Presently I run the beneath scheme. The issue is that when ESXi is down it takes down all of the community with it, so I’ve besides up one other router to log in to it.
WAN > OPNsense (in ESXi)> change (C3560G)
OPNsense is DHCP server
Factor is that i would love the change to take care of the DHCP, to keep away from being bare when ESXi wants upkeep.
Additionally must setup a VPN on OPNsense however will that be attainable if 3560 is performing because the DHCP server?
Because the 3560 is L3 i may have it act as DHCP server and deal with the VLANs, there’s some uncertainty in an OpenVPN VLAN creation by the OPNsense.
edit1:
It is a mockup of present/future community. Some stuff is overlooked however are of no significance.
Present ISPmodem can’t be set to bridge, ready for one with completely different FW, that may enable bridge mode.
There’s numerous house for enchancment and whereas the workplace will not be lively for the subsequent 2-3 weeks there isn’t any precise rush. All feedback are welcome.
In regards to the OPNsense state of affairs, I am sorry if I overstepped right here, I’m conscious of the overall thought for guidelines right here however as at my final place (~150 on website, ~20 distant customers) we had a pfSense working, it really did not even cross my thoughts that this might doubtlessly be off matter.
Subsequent edit will probably be with the mockup of the change configuration with which I’ll require numerous help.
So here is the very primary change config
Present configuration : 2717 bytes
!
model 12.2(37)SE1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname c3560g
!
!
!
ip dhcp excluded-address 10.0.0.0 10.0.0.10
ip dhcp excluded-address 10.0.10.0 10.0.10.10
ip dhcp excluded-address 10.0.20.0 10.0.20.10
ip dhcp excluded-address 10.0.30.0 10.0.30.10
!
ip dhcp pool mgmt
community 10.0.0.0 255.255.255.0
default-router 10.0.0.1
dns-server 10.0.0.2
domain-name LAN
ip dhcp pool trusted
community 10.0.10.0 255.255.255.0
default-router 10.0.10.1
dns-server 10.0.0.2
ip dhcp pool untrusted
community 10.0.20.0 255.255.255.0
default-router 10.0.20.1
dns-server 10.0.0.2
ip dhcp pool visitor
community 10.0.30.0 255.255.255.0
default-router 10.0.30.1
dns-server 10.0.0.2
!
!
ip routing
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface FastEthernet0/1
switchport mode entry
switchport nonegotiate
spanning-tree portfast
!
interface FastEthernet0/2
switchport mode entry
switchport nonegotiate
spanning-tree portfast
!
interface FastEthernet0/3
switchport entry vlan 10
switchport mode entry
switchport nonegotiate
spanning-tree portfast
!
interface FastEthernet0/4
switchport entry vlan 10
switchport mode entry
switchport nonegotiate
spanning-tree portfast
!
interface FastEthernet0/5
switchport entry vlan 20
switchport mode entry
switchport nonegotiate
spanning-tree portfast
!
interface FastEthernet0/6
switchport entry vlan 30
switchport mode entry
switchport nonegotiate
spanning-tree portfast
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/24
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
ip handle 10.0.0.1 255.255.255.0
!
interface Vlan10
mac-address 0090.0c64.7301
ip handle 10.0.10.1 255.255.255.0
!
interface Vlan20
mac-address 0090.0c64.7302
ip handle 10.0.20.1 255.255.255.0
!
interface Vlan30
mac-address 0090.0c64.7303
ip handle 10.0.30.1 255.255.255.0
!
ip default-gateway 10.0.0.2
ip classless
!
ip flow-export model 9
!
!
!
!
!
!
!
!
line con 0
logging synchronous
!
line aux 0
!
line vty 0 4
login
!
!
!
!
finish
Now I might want to add some entry record, hopefully avoiding limiting every vlan one after the other, however will come to it if nothing pops up.