsense.org > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
