Should I use my available ports to connect multiple switches?
-
You do want to use PFSense to firewall or route but not to bridge.
-
Well in "general" terms you could say they are all on the same network - your network ;) They would just be on different segments. Be it vlan or physical segments. I have 7 different network segments in "my" network ;)
And then 4 of those segments are enabled for ipv6..
All of the devices can talk to each other, as long as it is allowed in the firewall of pfsense. Since they are not all on the same L2/Broadcast domain then no they can not broadcast for names or see multicast traffic from devices not on the same network segment. But I have zero issues with devices talking to each other.
-
Thanks again for the info, I think I'm tracking now. The only issue I could see with lack of broadcast capability is using the chromecast devices. If my phone is casting, it'll be on the wifi network but the Nvidia shield would be on one of the switches. Not the end of the world.
-
Take the first set up and let it like it is. Or connect the WLAN AP to one of the both switches perhaps, but nothing else.
Set one LAN port from the pfSense up with 192.168.1.0/24 (255.255.255.0) and the other one with 192.168.2.0/24
and that would be my way to configure it out. There must nothing be bridged together because routing is the way
to go here. -
So, I hit a couple snags regarding not all my devices being on the same layer 2.
First, my ADT security system. It has a base station that I have installed on the living room switch (192.168.2.X), but the included wifi tablet connects to my access point, which is on the office switch (192.168.1.X). In this configuration, the tablet cannot see the base station.
Second, similarly, my Sonos system. The Sonos system requires that 1 device be physically connected to a network. The only convenient location for me to do that is in the living room. Similar issue though, the Sonos Android app on my wireless devices can't see the Sonos speakers because they're on different l2's.
Given issues like this, how would y'all set it up? I could always be lazy and daisy chain my 2 switches together so that everything is on the same network, but I have to believe this isn't the best way to go about it. Is there a way to allow the networks to see/talk to each other? I'm willing to buy smart switch(es) if that is a requirement. I'd like to set up my network using "best practices" if I can.
Thanks again.
-
daisy chain the switches would be better than trying to bridge interfacs… A far as your ADT.. so what does it use to discover the base station? Can you not just enter an IP of the base station?
but your base station on the same network as you wifi network then.. pfsense - switch - AP with your base station connected to that switch
Or you can try running avahi package that allows for mdns across segments - which it might use?
Seems like you have devices that need to be on the same L2 as your wifi - so just connect your AP to that switch.. Or better get smart switches and real AP that does vlans.. Then you would be cooking with gas! ;)
-
A far as your ADT.. so what does it use to discover the base station? Can you not just enter an IP of the base station?
but your base station on the same network as you wifi network then.. pfsense - switch - AP with your base station connected to that switch
Or you can try running avahi package that allows for mdns across segments - which it might use?
That stupid ADT system is totally and completely closed off. Settings, especially advanced ones, do not exist. For many reasons I HATE it, and can't WAIT to get rid of it.
Seems like you have devices that need to be on the same L2 as your wifi - so just connect your AP to that switch.. Or better get smart switches and real AP that does vlans.. Then you would be cooking with gas! ;)
Well, my UniFi AC Pro came in yesterday, so I'm on my way! I got the UniFi software running in a docker container on my server but I haven't actually set it up yet. I want to do this the right way (ie, the more complicated way), to force me to learn. As I've seen it, 8-port smart switches aren't terribly expensive. If you have a recommendation I'm all ears. I'll google around and try to pick a good one for the money.
I'm not familiar with VLANs so I'll have to do more research. I don't want to be the "how do you do this, how do you do that" guy. You make it sound like with the right equipment, I can use NIC2, NIC3, and NIC4 for LAN1, LAN2, and Wifi, and everything can "virtually" share L2 using VLANs. If this is the case, that's the "route" (nerd pun) I want to go.
-
no you can not use nice2, 3 and 4 for lan 1.. But you could could lagg them so its 1 connection to your switch and run whatever vlans your using over the lagg.. Or you could use opt2 for network lan, and opt3 for wlan, and opt4 for some other network and each of those would have a uplink from your switch.
And then you can put whatever ports you want on an whatever network you want, and then depending on what vlan you assign to your different SSID physical ports could be on those same vlans so that you have wired and wireless devices on the same layer 2.
With smart switches you could use a lag between switches so you have more bandwidth between the switches. Or depending on the switch you get you could use a sfp+ module and fiber to get more than 1gig on your uplink.
Keeping in mind that 1+1 does not =2 in a lagg, it just means you have 2 1gig connections and you can load share different connections over, etc. But any specific mac talking to another specific mac over that lag would only still go over 1 of the connections so you could still hit your 1 gig limit on the connection.
How fast is your internet? What do you have that needs to talk to each other at full gig speed - you put those devices on the same layer 2 so your not routing/firewall them through pfsense. And if possible you connect them to the same switch so your not using up your uplink between switches since the uplink is shared by all devices on that switch trying to get to the other switch/internet/etc..
Proper design of a lan requires understanding of traffic flow to provide max possible bandwidth, etc. But in a home setup unless you have multi gig internet, the ability to just vlan and place devices on whatever vlan you want no matter what port they are on will be big improvement.
In larger lans this is why you have different layers the access layer, the distribution layer and then the core, etc.. And even larger lans with more bandwidth requirements you see even downstream L3 switches doing the routing between networks vs doing it at your edge/firewall (pfsense in this case)
Uplinks between switches normally in a real lan are 10gig or more while you have devices connected at gig, etc. etc..
There are plenty of smart 8 port gig switches for very cheap.. What kind of budget are you thinking? You could spend as little as 30$ or 200.. or into the 1000's depending on what port density you want/need and feature set. But a starter home switch that gives you the basics, vlan, port mirror, rate limiting, etc.. your looking at like 40$ Netgear and TP-link have these switches for right around the 40$ price point.
https://www.amazon.com/TP-Link-8-Port-Gigabit-Ethernet-TL-SG108E/dp/B00K4DS5KU
$33https://www.amazon.com/dp/B00M1C0186/ref=twister_B01AKLC5NI?_encoding=UTF8&psc=1
$45Then you could go fancier with something like sg350 10 port with sfp+ support on 2 ports for like 300$
https://www.amazon.com/SYSTEMS-Sg350-10P-10-Port-Gigabit-SG35010PK9NA/dp/B01HYA36RMOr if you like the unifi AP you bought they make switches that are in the 200$ range and even poe to power your AP..
This 150W poe that does passive.
https://store.ubnt.com/unifi/unifi-switch-8-150w.htmlThis is smaller poe 1 that only can do 60W, but doesn't support passive - so if you have your pro AP your good, but if you have a LR or Lite model that needs passive you would need passive converter for 20$ each
For only 110$
https://store.ubnt.com/unifi/unifi-switch-8-60w.htmlOr a non poe 1 for 99$
https://store.ubnt.com/unifi/unifi-switch-8.htmlThe nice thing about those - is you would manage them from your controller your going to run for your AP anyway.
-
Wow man, thanks for all the info. I only understood about half of it, but it gives me a GREAT start to research.
Honestly, I definitely don't NEED a super awesome, optimally configured network. I only have 40/20 at my house, so I'm not blazing fast by any means. I WISH I could get faster, but unless I go with Comcast (NOT HAPPENING), 40/20 is the fastest available. The most bandwidth-intensive task I perform is using Gamestream from my W10 VM to my android devices, but it's always just me. I'm either streaming 1080p video somewhere, or gaming, but it's not like I need the infrastructure to do a bunch of simultaneous bandwidth-intensive tasks. I'm sure I could daisy-chain the dumb switches, put everything on the same LAN, and never notice an issue. But, where's the fun in that?
Regarding the managed switch, I was looking in the <$100 range. That UniFi 8-port PoE looks like a great fit, since I already have that AP.
-
John is definitely the man, totally helped get my complicated setup with Vlans and trunk ports working. Thanks again John.. It takes a bit to get your head around it but in the end it is worth it to have a robust network that grows with you.