pfSense setup recomendation - yet another one

stephenw10

@lawri said in pfSense setup recomendation - yet another one:

I need for LAN to be up even if WAN connection is down. Cause I don't have Gbps WAN, my main concern is getting steady 1 Gbps LAN connections

There's no reason the LAN would go down if the WAN does.

You only need 1G LAN connections if you are going to be using multiple internal interfaces and routing between them. VLANs perhaps? Otherwise you will only ever see the WAN-LAN traffic there at the available WAN bandwidth.

Steve

LawRi

@stephenw10 said in pfSense setup recomendation - yet another one:

@lawri said in pfSense setup recomendation - yet another one:

I need for LAN to be up even if WAN connection is down. Cause I don't have Gbps WAN, my main concern is getting steady 1 Gbps LAN connections

There's no reason the LAN would go down if the WAN does.

That is happening on my current router, I need to reboot it every time it disconnects from WAN and in that time my LAN is also down.
That is what I noticed. Maybe problem is something else in router, too weak to be router and AP and DHCP so it shuts down every day once. :)

You only need 1G LAN connections if you are going to be using multiple internal interfaces and routing between them. VLANs perhaps? Otherwise you will only ever see the WAN-LAN traffic there at the available WAN bandwidth.

Steve

I was referring on gigabit traffic between devices in local network. Does router have anything to do with that, I mean CPU power of router? I'm maybe asking stupid questions, but my knowledge of networking is limited. Also English is not my native language.
If cpu of router doesn't have anything to do with local traffic in LAN then cheapest of those 3 is my best option :).

stephenw10

Yeah, that sounds like some quirk in the Huawei router you have. pfSense would not disconnect the LAN if the WAN goes down. You may see some slowness connecting to it initially in that situation because the initial page, the dashboard, tries to check for updates etc.

Traffic between hosts on the same subnet doesn't go through the router so you should never see any throttling due to the LAN side interface or CPU. The only exception to that is if you have bridged interfaces but it's unlikely you would do that.

Almost anything will have no problem routing/filtering etc at 100Mbps.

Steve

LawRi

@stephenw10 Thanks for answer

What is right way to connect 2 switches to pfSense router?
I have two with 8 ports, should I connect one to LAN port and other to OPT1 port on pfSense router? Then I have to set 2 VLANS?

mer

@lawri
My opinion:
If you are setting up LAN and OPT1 as 2 different network segments, say one on 192.168.1.0/24 the other on 192.168.5.0/24 then one switch connected to LAN, the other connected to OPT1. That gives you separation, so you could use LAN for your home/personal network, OPT1 could be for work or a guest network. Then setup firewall rules on LAN and OPT1 to block or allow traffic as needed.

If you need VLANs and the switches support them, then set them.
If you don't need VLANs or the switches don't support them, don't set them.
Typically VLANs are used to give you separate network segments when you don't have enough physical interfaces to do what you want.

stephenw10

Yeah it depends how many internal network segments you have and where those need to be available.
So if you have multiple VLANs and need to be able to connect hosts on either switch to any VLAN then you would probably want to connect the switches to the same interface in pfSense (or a LAGG pair).
If you have only two segments and can have hosts divided on each switch then you could connect one switch to each interface on pfSense and avoid using VLANs at all.

Steve

LawRi

This is what I want to achieve.
Can you look at it and give suggestions?
I think I have to use VLANs for this.

stephenw10

Yes, you would need VLANs to separate the different devices on each switch. However it doesn't look like you have hosts on any particular segment on both switches so it should be fine as shown in the diagram.

Steve

LawRi

@stephenw10 Thanks

I need to do like this cause I don't want to buy new switch with more ports.
Maybe in future.

LawRi

In the end I went with Dell Wyse 5070 Extended.
I also put Dell 09YD6K 4-Port 1 Gbps Ethernet NIC inside.
That is Intel i350-T4 card.
I had problems with this card cause when I put it inside, dell was not posting anymore.
It signaled memory problem.
So if anyone has similar problem with i350 card, solution is to block pins B5 and B6 with electric tape.
After that it posted and everything works ok.
Solution was found here: Modding a Dell Perc 6 / Dell H310 / Dell H710 (other LSI 1078 or 9223-8i based) SAS Raidcontroller.
In comments on that blog post, someone mentioned i350 NIC.