SG-1100 router on a stick?

jhavlat

I just received my SG-1100s not realizing that all 3 ports were going to be switched together (not that that is a bad thing I'm just not able to wrap my head around its configuration). My intention was to set these up like our other pfSense boxes with router on a stick. We use a single physical port as a trunk to our UniFi switch. The parent interface lets say igb1 is "untagged" and is where we sit our UniFi equipment since the APs don't support a management VLAN. Then we have several VLANs setup and tied to the parent interface. example: VLAN10 on igb1, VLAN20 on igb1, VLAN30 on igb1. Is it possible to get the exact functionality as this setup with the SG-1100s? If so whats the proper way to configure it?

Asamat

I think you can use switch guide for SG-3100: https://www.netgate.com/docs/pfsense/solutions/sg-3100/switch-overview.html
of for XG-7100: https://www.netgate.com/docs/pfsense/solutions/xg-7100/switch-overview.html
Logic for switch ports is the same.

Rico

https://www.netgate.com/resources/videos/configuring-netgate-appliance-integrated-switches-on-pfsense-244.html

-Rico

jhavlat

@rico

I had looked through the docs but didn't find them helpful. However this video was very informative. I was able to get the configuration I wanted. Thanks for your help!

Rico

You're welcome, glad you have it working now.

-Rico

johnpoz

@jhavlat said in SG-1100 router on a stick?:

with router on a stick

Why would you be doing router on a stick when you have multiple interfaces?

jhavlat

@johnpoz said in SG-1100 router on a stick?:

@jhavlat said in SG-1100 router on a stick?:

with router on a stick

Why would you be doing router on a stick when you have multiple interfaces?

If I have sites with 6 plus VLANs/subnets what is my alternative to trunking them over a single port? That's just how I have always known to do it, if there is a better method I'm up for implementing anything.

jhavlat

@johnpoz said in SG-1100 router on a stick?:

@jhavlat said in SG-1100 router on a stick?:

with router on a stick

Why would you be doing router on a stick when you have multiple interfaces?

I guess I should clarify that all of our switches are layer 2 and pfsense handles ALL routing

johnpoz

You have multiple interfaces on your router why not use the different interfaces for different vlans.. there is no reason to hairpin your connections - ie router on a stick.

jhavlat

@johnpoz said in SG-1100 router on a stick?:

You have multiple interfaces on your router why not use the different interfaces for different vlans.. there is no reason to hairpin your connections - ie router on a stick.

I guess I'm not following... SG-1100 has 3 interfaces and I'm working with a minimum of 6 VLANs. We have almost no inter-VLAN traffic. In fact the only inter-VLAN traffic allowed to flow is on port 9100 from workstations to printers. Everything else heads out the gateway. Our WAN is 100Mbps. With that kind of environment I don't see any interface bottle-necks even when using router on a stick. Are you suggesting i'm better off spending $900 on a XG-7100 with 8 ports when a $160 SG-1100 fills the need?

johnpoz

If your traffic flow is that low, then no there is no problem with doing your hairpins..

You did not clarify you speeds, which is why I was curious to the router on a stick comment..

So you have split your vlans across the 3 interfaces? Including your wan? Or is your wan a specific interface and you split your 6 vlans across your 2 other interfaces?

jhavlat

@johnpoz said in SG-1100 router on a stick?:

If your traffic flow is that low, then no there is no problem with doing your hairpins..

You did not clarify you speeds, which is why I was curious to the router on a stick comment..

So you have split your vlans across the 3 interfaces? Including your wan? Or is your wan a specific interface and you split your 6 vlans across your 2 other interfaces?

yeah just one interface for WAN (no VLANs) and then everything else split between other 2 interfaces.

johnpoz

I would not use the term router on a stick for such a configuration ;)

The term is normally used to describe a 1 armed bandit sort of configuration where there is only 1 interface..

jhavlat

@johnpoz said in SG-1100 router on a stick?:

I would not use the term router on a stick for such a configuration ;)

The term is normally used to describe a 1 armed bandit sort of configuration where there is only 1 interface..

lol yeah fair enough, some of our other routers are true routers on a stick but i guess my SG-1100s are routers on two sticks...

mikeisfly

@jhavlat said in SG-1100 router on a stick?:

I just received my SG-1100s not realizing that all 3 ports were going to be switched together (not that that is a bad thing I'm just not able to wrap my head around its configuration). My intention was to set these up like our other pfSense boxes with router on a stick. We use a single physical port as a trunk to our UniFi switch. The parent interface lets say igb1 is "untagged" and is where we sit our UniFi equipment since the APs don't support a management VLAN. Then we have several VLANs setup and tied to the parent interface. example: VLAN10 on igb1, VLAN20 on igb1, VLAN30 on igb1. Is it possible to get the exact functionality as this setup with the SG-1100s? If so whats the proper way to configure it?

I have the AC-Pro APs and they support a management VLAN. The option is not in a intuitive place and in my opinion is buried but it is there. Let me know if I can help with that?

johnpoz

The unifi stuff added management vlan support a while back.. But you need to be using current firmware and controller software.

What actual AP do you have and what firmware are you running on them and what controller version?

I like to run bleeding edge, since its just my home network.. So I am on 5.10.5 for controller and 4.0.17 - oh look at that 4.0.18 just came out ;)

mikeisfly

If you log into your unifi.ubnt.com account, once you are on the dashboard you double click the AP you want then click config->Services->VLAN and under vlan you will see management VLAN. In that drop down you will see a list of vlans that you previously configured. Let me know if you need information on how to setup the networks.

jhavlat

I just updated to 4.0.17 last week and also realized there is another update now... Anyway I found the spot to change the management VLAN on the AP so I will make adjustments this weekend. Thanks for all of your input!

Rico

@jhavlat said in SG-1100 router on a stick?:

Are you suggesting i'm better off spending $900 on a XG-7100 with 8 ports

The XG-7100 is a very nice device tho.

-Rico