How To Set Up VLANs On An L3 Managed Switch (HP 1910) With pfSense

This site is getting more traffic than I had ever anticipated and, in order to support this self-hosted site and my homelab, I have upgraded to a 1 gigabit internet connection. In doing so, the bottleneck in my homelab network has shifted from the internet connection to the router itself.

This is a companion discussion topic for the original entry at

wonder why you wouldn’t bond0 LACP your host nics. trunk port-group (802.1q, LACP) your switch… and when you create your guests you designate their vlan in their hardware/network tab in pve. why is your switch doing any L3? leave your switch as only a layer 2 device, use pfsense as your ONLY routing/firewalling platform. I see what you’re doing but it seems like an unneeded added hop.

Hi @ddd,

I’m not sure if you meant this comment for this article or really meant my Configuring VLANs on Proxmox guide instead since you’re talking about PVE. As such, I’m not sure if you’re challenging the validity of L3 switches and arguing in favor of a router-on-a-stick configuration. Is that what you’re advocating? Where are you calculating the extra hop?

Happy to discuss with you, I just need to know what I’m supposed to be arguing against!

Also, welcome to the forums!


2 posts were split to a new topic: L3 Switch vs. Router-On-A-Stick and When To Use an L3 Switch vs. Router/Firewall

ah. I use a l2 managed switch as my edge device connected to an ONT (carrier provided) trunked to a openvswitch bond at the pve host which is using openvswitch bridge for guests . I use two Soho routers with DHCPd/routing disabled for WAPs (connected to switch at 1gbps each). pfsense running as a guest controls all address delegation and routing and firewalling. the hairpinning does half the potential for the group port (4 x 1gbps)… I haven’t seen much performance loss as a result of ``software routing’’. my pfsense instance is dedicated 3 cores of a x5650 and 2gb of ram.

I feel you though.

1 Like