On Thu, Aug 18, 2011 at 1:11 AM, John McDonnell <gorgar...@ymail.com> wrote:
> One more question about OSPF routing, am I going to want to remove the > routes from the switches or would it be beneficial to leave them in there, > but point to the IP of the pfSense box and have it do OSPF routing to > determine if it should go over the normal wireless links or over the VPN? > I'm not sure, but I'd think that having the switches doing the basic > routing > to determine if it needs to go across a link would be more efficient and > faster than passing that to the pfSense box and then back to the switch if > it's only in a different subnet at the same building. Not sure how I'd > incorporate QoS on the VOIP in this manner though, perhaps a virtual IP? > Yes for inter-VLAN routing within the building I'd use the switches to get the line speed routing available in the switch. I don't see any reason to send the traffic to pfSense just to have it send the traffic back if you don't have to. Also I just had a look at the 3750 spec sheet it appears to support OSPF and EIGRP (Cisco's proprietary dynamic routing solution). It's not too common for a Layer3 switch to support dynamic routing protocols so I can't say how complete this support is but it's there in some form. I'm not sure what image you need to have on the switch to get access to this functionality. So you would have to do some research into if your images support these protocols and if they support enough of the protocol to do what you need. If they do then you could keep all the routing on the Cisco switches and just use pfSense to setup the VPN tunnel. Otherwise I would use the hybrid approach and let the pfSense boxes route between buildings leaving the switches to route between vlans. Thank you all for your thoughts and I think I'm a bit closer to being ready > to give this a test run once I get some spare time in a couple weeks. > Good luck. Let us know how it works out. -- David
