VLAN: 1 Managed Switch port connected to unmanaged switch
-
Be it your switch does not strip the tags you might flow over it from a smart switch to another device that understands the tags.
Other than an access port on a managed switch, when does a switch ever strip off VLAN tags? Unmanaged switches should simply pass the VLAN frame unchanged.
-
Operative word there is should. I note you did not say will.
Look. We all get it. We've all done it. Here is another user asking how to DESIGN a network. Someone asking that is always going to get as close to the correct and sound answer as I can come up with.
They are NOT going to get some short cut with potential pitfalls unless they specifically ask. Bad advice lives forever on the internet. Please stop.
The proper way in his case is Firewall <-> Managed Switch <-> Unmanaged Switch on an untagged/access port
-
Operative word there is should. I note you did not say will.
Any switch that can't pass a VLAN frame is defective. Some older gear may choke on the larger frame size, with a full 1500 MTU, but it should never filter on a VLAN tag (managed switches excepted). Any switch should be able to pass any and all Ethernet frame types, so long as that frame complies with the specs. That is destination & source MAC addresses, data and CRC. If the frame is at least 64 bytes and CRC checks then the frame should be passed. At this level, the only difference between a VLAN frame and any other is the contents of the Ethertype/length field. Nothing else. In the rare instance where a switch chokes on any frame bigger than 1518 bytes, you can work around it by limiting the MTU to 1496, to allow room for the VLAN tag. Given that just about any Gb gear supports jumbo frames, that's not likely to be an issue these days.
Ethernet had a 1500 byte limit in the early days, when hardware was expensive and 802.3 Ethernet has the length, rather than Ethertype field, which puts a hard limit on size. But the 1518 byte limit on Ethernet II disappeared years ago, with frame expansion to support VLANs (802.3ac 1998). These days, you'll find Gb gear generally supports 9K bytes or more, with jumbo frames. A lot of 100 Mb gear also supports them.
I'm not supporting poorly configured networks, but trying to challenge misinformation that so many accept as "common knowledge".
-
Does not matter if it passes it or not - Pain and Simple its BAD BAD BAD advice… Especially to a user that doesn't even understand vlans. If they did they wouldn't be here asking about them.
I also wish you would stop telling users that its ok to use a dumb switch to pass vlan tags..
-
Well, the port of the pfSense that connects to the first switch, is a smart port, isn't it?
@johnpoz:You can place dumb switches on any specific vlan, all ports on this switch will be on the vlan you assign to the port its connected to on on smart switch…
Well, I am already in the situation where there are 2 unmanaged switches and I now need to replace them.
@johnpoz:I would never ever suggest such a configuration to anyone.. While it might be something that can allow you to function in a pinch or as a macgyver sort of solution it should only be put in places as temp solution while you get the hardware that will sort what your wanting to do.
To be honest anyone in the market for a switch should really never buy a "dumb" one - it is always better to have the ability to do vlans even if not current need for them - you will save yourself in the long run.. So its not worth the couple of bucks you might save today buying a dumb switch just to be unable to do what you want tomorrow or next week or month, etc. And then have to buy a whole new switch, etc.
If your in the market for a switch, get one that can do vlans…
-
The proper way in his case is Firewall <-> Managed Switch <-> Unmanaged Switch on an untagged/access port
And this is exactly what I would like to (temporarily!!!) do…
-
Woukd something like this work?
https://youtu.be/DL4vMLgBrYI
I have an APC2U4 with an available port.Would this allow my to create wifi guest VLAN via the AP and a LAN subnet with the unmanaged switches?
-
No time to watch a youtube video for you.
Summarize what they tell you to do here.
-
Connect directly to the pfSebse box, one port to the Ubiquity and one port to the unmanaged switch.
@Derelict:No time to watch a youtube video for you.
Summarize what they tell you to do here.
-
Use a managed switch.
-
So I got the Managed Switch and now I have several VLANs:
- VL10_MGMT
- VL20_SEC - this is were main clients will connect (mostly via WIFI) and it'll use a VPN_WAN gateway.
- VL30_CLR - sort of a DMZ where I connected all LAN devices (Freenas and its jails, Receiver, TV, AppleTV, etc)
- VL40_GUEST - WIFI network only for... guests
- VL50_IOT - where I'll connect several IoT devices via WIFI (smart lamps, dimmers, climate, etc)
Makes sense?
-
This post is deleted!
