Help with netbook setup
-
Alright so I wanted to use a netbook as a temporary router setup to learn about pfsense and a bit about networking, someone gave the suggestion to "use a netbook sitting on a managed switch, create VLAN's on the switch and set them up when pfsense asks you if you'd like to use VLANs. Voila, one router with a crapload of NIC's." which sounds great but he didn't provide any sort of explanation on how to do that or anything and I only have a vague understanding of how vlans work, so my question is how would I do that? My idea is two ports will be my WAN port and my netbook which will be on vlan 2 and then make vlan 3 which will include the rest of the ports, afterwards simply set that up on pfsense, is that correct?
Side note I technically don't have a managed switch, so to make up for that I have an old router with DD-WRT on it and I've set that up to act as just a switch, is there anything special I need to setup there as well?
-
Short answer is - you're hooped.
VLANs (Virtual LANs) give you effectively many different NIC "cards" that are configured via software.
The network packets are "tagged" with a different VLAN code for each "NIC" you want, the switch reads the tags and directs the traffic to the proper port.
The catch is you need a switch that has the VLAN standards built into it - typically a managed or at least explicitly VLAN capable.The magic doesn't work unless the switch hardware allows it.
Get a small managed switch, they're not particularly expensive these days and once you've experimented with VLANs you'll wonder how you lived without them.
-
ZyXEL GS1920-24 is a pretty decent 24 port gigabit managed switch - amazon.com have them for US$210, amazon.co.uk have them for just over £110. It's relatively shallow and fanless.
It supports VLANs and a whole bunch of other useful features, including port aggregation and multicast snooping for IPv4 and IPv6.
There are 8 port managed switches around, but it can be relatively easy to fill 8 ports with a home network these days.
I've got a GS1920-48HP here (the 48 port version with 802.3at Power over Ethernet) and I'm pretty impressed with it. There are a few shortcomings - no 10Gbit ports and a relatively miserly 375W PoE budget, but I'm impressed for the price.
-
Or, if your budget won't stretch that far, a USB network adaptor will do and only costs a few dollars/pounds/currency-of-your-choice.
-
Short answer is - you're hooped.
VLANs (Virtual LANs) give you effectively many different NIC "cards" that are configured via software.
The network packets are "tagged" with a different VLAN code for each "NIC" you want, the switch reads the tags and directs the traffic to the proper port.
The catch is you need a switch that has the VLAN standards built into it - typically a managed or at least explicitly VLAN capable.The magic doesn't work unless the switch hardware allows it.
Get a small managed switch, they're not particularly expensive these days and once you've experimented with VLANs you'll wonder how you lived without them.
Thanks for the reply, so why can't I use my WRT54G v6 then? The table here says it supports port based vlans https://www.dd-wrt.com/wiki/index.php/VLAN_Support
ZyXEL GS1920-24 is a pretty decent 24 port gigabit managed switch - amazon.com have them for US$210, amazon.co.uk have them for just over £110. It's relatively shallow and fanless.
It supports VLANs and a whole bunch of other useful features, including port aggregation and multicast snooping for IPv4 and IPv6.
There are 8 port managed switches around, but it can be relatively easy to fill 8 ports with a home network these days.
I've got a GS1920-48HP here (the 48 port version with 802.3at Power over Ethernet) and I'm pretty impressed with it. There are a few shortcomings - no 10Gbit ports and a relatively miserly 375W PoE budget, but I'm impressed for the price.
Lol what kind of home network are you running where you need 24 ports? I only have wired 3 PCs on my network, so everything else is wireless, although not sure how well the on-board wifi nic will work as an AP though.
Or, if your budget won't stretch that far, a USB network adaptor will do and only costs a few dollars/pounds/currency-of-your-choice.
Yeah I know, but nearly everyone universally agrees that those don't work all that well, at least for pfsense, has that changed recently?
-
And if needing to buy hardware, where possible avoid buying online, draw out the cash and spend it in a shop, you make it harder for the spooks to watch what you buy which then reduces their abilities to target specific hardware even though you might give it out online when asking for help in forums like this. ;D
Or, if your budget won't stretch that far, a USB network adaptor will do and only costs a few dollars/pounds/currency-of-your-choice.
Except I've come to the conclusion some of the most advanced malware/viruses all seem to spread using the USB bus in various OS's as theres simply no monitoring on the USB bus and memsticks make life so convenient, and it seems our convenience makes it easier to hack.
-
Thanks for the tip firewalluser but I'm not too concerned with that, as I use Disconnect along with peerblock/snort, so it may not block every little thing but it stops the majority of that crap.
Actually part of the reason I'm setting this up on a netbook is as because A) it's the only low powered x86 device I have and B) if I can't find anything better, (with multiple nics) I want to have a similar setup when I decide to take the plunge and buy some hardware for a more permanent solution.As you may know it's not easy finding cheap and low powered x86 PCs for under $99 (especially with more than a single nic) so I was thinking I'd either get a used thin client off ebay or one of those new atom based mini PCs such as http://www.aliexpress.com/item/New-2015-Windows-8-1-OS-MINI-PC-Intel-Quad-Core-CPU-mini-computer-2G-32G/32273964194.html
I'm not looking for something crazy just good enough for squid caching and snort are my two main goals to get going on pfsense, but if you have any suggestions I'd wouldn't mind taking a look, but yeah I'm trying to go for as cheap as possible. -
Thats good price, I wonder how it will perform, cant find too many specs on it, but theres a definite advantage from having hw instruction sets compared to software but is some of it going to be only useful for multimedia applications.
Does it support vlans?
-
It has an:
Atom Z3735F @ 1.33GHz - roughly 3-4x as powerful as the atom in those old 2010 netbooks.
2GB DDR3 ram
32GB Nand SSD
B/G/N Wfi + 4.0 Bluetooth
100mbit NIC - I assume its a realtekPower usage however I'm not sure, description says 12V 2.4A but the box says 5V on it, but as with most of these mini PCs I'd say the ladder 5V and at most 3A or 15W max as these things don't draw a lot of power which is great.
I can't say for sure if it supports vlans, however even the cheapest realtek nics support vlans right? I mean even though I haven't tried it yet but if vlans work on my netbook I don't see any reason why they wouldn't work on a newly made mini PC.