What's new

Using pfSense with a L3 core switch

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

If both the source and destination are wired up and on the same switch, should be no impact on any other traffic - port to port on modern switches is non-blocking, the SoC/fabric should have more than enough BW to do max traffic across all the ports...
The broadcast domain makes a difference. This is layer 3 when assigned a network and not flat. You can do it with a L2 switch. If you only have a couple of devices then you can get away with it but as the numbers grow your network starts to slow down. Windows PCs are especially bad.

I never will give up my L3 switch. It's easy for me to run. And it is the better network structure.
 
Last edited:
The broadcast domain makes a difference. This is layer 3 when assigned a network and not flat. You can do it with a L2 switch but not a flat network.

On a small network, port to port is not going to impact other traffic...

An unmanaged switch is a layer 2 switch...
 
On a small network, port to port is not going to impact other traffic...

An unmanaged switch is a layer 2 switch...
You cannot control broadcast domains with a dumb switch. You need a L2 switch that supports vlans which is what I was talking about.

This thread is about L3 switches and pfsense. Start an another thread. I am not interested in L2 switches.
 
Last edited:
You cannot control broadcast domains with a dumb switch. You need a L2 switch that supports vlans which is what I was talking about.

I'll repeat this - an unmanaged switch is a Layer 2 switch - it operates at the Data Link Layer - OSI Layer 2

Are you confusing this with a hub?
 
If both the source and destination are wired up and on the same switch, should be no impact on any other traffic
They must be on the same VLAN, as well. If not, then the traffic goes through the firewall if there is a L2 switch.
An L3 switch connects VLANS.

I guess that @coxhaus has his NAS on a separate VLAN.

 
So how do you know you are forwarding to QUAD9 using unbound and it is not resolving it?
I am running https://dnsleaktest.com/results.html I guess I have to trust it.

I saw this about DNSSEC needs to be turned off for QUAD9.

I know for sure if I use forwarding and not unbound I am forwarding to QUAD9?
I have noticed I have seen some misses. I just get a white screen saying the operation could not be perform retry again.
I have unchecked DNSSEC and Harden DNSSEC data. I want to see if those empty screen misses go away. They don't happen very often but over time I see a few.
I am still not completely sold on unbound. I am working on it. I used forwarding for at least 30 years.
 
Last edited:
I am not mixing this up start your own thread.

I don't understand your comment here... seriously..

Any switch is L2, has to be, or it's not a switch - there are some "lightly managed" switches that are not really L3, as L3 requires management, and usually have a lot more options - some L3 switches basically could be considered router/gateway/firewall/load balancers with a wide variety of rulesets about them...

Please don't be so pedantic about this... at Layer 2, a switch is a switch is a switch.
 
Please don't be so pedantic about this... at Layer 2, a switch is a switch is a switch.
Once you add broadcast domains then dumb switches don't play as you cannot control a broadcast domain without VLANs. Yes layer 2. But nobody uses VLANs without networks being defined to them especially in a large network so at this point you are layer 3. I have seen networks very slow because broadcast domains are out of control using Windows PCs.
 
So, I just figured out PowerD speedstep no longer applies to my 6 gen i3-6100T cpu. I was noticing my cpu speeds were staying close to the top speed and I had temp creep. My temps were staying higher.
I determined my cpu supports speedshift and not speedstep. I turned off PowerD and I added tunable variables. I found this on pfsense forums and I followed it. My temps are lower with lower cpu speeds. I think it works but I am not very educated about this. Is anybody else doing this? I looked in my logs and my cpu matched this. I tried both 75 and 80 and I cannot tell a difference. The low speed is the same for both for me.
I just hit 31 degrees C at 897 MHz.

From pfsense forums
"I had an i3-7100 that was mostly on 2398MHz (of 2400)
It wasn't actually running hot, the Hystou/Protecli chassis must be a nice cooler.
But no reason to waste power .....

I ended up with these notes in my 23.01 install log

On 23.01 it seems like they changed the way to control the CPU speed (Speed Shift).
This overrides the old SpeedStep , if the CPU is Speed Shift capable , and practically rendering the old pfSense PowerD unusable on those CPU's

In order to control Speed Shift on the newer CPU's supporting it do the below:

Check in the boot messages if the cpu supports Speed Shift.

My Hystou Box dmesg output:

It's an i3 7100 - with just 2 cores & HT , but it seems like the HT's are seen as cores.
hwpstate_intel0: <Intel Speed Shift> on cpu0
hwpstate_intel1: <Intel Speed Shift> on cpu1
hwpstate_intel2: <Intel Speed Shift> on cpu2
hwpstate_intel3: <Intel Speed Shift> on cpu3



So I have to add Speed Shift control for that CPU.

Go to - System --> Advanced --> System Tunables

Add an entry per core you found via dmesg.

NB. : I ended on a value of 75 instead the below 80 , and i disabled PowerD"


dev.hwpstate_intel.0.epp
80
CPU 0 Speed Shift Level

dev.hwpstate_intel.1.epp
80
CPU 1 Speed Shift Level

dev.hwpstate_intel.2.epp
80
CPU 2 Speed Shift Level

dev.hwpstate_intel.3.epp
80
CPU 3 Speed Shift Level
 
Last edited:
So, I have been watching my temps in pfsense's dashboard and they seem to stay lower. I think I am saving electricity using Speed Shift. You need to add the above to control Speed Shift if your CPU supports it otherwise your CPU is going to run hot almost maxed out. PowerD has no effect on CPUs that use Speed Shift.

You should probably look in your logs to see how your CPU is defined. I have 2 real cores with 2 hyper threads and pfsense defines my CPU as 4 cores. So, I made 4 entries for 4 cores.
 
Last edited:
I am back to unbound with a secondary QUAD9 IP address 149.112.112.112.

I have switched off automatic in my Cisco 150ax APs. The auto works better than the older Cisco APs. I am not happy with it. I ended with too much channel overlap after a while. So, I manually set the channels. I left power levels and roaming to auto. I will see how this works.

I am still looking for a miss and I don't know if any of the above could cause the miss.
 
I swapped out my Cisco layer 3 switches today. I am now running on a new Cisco cbs350 switch. It was fairly painless. I preconfigured the switch on my desk. My only problem was when configuring I said I am going to enable DHCP which I quickly forgot about. I had all the DHCP scopes defined with setting, but I forgot to enable DHCP. To switch them out I stacked the new switch on the old switch and proceeded to move cables up to the same physical ports. It was a direct replacement, I set it up that way. When I powered up the new switch no clients got an IP address. It did not take too long to fix it, and everything started working again.

I had killed one of my ports on my old Cisco SG350 switch. I configured it wrong by accident and I could not get it back. I figured the switch has had too many software updates without a firmware reconfiguration over the last 5 years from a fresh start. I will reinitialize the switch to the latest firmware code.
 
Cool - how many ports, and did you also go with the Cisco Business Dashboard option?
I have 8 ports copper with POE+ with 2 ports copper or fiber. I was looking at the Dashboard which is new and I don't know what it is? I am pretty much full with the ports. I think I have 2 free ports. I still have a 10 gig SG-350 switch. It can get a little noisy if it gets hot.
I need to research the dashboard. What do you know about it? I am getting old and out of date.
 
I need to research the dashboard. What do you know about it? I am getting old and out of date.

I don't know much about it either, my best guess is that it's a deployable application suite for on-prem - make sense for small/medium enterprise where they have to manage multiple switches/access points and have a view of the network...

Similar to the Meraki soft controllers...
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top