Building my lan: do I need a managed switch for my VLANs?
-
@valepe69 said in Building my lan: do I need a managed switch for my VLANs?:
if two devices on my untagged lan should transfer large files, is this traffic checked by pfsense only at the beginning (firewall, etc)
Pfsense has zero to do with the conversation - no firewall rules will be checked...
As to switch - how many ports, what budget?
If pfsense box doesn't have switch ports - then no you can not connect your AP to 1 port, and then put other ports in the same vlan you send to your AP.
Connect your AP to your switch... Then you can either use a single line, or lacp for connection from you switch to your pfsense to carry the vlans. Or you could use specific interfaces as uplink for each vlan.
-
When files or other data are transferred between VLANs, then they must go through pfsense, unless you have some other router or layer 3 switch to do that..
Any suggestions about a good managed switch for home use?
Avoid TP-Link. My main switch is a Cisco, but there are plenty of other decent brands.
-
There are many a smart switch that will work.. All comes down to what features you want/need, how many ports, and what your budget is..
But yeah with JKnott - I would avoid tplink, they don't really seem to understand how vlans are suppose to work ;) Many a thread on here even about that.
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 24.11 | Lab VMs 2.8, 24.11 -
And I have stopped using my TP-Link AP that had that "feature".
-
Yeah, and your happy so far I take it - did you get your controller running how you want it?
One thing I would suggest with your switch.. If you think 5 ports is enough, get an 8 port model or higher. If you think 8 is enough, get 16 min, etc. Can never have too many switch ports ;) Always plan for growth and wanting to connect something extra now and then even, etc.
Also don't be afraid of too many features ;) Even if you plan on never doing L3 or advanced ACLs like multicast, etc. You never know what you might want to do 6 months or a year from now. So as long as your ok with the budget, get something that will allow you to grow both in ports and things you might do from a features standpoint.
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 24.11 | Lab VMs 2.8, 24.11 -
Not yet. I have to take a few minutes to create a certificate for it. My one complaint is you can't specify which 802.11 versions are allowed, though you can block 802.11b. With my TP-Link, I only allowed n. I did set 5 GHz to 80 MHz channels and now see well over 300 Mb down. My TV, on 5 GHz, now gets around 60 Mb, but used to get around 11 on 2.4.
-
@johnpoz said in Building my lan: do I need a managed switch for my VLANs?:
If you think 5 ports is enough, get an 8 port model or higher. If you think 8 is enough, get 16 min
Absolutely! Take this advice.
A good switch will last a long time. Get one with decent thermal properties (heat kills switches) and it will, for all intents and purposes, last forever.
-
@johnpoz said in Building my lan: do I need a managed switch for my VLANs?:
Can never have too many switch ports ;)
Something like this might be adequate for a home user.
-
haha - that might be a bit of overkill.. For starters they LOUD as F!! And suck juice like you have a nuc reactor in your back yard ;)
And lets just say its a bit expensive for your typical home budget ;) hehehehe
-
@johnpoz well, it should manage VLAN and help to speed up my lan traffic. Actually the main switch (unmanaged ) has 8 ports so I would go for a 16 ports one. As for the price, I prefer to no go over 200ā¬ (I'm in the EU piece of the world :) )
-
@johnpoz well, I have (but never used) a Nortel 5650td-48-pwr but I prefer one less power hungry
-
Not sure what you mean by help you speed up your lan traffic? If the switch is rated gig - it should pass traffic at wire speed, be it 40$ smart switch or a $200 model ;)
Unless your talking about routing the vlans at the switch, and not your pfsense? In that case you would want a L3 capable switch.
For 200, I would think you should be able to find something great.. Its a touch over your 200 budget.. And not sure how that might change for the EU market.. But for example this cisco sg350-28 would be a killer switch for home use... I have the sg300 (previous model)
https://www.amazon.com/Cisco-Sg350-28-28-Port-Gigabit-Managed/dp/B01HYA38CA
And they are easy on the juice as well!
My sg300-28 has a couple more years of support on it.. But lets say I spilled some beer on it or something, and it took a dump.. I would go with the sg350 line..
-
@johnpoz I like my Cisco Small Business SG220-50P. Yeah, it's a bit noisy and not the most power efficient but it lives in the basement and just works. Get one like it not POE and replace the fans. I don't often recommend eBay, but in this case a used switch might be the thing to do.
-
I'm using D-Link DGS1210-24
Uses around 20W (Max)
Nice switch and the 1210 series can do MAC filtering and 802.1xhttps://www.amazon.de/D-Link-DGS-1210-24-Glasfaser-l%C3%BCfterlos-energiesparend/dp/B0036DRHHC/
I don't know if the 1210-28 is "the future" , seems like 1210-24 is not available on ie. Amazon.com
https://www.amazon.de/D-Link-DGS-1210-28-1000Mbit-SFP-Slots-l%C3%BCfterlos/dp/B008R7114W/Both should be around 50% if your budget.
Watch out for the models ending with P - Those are PoE and have FAN's
Edit:
Seems like the 28port uses less power 17w compared to the 24port (Amazon info , not from the DS).
The extra 7ā¬ would earn them self in power savings.Wonder why D-Link is so expensive on Amazon.com (close to 50% more)
Thought everything was cheaper "Over there"
That's why Cisco 2xx/3xx are so popular there/Bingo
-
While used enterprise gear can be had for cheap on ebay.. And hey if your going for come cert or something and want to play with that - that is for sure an option.
But to be honest - enterprise gear is normally not very friendly on the electric use, and sure they can be freaking LOUD.. For a lab you turn on when playing might be fine. But some good deal you got on some enterprise gear might be reasonable upfront... What is the difference in electric use 3 years down the road while its sucking 150W idle 24/7 vs that small business line only using 20W full juice..
You might eat up any cost savings in the 1st year, depending on what you pay in electric..
-
I spend 2 days behind a dual set of C9300's (Nexus), routing fiber conns.
https://www.cisco.com/c/en/us/products/collateral/switches/nexus-9000-series-switches/datasheet-c78-742283.htmlI LOVED my Boose QC25's
But compared to a C7500 the 9300 is "quiet"
-
@bingo600 said in Building my lan: do I need a managed switch for my VLANs?:
C9300's
Don't those things have like 1100W power supplie(s).. Prob sound like little jet engines, can work as a space heater while you at it ;)
-
@johnpoz said in Building my lan: do I need a managed switch for my VLANs?:
@bingo600 said in Building my lan: do I need a managed switch for my VLANs?:
C9300's
Don't those things have like 1100W power supplie(s).. Prob sound like little jet engines, can work as a space heater while you at it ;)
The 45xx has 1100W , the 65xx up to 3000W
The 6509 ie. has a FAN "Blade" just consisting of fans for cooling the horizontal blades. And then the PSU's has FAN's ....
But i still think my 4 days besides an old 7500 was the worst ... Didn't have any ear protection back in those days.
The 6509-V-E is a strange beast , cards are vertical.
@johnpoz
This is a fast little bugger:
Cisco Nexus 93180YC-EX switch architectureThe Cisco Nexus 93180YC-EX Switch (Figure 2) is a 1-Rack-Unit (1RU) switch with latency of less than 1 microsecond that supports 3.6 terabits per second (Tbps) of bandwidth and more than 2.6 billion packets per second (bpps).
The 48 downlink ports on the 93180YC-EX can be configured to work as 1-, 10-, or 25-Gbps ports, offering deployment flexibility and investment protection. The uplink can support up to six 40- and 100-Gbps ports, or a combination of 10-, 25-, 40-, 50-, and 100-Gbps connectivity, offering flexible migration options. All ports are connected to the Cloud Scale LSE ASIC.
@valepe69
Sorry for hijacking
/Bingo
-
Just in case anyone is interested.
Cisco SG-350 series data sheet:
https://www.cisco.com/c/en/us/products/collateral/switches/small-business-smart-switches/data-sheet-c78-737359.pdf -
I searched for the specs of the suggested switches and I split them in two families:
- L3 switches like Cisco SG 350-xx
- L2+ switches like D-Link DGS 1210-xx
With L3 switches I could offload to the switch the inter-VLAN traffic, inter-VLAN communication access but with a more complicated handling of the lan (I have to manage two devices for rules, etc).
With L2+ switches all rounting and firewalling is handled by pfSense so a easier handling but with the risk to saturate the physical link from the switch to the router (but I can aggregate two ports to partially solve it).Am I right? And what do you suggest between them?
Thank you again
