Newb questions - switches managed and unmanaged
-
And my position is taken from experience with unmanaged devices that DID NOT properly forward dot1q frames. You do realize it changes the maximum frame size from 1518 to 1522 bytes I assume? You must acknowledge that there might be some devices out there that get confused by that and drop your perfectly valid dot1q frames because they were not designed to deal with them.
It has been said time and time again that it might work and might not.
Though I em extremely glad it works for you in your environment with your gear, It is still lousy design practice and lousy advice.
 -
You do realize it changes the maximum frame size from 1518 to 1522 bytes I assume?
Yes, and I did mention older equipment may have problems. However, the spec has been updated over the years to allow larger frame to accommodate VLAN tags. Also, as I mentioned, a lot of equipment can now handle jumbo frames, which can be 9KB or more, a lot bigger than a VLAN frame.
-
Here's a bit more info:
"802.3ac 1998 Max frame size extended to 1522 bytes (to allow "Q-tag") The Q-tag includes 802.1Q VLAN information and 802.1p priority information."
from https://en.wikipedia.org/wiki/IEEE_802.3The 802.3ac spec, which extends the frame size to 1522 bytes was set in 1998. That's 19 years ago and a lot of equipment and been made, sold and scrapped in that time. Back around then, switches and 100 Mb were just starting to become popular and I bought an 8 port 10 Mb hub that cost then, more than twice what I paid for a 5 port managed gigabit switch last year.
-
I had a brand new, stupid, powerline adapter that would not pass 1522 and that was a lot more recent than 1998.
Still lousy advice.
Just stop. You lose. It might or might not work.
-
"I bet after this discussion, you now know your ideas about the switch not knowing how to forward a VLAN frame were wrong"
No not really, as have stated in every one of these threads… And there have been WAY too many of them when you bring it up.. That it might or might not work, etc. I have some old 10/100 switches for just drop them.. Been doing this for year and years - before there were even switches ;) To be honest many days it seems like yesterday was adding co processors to 486 machines and installing tcp/ip on the 3.1 windows they were running. Building still had thicknet in areas.. Remember the coax T connectors..
And can tell for FACT that many switches back a few years, latter than 1998 that is for sure!! would drop them.. Why should a "dumb" switch support Q-tag, etc..
I am with Derelict - if you want to discuss different hardware and the max frame size it will pass - great.. I have some older switches on the shelf I could fire up, etc. And we could test them.. But please do not bring up such HORRIBLE HORRIBLE advice to someone asking about vlans.. And even suggest to them that they can just use a dumb switch, etc. It FUD to be honest that your spreading.. And users are like parrots... They really do not understand a debate about "if" something can work, etc.. All they get out of is I heard on pfsense that I don't need smart switch to use vlans.. And such FUD spreads and spreads!
To be honest: Mods should go into every single thread where you have suggested such nonsense and put in a BIG RED NOTE stating this not valid advice - do not do this!! This is BAD!!
-
Hope this guy does not secure Networks for a living ;)
-
Do you guys realized the OP never even asked about VLANs? His question was whether pfSense requires managed switches. The answer is "no."
-
"One NIC" means VLANs. And even more of a case against an unmanaged switch. Unless one should put both their inside and outside traffic on the same broadcast domain. What could go wrong?
-
"One NIC" means VLANs. And even more of a case against an unmanaged switch. Unless one should put both their inside and outside traffic on the same broadcast domain. What could go wrong?
He says he has 3 NICs: WAN, LAN, OPT1 ergo VLANs are not required.
-
"I bet after this discussion, you now know your ideas about the switch not knowing how to forward a VLAN frame were wrong"
No not really, as have stated in every one of these threads… And there have been WAY too many of them when you bring it up.
In another thread, you had stated that an unmanaged switch would not know how to forward VLAN traffic and would have to broadcast out all ports. This would imply that the switch could not see the MAC addresses. With a VLAN frame, there is absolutely no difference with the MAC addresses. This article shows how the VLAN tag is inserted in an Ethernet frame:
https://en.wikipedia.org/wiki/IEEE_802.1Q#Frame_formatNotice that the MACs are unchanged and the original Ethertype field is replaced with the VLAN Ethertype and the original Ethertype field is pushed back 4 bytes. After the VLAN tag is stripped of, that Ethertype field will be right back where it always was. If you think the VLAN tag interferes with the MAC, please explain how.
-
All great.. You still have the issue with every single broadcast/multicast frame going out over every single port… I showed you this in that other thread were you yet again suggest someone just use dumb switch for their vlans!
I'm going to give an example that I've come across at a couple of customers. Please note this configuration came from their hosted VoIP provider and is not the way I would have done things. These customers have 2 ADSL modems, one for regular Internet access and one for VoIP only. Both modems are connected to the same unmanaged switch, with the Internet modem configured on 1 subnet & with DHCP. The VoIP modem is on a 2nd subnet, with no DHCP. The phones are configured with a static address. Users can plug their computers into the back of their phones. So, on 1 network, there are 2 subnets, with completely independent traffic. Both have their broadcasts too. So, all devices see all the broadcast, whether on their "network" or not. As per usual, the broadcasts are received and handle when appropriate or discarded. Everything works fine, at least until the phone company (ADSL provider) tech shows up and breaks things. How do all these broadcasts make any difference with the same customer, but using VLANs too? At least with VLANs the broadcasts from the other network won't make it as far as the IP stack, unlike the current situation, where all broadcasts are received by all devices, no matter which subnet they're on.
Regardless, my original point was that unmanaged can switches pass VLAN frames just fine. They just can't do anything with them, such as assign an access port to them. I don't recall if it was you or someone else that questioned why someone would include larger frames in an unmanaged switch. The way the IEEE works is they occasionally update the spec. I believe the latest for Ethernet is 802.3-2015, indicating it was released in 2015. What they do with these updates is roll all the various changes into the new spec. So I expect the larger 1522 byte frame is now part of the spec, which manufactures are supposed to use. Also, many devices now support jumbo frames which are generally around 9K and so wouldn't have any problem with the larger VLAN or double¹ VLAN frames.
https://en.wikipedia.org/wiki/Jumbo_frame1. And yes, I have worked with double VLAN over fibre. The first VLAN tag is used by the carrier and the 2nd is available to the customer.
-
As doktornotor likes to say, this thread is starting to stink.
