Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multiple Switches cross connect or each port into pfsense box

    Scheduled Pinned Locked Moved General pfSense Questions
    64 Posts 8 Posters 12.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • johnpozJ
      johnpoz LAYER 8 Global Moderator @Derelict
      last edited by johnpoz

      @derelict said in Multiple Switches cross connect or each port into pfsense box:

      Not sure about the Unifi gear.

      Bit off topic but did you see their new HIGH Density stuff
      https://www.ubnt.com/unifi/unifi-ap-xg/

      This one is for Stadiums and such
      https://www.ubnt.com/unifi/unifi-wifi-basestation-xg/

      200 Seats. How many thousands of dollars per hour do you/they lose if it goes down?

      This is such a good point!!! But they have 500$ budget for router.. Should be HA and multiple lines.. Everything in the cloud remember.. What happens when that 1 isp is offline?

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.7.2, 24.11

      NogBadTheBadN 1 Reply Last reply Reply Quote 0
      • NogBadTheBadN
        NogBadTheBad @johnpoz
        last edited by

        @johnpoz

        https://community.ubnt.com/t5/UniFi-Stories/12-BaseStationXGs-provide-exceptional-service-at-high-density/cns-p/2420311

        Andy

        1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

        1 Reply Last reply Reply Quote 1
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by johnpoz

          Thanks... They do look sweet - nice to see a real world example.. I will have to look deployment story on the smaller XG model.. Might be something to look at for this posters deployment... But sounds like they have a real limited budget to be honest.. The switches are not what I would of used that is for sure - I have no experience with the unifi switches - but if you can not stack them they don't seem to be good fit for such a deployment.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.7.2, 24.11

          1 Reply Last reply Reply Quote 0
          • NogBadTheBadN
            NogBadTheBad
            last edited by

            https://www.servethehome.com/ubiquiti-edgeswitch-es-16-xg-review-quality-control-absent/ << this puts me off their switches

            Andy

            1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

            1 Reply Last reply Reply Quote 0
            • M
              manwdaplan @Derelict
              last edited by manwdaplan

              So I am having a issue uploading the floor plan what am I missing just gives me a error when I upload the PNG file.

              I might have to go three APs, I was planing on putting in the two I have on order and making sure they are enough, So right now they have about 70 people, they plan on growing to 200, so I do have a little time if expansion is needed.

              As far as the backup is concerned, I will have a extra switch waiting onsite, and they have a Linksys EA9000 series router that they are using now, so I will set it up to be swapped in if the router breaks, if one of the 48 port switches goes out, I will just switch those users over to the wifi till I get it fixed. I know its not enterprise worthy but it is cheap, which this customer is very. They have a call center in California that rolls over to this location when there is volume issues.

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by johnpoz

                I don't think your floorplan made it through the upload? Not seeing it only

                [0_1535726299255_Floor Plan.pdf](Uploading 100%)

                You can for sure do things on a tight budgets - but Derelicts statement of how much money is lost per hour/minute is the big thing these companies need to get through their skulls when it comes to networking infrastructure.. On the shelf router you can swap in - ok, how long does that take you to swap in and make sure is working? 1 hour? 10 minutes - I take it your not going to be on site for example. What about off hours? etc.. Redundancy and failover are huge factors that need to be considered when "if it goes down" your talking $$.. Because in the big picture its not if but when it goes down.

                What happens when the ISP is offline because of say a fiber cut and you might be offline for a couple of days.. We had a recent fiber cut with 1 isp that took them 3 days to get back up. Not an issue because the backup link was there, etc.

                You have to work with in the constraints of the customers budget sure.. Problem is these customers don't understand IT ;) If they did they would not be hiring you... So while it is sometimes a hard sell, make sure they they understand that they could be down for quite some time "when" a part of the network fails.. And since they are depending on that internet connection - when it goes down they are going to be down for the duration.. Hope they have a great SLA with the isp, with major compensation if they do not meet the SLA...

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                M 1 Reply Last reply Reply Quote 0
                • M
                  manwdaplan @johnpoz
                  last edited by

                  @johnpoz

                  I completely agree, normally I work it in slowly, once they get used to me helping with stuff, and maybe we go 3 months in when the next quarter and budgets get refreshed I talk to them about what else is needed, second ISP line (they have comcast fiber with a pretty good SLA) redundant routers, that sort of thing, it harder to hit them with it all at once, but I make it clear where the weak spots are and if something happens, they understand. Now I am not onsite, but I am close and have a process to handle emergency issues, they are not a 24x7 place, so that's a little easier.

                  1 Reply Last reply Reply Quote 0
                  • M
                    manwdaplan
                    last edited by

                    0_1535727446039_Floor_Plan.zip

                    There we go

                    1 Reply Last reply Reply Quote 0
                    • M
                      manwdaplan
                      last edited by

                      So I had another question that is a side note, so I know you guys work for Netgate (maybe not all of you) and they are here to make money, but do you normally not recommend a DIY builds for PFsense? Whats the positive and negatives of a DYI vs Netgate (sorry if this gets a little off this topic).

                      What do you think of the performance of the SG-1000 how much can it handle user and internet wise? That price sadly for my customers is about the limit they want to spend on routers. (I work with very small customers mom and pop normally that is kinda my nitch most IT guys don't like touching these smaller businesses)

                      C 1 Reply Last reply Reply Quote 0
                      • NogBadTheBadN
                        NogBadTheBad
                        last edited by

                        After a quick look at the plans i’d say you’ll need more than a couple of access points.

                        I’d get the cabling contractor to run more copper between the network closet and the ceiling, you can always get some long rj45 patch leads to run above the ceiling to the access points.

                        Andy

                        1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

                        1 Reply Last reply Reply Quote 0
                        • johnpozJ
                          johnpoz LAYER 8 Global Moderator
                          last edited by

                          I do not work for netgate.. Just a fan and user, been using pfsense since like version 1 ;)

                          I have personal sg4860 at my house - which sure is a bit over many home budgets. But my buddy got one for his house as well ;)

                          But there ar some other low cost solutions coming I do believe.. The Minnowboard turbot dual is think in the $250 range..

                          I do not have personal experience with the sg1000.. I keep meaning to pick up one to play with.. But I always find other toys to blow my IT budget on.. Always have to get such purchases approved by the budget committee (wife).. Lastest was moving up to sg300-28 when got the sg4860..

                          There are some big fans of DIY.. I ran pfsense on VM for many years - if your customers have say a NAS, that for sure could be an option to running pfsense right on that box vs extra hardware for router. Big fan of the VM solution - especially if you like to play with the dev snapshots.. Since its 30 seconds to rollback if something isn't quite right with the latest build ;)

                          For those that have limited budgets, as long as they are not rocking high speed/gig interent, etc. you should be fine with the sg1000.

                          When possible I would always suggest with official hardware.. If your going to go diy, then do that - don't buy these china boxes that come "pre-installed" none of them have the right to do that from my understanding.. So you never know what you might get, etc.

                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                          If you get confused: Listen to the Music Play
                          Please don't Chat/PM me for help, unless mod related
                          SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                          1 Reply Last reply Reply Quote 0
                          • DerelictD
                            Derelict LAYER 8 Netgate
                            last edited by

                            They really think something they can get at Best Buy is the proper amount of money to spend?

                            No, I would not use an SG-1000 for this deployment. SG-3100 would be the minimum and I still feel it is inappropriately-small for this installation. Like I said, I would do High-Availability and XG-1537s. Or I would wait for the SG-5100s and use a pair of those.

                            Sure you can try to roll your own. pfSense runs on most hardware.

                            Chattanooga, Tennessee, USA
                            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                            Do Not Chat For Help! NO_WAN_EGRESS(TM)

                            1 Reply Last reply Reply Quote 0
                            • JKnottJ
                              JKnott
                              last edited by

                              @derelict said in Multiple Switches cross connect or each port into pfsense box:

                              They really think something they can get at Best Buy is the proper amount of money to spend?

                              It's unbelievable what some people think is proper networking. A few weeks ago, I was at one company. Their "network" consisted of small consumer grade routers and switches tied together with patch cords running on the floor! The biggest switch had 8 ports, everything else had 4 or 5. There were multiple NATed subnets, which couldn't talk to each other. They even had patch cords that should have been tossed. I cut the end off one, so they'd stop using it. For some strange reason, they were having VoIP problems. At another one, I saw a patch cord held in place with an elastic band wrapped around the plug and switch. Again, they had several small switches, instead of a proper one from Cisco etc.. At least they only had one router/subnet.

                              I guess some people consider themselves "expert" because they were able to set up a router from Best Buy.

                              PfSense running on Qotom mini PC
                              i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                              UniFi AC-Lite access point

                              I haven't lost my mind. It's around here...somewhere...

                              1 Reply Last reply Reply Quote 0
                              • johnpozJ
                                johnpoz LAYER 8 Global Moderator
                                last edited by johnpoz

                                @jknott said in Multiple Switches cross connect or each port into pfsense box:

                                because they were able to set up a router from Best Buy.

                                Heheheeh - yeah they figured out how to put dd-wrt on their linksys.. And now they think they are just a test away from their routing and switching CCIE ;)

                                I can for sure understand these little ma and pop shops with no IT experience having small budgets... And yeah you can do some pretty neat shit with some cheap gear..

                                So heres a question - how much are they paying for this gig internet per month? So they think the firewall/router should be less than the monthly isp bill?

                                The SG5100 would make a nice HA pair for such a setup for sure.. You should pre order your pair now..

                                Just so we are clear the sg1000 would be ok for a little ma and pop shop with a handful of people, etc.And say a 100/20 cable connection.. A remote worker sort of thing.. I was not suggesting at all you could use that in such a setup.. I was talking about your "ma and pop" sort of setup.. You know the storefront than needs to connect their pos system sort of thing.

                                An intelligent man is sometimes forced to be drunk to spend time with his fools
                                If you get confused: Listen to the Music Play
                                Please don't Chat/PM me for help, unless mod related
                                SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                                M 1 Reply Last reply Reply Quote 0
                                • M
                                  manwdaplan @johnpoz
                                  last edited by manwdaplan

                                  @johnpoz said in Multiple Switches cross connect or each port into pfsense box:

                                  @jknott said in Multiple Switches cross connect or each port into pfsense box:

                                  because they were able to set up a router from Best Buy.

                                  Heheheeh - yeah they figured out how to put dd-wrt on their linksys.. And now they think they are just a test away from their routing and switching CCIE ;)

                                  I can for sure understand these little ma and pop shops with no IT experience having small budgets... And yeah you can do some pretty neat shit with some cheap gear..

                                  So heres a question - how much are they paying for this gig internet per month? So they think the firewall/router should be less than the monthly isp bill?

                                  The SG5100 would make a nice HA pair for such a setup for sure.. You should pre order your pair now..

                                  Just so we are clear the sg1000 would be ok for a little ma and pop shop with a handful of people, etc.And say a 100/20 cable connection.. A remote worker sort of thing.. I was not suggesting at all you could use that in such a setup.. I was talking about your "ma and pop" sort of setup.. You know the storefront than needs to connect their pos system sort of thing.

                                  SG1000 would be for my smaller locations, this plus a AP might be better then using a ASUS device (which is my go to device for the smaller locations) is 100/20 about all it can handle?,

                                  This would not be for this larger call center, as far as this location, I think I am going to do a DYI, I listed the specs in this forum,

                                  you can do HA for this right, two computers built the same with the same specs?

                                  1 Reply Last reply Reply Quote 0
                                  • johnpozJ
                                    johnpoz LAYER 8 Global Moderator
                                    last edited by johnpoz

                                    Have seen it reported doing 185.. 200 prob on a good day.. I don't have one to play with or for sure would do some actual benchmarks.. But I would say if you were on a 150mbps line you prob good with sg1000.. You at 200 prob pushing it.. Over 200 yeah its prob going to be a bottleneck..

                                    Also take into account number of users... Just because you were on 100/20 doesn't mean fine for 100 users ;)

                                    How much you going to spend on the parts for your DIY... Then time putting it together, setup, testing, etc..

                                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                                    If you get confused: Listen to the Music Play
                                    Please don't Chat/PM me for help, unless mod related
                                    SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                                    M 1 Reply Last reply Reply Quote 0
                                    • NogBadTheBadN
                                      NogBadTheBad
                                      last edited by NogBadTheBad

                                      I assumed a double door width was 1.5 m

                                      Heat map @ 5Ghz

                                      AP power 2.4 Ghz 11 dBm & 5 Ghz 15 dBm using Cisco 3600i access points.

                                      Red -45 dBm
                                      Orange -55 dBm
                                      Green -65 dBm

                                      Blue -75 dBm << not good

                                      The issue is the offices bottom left.

                                      0_1535741043934_Capture.JPG

                                      If you mark where you intend to put 2 access points I can show you the heat map.

                                      Andy

                                      1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

                                      M 1 Reply Last reply Reply Quote 0
                                      • M
                                        manwdaplan @johnpoz
                                        last edited by

                                        @johnpoz said in Multiple Switches cross connect or each port into pfsense box:

                                        Have seen it reported doing 185.. 200 prob on a good day.. I don't have one to play with or for sure would do some actual benchmarks.. But I would say if you were on a 150mbps line you prob good with sg1000.. You at 200 prob pushing it.. Over 200 yeah its prob going to be a bottleneck..

                                        Also take into account number of users... Just because you were on 100/20 doesn't mean fine for 100 users ;)

                                        How much you going to spend on the parts for your DIY... Then time putting it together, setup, testing, etc..

                                        So I don't have any customers with more then 10 users (this call center not withstanding), so this might work pretty well, fastest internet my customers have normally is about 250mbs, so this would work well, and its nice a small, plus it disconnects my wifi from the router so I can place the wifi is better locations.

                                        As far as the build, I am able to build it out for about $350 with no OS ($150 profit) I resell a pretty decent amount of computers (I have home users too) so I always have parts and I buy them in bulk, so my thought is if the PS, MB, Ram, SSD on the router where to fail, I can pretty easily swap it out and have it up in running in very little time, and I can get the performance of a i3 with 8gb ram. I could make a bit more if I go with a Pentium CPU (kaby lake), but I want to ensure there is enough speed to make the router not the bottle neck.

                                        johnpozJ 1 Reply Last reply Reply Quote 0
                                        • M
                                          manwdaplan @NogBadTheBad
                                          last edited by manwdaplan

                                          Here you go. I can put in a few more (I told the customer that 2 was probably not going to cut i, that we could check it out after the install)0_1535742469899_Floor Plan.zip

                                          This location is wide open, other then the offices, most of the office entries are glass (doors). The APs will be installed on the ceiling tiles

                                          1 Reply Last reply Reply Quote 0
                                          • C
                                            coreybrett @manwdaplan
                                            last edited by

                                            @manwdaplan said in Multiple Switches cross connect or each port into pfsense box:

                                            So I had another question that is a side note, so I know you guys work for Netgate (maybe not all of you) and they are here to make money, but do you normally not recommend a DIY builds for PFsense? Whats the positive and negatives of a DYI vs Netgate (sorry if this gets a little off this topic).

                                            What do you think of the performance of the SG-1000 how much can it handle user and internet wise? That price sadly for my customers is about the limit they want to spend on routers. (I work with very small customers mom and pop normally that is kinda my nitch most IT guys don't like touching these smaller businesses)

                                            Regarding DIY boxes, I have at ton of them, and they all work great.

                                            One of those is an old dual-core AMD circa 2010 desktop that I put a pair of Intel NICs into (plus the on-board NIC). It's been running for about 5 years now without a single hiccup. It handles about 40 office PCs and about 100 WiFi devices.

                                            At my new day job, I started a little VPN project to connect some new branch offices to our HQ and used some old HP Core2 desktops that were no longer in service. Worked like a charm. I ended up replacing those with the new XG-7100 after the initial research phase was done. (I wish I had waited for the SG-5100)

                                            I'm not suggesting you use an old desktop, I'm just saying that a basic pfS setup doesn't need a ton of CPU or RAM.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.