PFSense paired with a 10GB switch offers strong performance and reliability.
PFSense paired with a 10GB switch offers strong performance and reliability.
I've had a PF Sense box running smoothly for many years. I'm weighing whether to upgrade to a larger 10GB or 40GB switch. The main concern is whether my internal network traffic will affect performance on the 10GB switch. I'm hoping the software can manage IP assignments and handle remote access while the switch takes care of the rest, avoiding the need for TNSR. Any advice would be appreciated.
No, only DHCP traffic passes through the pfSense unit. Basic concepts. My setup relies on static IPs, so I can disable the pfSense entirely and the rest of the network still works. (The devices using DHCP will simply stop responding.)
Thanks for the details. pfSense limits data transfer overall, but since my fiber connection doesn’t hit that cap, I’m good on that front. All the key info is set up, including the static IP.
It varies based on the network configuration and connections, but by default, two machines linked to the same switch won’t need to pass through your PFSense device.
It's important to note this if your PFSense operates as a router on a single device. Otherwise, it won't create a bottleneck. When VLAN routing happens on the switch, performance remains unaffected.
Certainly, I recognize you can set up port isolation, private VLANs, or whatever your provider refers to. That’s why I mentioned it from the start. In typical router-on-a-stick arrangements, devices within the same VLAN don’t need to pass through a default gateway either. What you’re describing applies only when port isolation is turned on. If you enable that feature, you’re telling people that two hosts on the same network can communicate directly without routing through a router. You seem to imply that with a router-on-a-stick setup, traffic from the same VLAN would be sent to the router instead of being forwarded in a switch. That’s incorrect unless port isolation is active. The usual expectation is that even with a router-on-a-stick, intra-VLAN communication stays within the switch. This only holds true if port isolation is enabled. You’re suggesting that router-on-a-stick forces traffic to the firewall, which isn’t accurate. It’s not about routing; it’s about VLAN segmentation and switching behavior. If port isolation isn’t enabled, you lose that routing path. I suspect there’s some misunderstanding in how these concepts are being presented.
This topic involves understanding how traffic moves between different network segments—both inside and outside VLANs. Modern switches like TrendNet, TP-Link, EnGenius, UBNT, and others handle isolation at various layers, depending on configuration. Port-based separation isn't always necessary for intra-VLAN or inter-VLAN control. When L3 routing is enabled and the switches aren’t centrally managed, MAC-level isolation automatically activates. This functionality is intentional, not a mistake, and it’s something many users encounter frequently. It’s important to recognize this as a standard feature rather than an error.
This discussion covers different network concepts. Intra-VLAN refers to communication within the same VLAN, while Inter-VLAN involves routing between separate VLANs. Some configurations can direct traffic inside a VLAN to a default gateway, which relates to port isolation or private VLANs—not something router-on-a-stick handles. Router-on-a-stick is unrelated to port isolation and focuses on basic routing capabilities. The term "port-based isolation" is often used for private VLANs, but it’s not a standard technical term. You mentioned enabling L3 routing on a switch, which isn’t typically associated with router-on-a-stick. Your questions seem to mix ideas about switching features, routing modes, and terminology that aren’t directly connected. Clarifying these points would help avoid confusion.