Need suggestions for topology
-
@PM_13 said in Need suggestions for topology:
Currently I do not have a managed switch but perhaps it is time to buy one,
Avoid TP-Link. They may have problems with VLANs.
-
@jknott @johnpoz So another question, if I purchase a L2 or L3 switch such as this one - https://www.ebay.com/itm/RCT4M-S60-44T-AC-R-752-00588-03-DELL-FORCE10-S60-44P-4-MINI-GBIC-SWITCH-W-EARS/132632596291?ssPageName=STRK%3AMEBIDX%3AIT&_trksid=p2057872.m2749.l2649
Which of the two configurations would be better?
- Switch running with VLAN and DHCP behind pfSense
- Pfsense running DHCP and switch behind pfSense (with VLAN configured)
Thoughts?
-
How are those different?
Running dhcp on the switch vs pfsense? Pfsense dhcp is prob going to be be easier to manage and more robust than any dhcp server on a switch.. Which are normally very very limited.
-
I think it's asking if it's better to run the switch L3 or L2
usually, you get better performance with L3 switch, if you have a lot of traffic and stuff connected but for home usage, I prefer to use it as L2 and let pfSense manage everything -
@kiokoman said in Need suggestions for topology:
I think it's asking if it's better to run the switch L3 or L2
usually, you get better performance with L3 switch, if you have a lot of traffic and stuff connected but for home usage, I prefer to use it as L2 and let pfSense manage everythingYes if you need hardware speed switching between vlans then pfsense can't match that. For reasons I have never understood pfsense has never allowed their ISC dhcp server to function fully and hand out IP addresses to multiple subnets over a single link. This means if your switch handles the vlans then you have to spin up a separate DHCP server or use the switches often than less than stellar varient, instead of just allowing pfsense to do it.
-
@johnpoz & @kiokoman - thanks for your comments. Yes I was little confused so apologies that question did not come out clearly but your comments were helpful. So here is more background.
- This is for a home network and IoTs (cameras & sensors) are most of the network, also part of the reason why I want to isolate IoTs from rest of the machines.
So seems like following topology would be ideal:
- All devices (including wireless APs) feeding into switch (likely L2)
- The switch can tag traffic & segments devices using VLANs
- Switch connects to pfSense (running DHCP)
- PfSense connects to WAN
Does this topology makes sense?
-
@pm_13
yes,
3) pfSense will also trunk the vlan to the switch -
@kiokoman Correct, still learning VLAN on switches
Last week, I spent about an hour to figure out that "trunk" on Cisco switch is same as "Uplink" on Dell switches!!
-
@pm_13
uhm idk but i don't think it's the same same thing i don't own a dell but
usually trunk is trunk and uplink is uplink
Often an uplink is a trunk but a trunk can be any port -
Unless you have some need for wire speed, that pfsense can not handle? I have no issues with full gig between interface on my sg4860..
Its easier to route at pfsense than at some downstream router (L3 switch).
Its going to be way easier to route and dhcp and firewall if you just let pfsense do it all and use your switch as only L2 to handle the vlans.
If your pfsense has ports you can always leverage multiple interfaces as uplinks for your different vlans that need lots of intervlan bandwidth where you don't want to hairpin that traffic over a single trunk interface.
