Home setup network architecture
-
Asus does not support vlan tag ports to a ssid, what it can do when in router mode tag ports to the ssid's vlan example guest ssid and ports 2 will be on same vlan, but not in AP mode pass pfsense vlan tags to ssid. Btw you can do it using ssh and scripts but that is a nightmare that sometimes does not even survive reboots, Just get a unifi AP and sell the Asus
-
Thanks for the feedback.
Yes I' planning to get a 24P layer2/3 smart swtich more about getting the money for it.
I'm using my ASUS RT AC68U with dd-wrt, I thought it would work to use vlan features for it?
https://coertvonk.com/technology/networking/dd-wrt-heading-two-networks-asus-rt-ac68u-11717I've been looking to invest in an Unifi AP Pro as well, but feels more important to replace the unmanaged switches first.
Regards, D
-
Serious doubt you need a Layer 3.. Doesn't hurt to have the ability to do that - but even a very large home network need of a downstream router from your edge is unlikely..
-
Actual you may try out to connect on each LAN Port a dump switch, so you might be able to set up for each LAN Port another
subnet (CIDR) with its own IP address range (private) and its own DHCP server too! So you don´t need to set up VLANs, and
for the entire WiFi network you may only need to install or connect two WiFi routers acting in the so called WiFi AP mode.But is you want to set up and work with VLANs you should be buying a Layer2 switch with enough ports matching to the number
of your devices, and as second it will be fine to get a real WiFi AP that is supporting VLANs and multi-SSIDs too.And a small Layer3 switch will be only needed if you have many big files that must be transported likes backups or other
greater workloads, that must be not really passing each time the pfSense firewall and narrows down the entire throughput
and agility of your firewall. Together with VLANs and QoS you may better sorted with a small Layer3 switch because you get
the guaranty that the entire traffic will be routed with "wire speed".Good switches will be in my eyes;
Layer2 (SOHO/SMB)
Cisco SG200
Cisco SG220
Cisco SG250Layer3 (SOHO/SMB)
Cisco SG300
Cisco SG350
Cisco SG500
Cisco SG550
D-Link DGS1510 -
How to article does not cover setting AC68U trunk port to pfSense opt0.
I would be up to the challenge to get 'er done with existing hardware. My personal preference would be AsusWrt because it supports hardware acceleration, dd-wrt does not. Sometimes a nightmare situation can become the excuse needed to run out and get a unifi AP and Cisco SG200.
-
"you may better sorted with a small Layer3 switch because you get the guaranty that the entire traffic will be routed with "wire speed""
But at the loss of control.. Depending on the hardware he is using for his pfsense - its quite possible he will not notice any loss of bandwidth between local segments due to routing/firewall rules.
With design of network to put devices he moves large files between on the same layer 2 you remove any performance hit on the routing/firewall at all. Comes down to what is desired more control with ease of rules that pfsense allows or faster routing. Even with my pfsense being in vm on older microserver I still see approx 400mbps between segments. But then again my storage/plex is on the same L2 as my main workstation - wireless devices are on a different segment along with my wired roku, but they only ever stream stuff from the plex so have not run into any sort of bandwidth issues.
Putting multiple vlans on the same physical interface that require intervlan traffic at high speeds is normally where you see the biggest performance hit. This can be configured around - especially if you have a pfsense box with 4 physical interfaces.
-
How to article does not cover setting AC68U trunk port to pfSense opt0.
I would be up to the challenge to get 'er done with existing hardware. My personal preference would be AsusWrt because it supports hardware acceleration, dd-wrt does not. Sometimes a nightmare situation can become the excuse needed to run out and get a unifi AP and Cisco SG200.
hardware acceleration in AP mode???
-
Yes. Asuswrt running in AP mode. Tools->Network->System information->HW Acceleration shows Enabled (CTF + FA). It is not clear to me what is your question.
-
Asus hw acceleration is hardware NAT so you do not need that in AP mode and also WTH does he need HW Acceleration for as a dumb AP and not to mention the good processor that Asus has
-
I get it. Your point is Asuswrt HW acceleration Enabled (CTF + FA) does nothing in AP mode. You only mention HW NAT but what about Flow Acceleration enabled?
My model is a BCM4708 800MHz CPU
-
Aldo it shows enable it has no effect in AP mode and the CPU you have is great for Ap mode 8)
-
Are you going by actual test results when you state that Asuswrt HW Acceleration Enabled (CTF + FA) has no effect in AP mode or just speculating? Well at least you are not saying that it is a liability.
Some hardware revisions of AC68U have BCM4709 1GHz CPU
-
First in AP mode there is not much seance for hw acceleration as all a dumb AP does is pass packets that CPU is fast enough and also Eric (Rmerlin) said the same thing in a post on smallnetbuilder
