Pfsense with vlans directly to AP?

johnpoz

@steveits said in Pfsense with vlans directly to AP?:

, I can plug in a PC and tell it to be on any given VLAN number. That's not involving the router at all.

That is a horrible setup.. You can run tags over a dumb switch ok sure - but the switch doesn't understand them, so any broadcast, multicast is going everywhere.. Be it the devices are tagging their own traffic or not.

You don't have to have a 1k cisco full managed enterprise switch to run an office ;) You can pick up a smart 24 port switch for like 200$ or less - why would an office go through all that nonsense of having to configure every machine to tag their own traffic vs buying a capable switch or switches?

SteveITS

@johnpoz I didn't say it was ideal :)

Nor was I suggesting manually configuring each PC actually, the context here was having the AP do it.

johnpoz

@steveits said in Pfsense with vlans directly to AP?:

I didn't say it was ideal :)

hahaha - very true, but yeah I could see some ma and pa shop with exactly that setup..

Bob.Dig

My old and beloved Asus Router is doing it here and still going strong...

JKnott

@johnpoz

Or a home user. However, with the low cost of managed switches these days, why not get one? A few years ago, that wasn't the case. I remember, about 25 years ago, buying an 8 port, 10 Mb hub that was a more expensive than an 8 port, managed, Gb switch today.

yeleek

Thank you all

johnpoz

@jknott honestly I have no idea why anyone would buy a dumb switch these days. You can for sure get a "smart" switch that can do vlans and many other things users don't normally think about for a few dollars at most more..Shoot there are for sure "smart" switches that are cheaper than some dumb switches with the same port density.

While vlans the prob the most likely feature users want. For those few extra dollars you also normally get rate limiting, can set the speed on a interface if for example you don't want gig be 100.. Or easy check what speed an interface come up as. You can view the mac address table and know exactly what device is plugged into what port by mac address.

You can mirror a port for say sniffing, you can see for example errors on an interface. IGMP snooping,

Sure different switches at different price points will have different feature sets.. But quite often a so called "smart" switch in a 8 port gig model might be 40$ vs 35$ etc..

And while you might say to yourself oh I don't need those features today, save yourself a few bucks. What about 6 months from now? I just can not see why anyone that has made the step up from your typical soho wifi router to pfsense would ever buy a dumb switch.. Even if you don't have any use for any of the features today.. More than likely at some point in the near future your going to say, oh damn wish my switch could do that - should of spent the extra few bucks vs now having to get a whole new switch because I want to do xyz.

JKnott

@johnpoz

Sometimes I have to wonder about your reading comprehension. Did you not see where I said "However, with the low cost of managed switches these days, why not get one?"

stephenw10

Pretty sure he was agreeing with you.

JKnott

@stephenw10

@johnpoz and I sometimes have a bit of fun with each other.

BrucexLing

@johnpoz

... You can for sure get a "smart" switch that can do vlans and many other things >

I am aware that you hesitate to recommend the TPLink “easy smart” line of switches, and that’s probably understating your negativity somewhat. I am using the 24 and 8 port versions in a basic home setting but I don’t really understand why these switches fall short in your estimation. Could I please ask where you consider these “easy smart” switches fall short?

stephenw10

Some of the older 'easy smart' switches failed to handle VLANs correctly. You could not remove ports from VLAN1 meaning broadcasts leaked between VLANs. I have one of those.

I also have a newer, much more expensive, TP-Link switch and it works great, no complaints.

I'm not aware of any particular issues with their current low end switches either.