Hello I need an help in order to understand if I did the homework correctly. 
on my homelab server I have 6 nics:
2x 1gb
- lan 250 - test only internet
- lan 220 - iot no internet (nvr)
2x 2.5 gb
- wan
- lan 201 - management
2x 10 gb
- 207 iot with internet
- 202 work
each one is connected to a linux bridge on proxmox.
Each one of these bridges has a virtual interface connected to a vm with pfSense.
Here I created a 5 LANs and a WAN (see below).
pfSense is the gateway, dns and dhcp server of each one network.
All the nics but the wan are connected to two unifi switches (an aggregation and a 24port).
On the unifi controller I created 4 vlans, then I set the right "vlan" to the its specific port
something like this:
aggregation
- port 6 (lan 207, block other) <==> 10gb nic lan 207 on proxmox server
- port 8 (lan 202, block other) <==> 10gb nic lan 202 on proxmox server
24 ports
- port 6 (lan 201, block other) <==> 1gb nic lan 201 on proxmox server
- port 8 (lan 220, block other) <==> 1gb nic lan 220 on proxmox server
- port 10 (lan 250, block other) <==> 1gb nic lan 250 on proxmox server
the switches are connected with a dac cable and the ports are set to "default" and "allow all" (as unifi default)
everything works, but I am not sure that the procedure I did is correct for stability security and performance.
Also, is it normal that on the unifi controller for each interface I see the real mac address and the virtualized one (assigned to pfSense)?
in yellow what I see on unifi. On top there is the pfSense gateway attached to the virtual nic and on bottom the mac address of the real interface (without ip assigned)
on my homelab server I have 6 nics:
2x 1gb
- lan 250 - test only internet
- lan 220 - iot no internet (nvr)
2x 2.5 gb
- wan
- lan 201 - management
2x 10 gb
- 207 iot with internet
- 202 work
each one is connected to a linux bridge on proxmox.
Each one of these bridges has a virtual interface connected to a vm with pfSense.
Here I created a 5 LANs and a WAN (see below).
pfSense is the gateway, dns and dhcp server of each one network.
All the nics but the wan are connected to two unifi switches (an aggregation and a 24port).
On the unifi controller I created 4 vlans, then I set the right "vlan" to the its specific port
something like this:
aggregation
- port 6 (lan 207, block other) <==> 10gb nic lan 207 on proxmox server
- port 8 (lan 202, block other) <==> 10gb nic lan 202 on proxmox server
24 ports
- port 6 (lan 201, block other) <==> 1gb nic lan 201 on proxmox server
- port 8 (lan 220, block other) <==> 1gb nic lan 220 on proxmox server
- port 10 (lan 250, block other) <==> 1gb nic lan 250 on proxmox server
the switches are connected with a dac cable and the ports are set to "default" and "allow all" (as unifi default)
everything works, but I am not sure that the procedure I did is correct for stability security and performance.
Also, is it normal that on the unifi controller for each interface I see the real mac address and the virtualized one (assigned to pfSense)?
in yellow what I see on unifi. On top there is the pfSense gateway attached to the virtual nic and on bottom the mac address of the real interface (without ip assigned)
Last edited: