thinking about 2.5Gbps Switch upgrade, any issues with pfsense?

S762

I’m thinking about upgrading 3 or 4 computers and a NAS to 2.5Gbps Ethernet. I built my own pfsense box in 2018 it’s been flawless. My ISP WAN port and pfsense box has a Quad Port Intel Nic at Gig. I’m looking at the reviews on switches and came across a TRENDnet switch. My question stems from one of the reviews, one reviewer said “This switch worked perfectly for 4 days then it started flooding my router with large packets causing it to go offline”. Is this something that could impact pfsense? Thanks in advance

stephenw10

A massive packet flood will affect anything! But that shouldn't ever happen.

Ghost 0

It's possible the reason he had issues with that switch is because he failed to enable STP (spanning tree protocol) due to loops that resulted in broadcast storms.

JKnott

@ghost-0 said in thinking about 2.5Gbps Switch upgrade, any issues with pfsense?:

It's possible the reason he had issues with that switch is because he failed to enable STP (spanning tree protocol) due to loops that resulted in broadcast storms.

That would only happen if there were more than 1 switch and were connected to form a loop. STP won't do anything if there's just one switch.

S762

@jknott said in thinking about 2.5Gbps Switch upgrade, any issues with pfsense?:

@ghost-0 said in thinking about 2.5Gbps Switch upgrade, any issues with pfsense?:

It's possible the reason he had issues with that switch is because he failed to enable STP (spanning tree protocol) due to loops that resulted in broadcast storms.

That would only happen if there were more than 1 switch and were connected to form a loop. STP won't do anything if there's just one switch.

trying to follow along the plan was to go from the pfsense Lan port to the new 2.5 switch with four dedicated 2.5 devices then tap off the new 2.5 switch with 1 Gig switch for the remaining devices that don’t need the faster hardware. Or I guess it don't matter I could even put the new hardware in back the existing gig switch.

The goal was to speed up NAS file transfers. So is it safe to assume the Amazon reviewer is a one-off? I have a tendency to always look at the negative reviews first and that stuck out so believed it be a good idea to ask here first before investing in anything new.

JKnott

@s762

Without knowing exactly what that Amazon guy did, I can't really comment beyond STP doesn't do anything if there aren't redundant paths. So, if you have more than one switch, just ensure there are no redundant paths that could form loops.

S762

@jknott Redundant in this case would mean the Amazon may have uplinked to the new switch twice without realizing it correct? Thanks for your help.

NOCling

@jknott said in thinking about 2.5Gbps Switch upgrade, any issues with pfsense?:

STP won't do anything if there's just one switch.

If one or more ports are active and STP is properly configured, it blocks loops.
Even if only one switch is in use.

Ghost 0

It appears that I have opened an hornets' nest vis-à-vis STP. I'm no STP expert. I regard myself as a newbie when it comes to networks. I just recently learned the basic concepts of STP when my relatively complex network kept crashing after adding a third switch. Since some of you here seem well informed, I have a few questions that may help me optimize/stabilize my network.

1, How long does it take for loops to bring down a network that has a poorly configured STP and must all the switches have level 2 management for the more robust RSTP to work?

background info....
---- My network is configured into two segments: LAN-a and LAN-b with four switches.
---- The gateway/router, pfSense 2.5.2, is an old repurposed HP workstation with Intel 4-port
NIC. The network consists of three managed and one unmanaged PoE switches; only one switch is a level-2. The others have only basic loop detection/prevention. RSTP doesn't seem to work properly when enabled in the D-link switch with level-2. It {D-link, DGS-1100-16V2} appears to only work when it's downgraded to basic loop detection and prevention only. Despite having loop detection and prevention enabled in all the managed switches, approximately every two weeks, my internet stops working. I have to just restart service "OpenVPN client: NordVPN" to bring it back online. Other than this little inconvenience , my network works great . I just recently added a UniFi LR AP that covers all of my 3000+ sq.ft house ; the UniFi software will transition to Raspberry Pi 4 (4gb) once available on Amazon.

2. Is this instability due to loops or a poorly configured pfSense?

3. Should I upgrade to 2.6.0?

stephenw10

@ghost-0 said in thinking about 2.5Gbps Switch upgrade, any issues with pfsense?:

Is this instability due to loops or a poorly configured pfSense?

Almost certainly not. If you get a flood created by a loop you will not be able to access anything.
Since merely restarting OpenVPN corrects it, and it sounds like that is a WAB connection, my first guess here would be that the default gateway is still set as automatic and is switching to something invalid.
But STP loop prevention should only be to prevent loops in the event something is mis-wired IMO. If your switches are connected correctly you should not have any loops.

Should I upgrade to 2.6.0?

It depends but probably. It will do nothing for STP though.

Steve