> On Feb 27, 2015, at 10:21 AM, Chuck Mariotti <[email protected]> wrote: > > I am starting this weekend to setup the same situation... So a simple > failover situation requires that we have TWO public IP addresses then? > I am starting to second guess if it's smart to use a VLAN on a shared switch. > If it fails, then I have more problems at multiple levels vs. a simple dumb > switch.
Three, actually. One for each interface and one shared CARP address. It appears that using pfSense 2.2 you can use private addresses for the WAN interfaces and CARP hellos and a single, routable address for the shared CARP VIP but I don’t think ESF has approved that technique yet and if the public IPs are available that would be what I would do in production. I can’t see a blank VLAN on a managed switch for your three WAN connections being any less reliable than a dumb switch and it would be tremendously more flexible (Think mirror ports and packet captures/monitoring on WAN, for instance.) _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
