Am I thinking this topology through correctly?
-
I am going to build the network this weekend, and have already made adjustments to my topology.
I am thinking that maybe my map has just confused anyone reading and posting to this thread. That was my first network topology map to draw out. I contacted Netgate and spoke to Sean.
Shout out to Sean for being so awesome and helpful!!!
He understood what I was trying to do. Once I put it all together I'll post back, then also update the map to hopefully be more 'readable' for people who are looking for industry standards from a home diy guy...
-
@johnpoz said in Am I thinking this topology through correctly?:
While dumb switches may or may not strip tags
Why would a dumb switch strip a VLAN tag? The only significant difference between a VLAN frame and any other is the contents of the Ethertype/length field. Given that switches are supposed to pass all Ethernet frames, it's a bit much to ask of a dumb switch to strip off that tag.
PfSense running on Qotom mini PC
i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
UniFi AC-Lite access pointI haven't lost my mind. It's around here...somewhere...
-
JFC dude - give it a break... READ WHAT I POSTED...
"it most likely they wouldn't strip the tag."
He is the one that brought it up about stripping, I stated they most likely wouldn't - and that has nothing to do with should you buy a smart switch or not..
Lets put it this way.. DO NOT BUY A DUMB SWITCH!!
The point that should be taken away from this is - even when they don't strip them.. They do not understand them.. If you passing vlans over a dumb switch your doing it WRONG!!!
Since they do not understand them - you might as well strip them when it comes to broadcast traffic..
-
@jknott
802.11q adds 32bits to the ethernet frame.
some of the older switches just dropped those frames. (most likely pre-jumbo frame era)I recently had todo a temporary hack with dumb switch in between 2 smart switches ... it worked as far as i could tell, but still didn't like it
-
Yep, it would have to be pretty ancient gear. Frame expansion arrived over 20 years ago and jumbo frames after that. Back in the late '80s I hand wired a couple of Ethernet controllers, for Data General Eclipse computers, which were unlikely to handle the larger packet sizes.
Sorry, @johnpoz, I didn't mean to target you, I should have replied to the OP. This notion that unmanaged switches can't pass VLAN frames just rubs me the wrong way. These days switches can pass frame sizes of several KB and won't choke on something greater than 1500 MTU, as might have happened back in the dark ages.
-
This post is deleted! -
UPDATE: I was having a hard time seeing the Unifi devices on my LAN network controller when they were plugged into the OPT ports on my Protectli router.
Everything works now. I can see any Unifi device plugged into the OPT ports. I created a bridge between dummy interfaces (created on each OPT port) and the LAN interface with DHCP on the dummies, not static IPV4. I also DID NOT assign that bridge as an actual interface. It’s just a dumb bridge and I can now see and manage Unifi crap.
Also, the VLANs all work as well. Three VLAN interfaces on OPT1 (as wifi SSIDs) and 1 on OPT2 (for a VLAN on one of the flex mini switches). All VLANs created in PfSense match VLANs/ Networks created in the Unifi controller. All devices connected to them receive proper subnet IPs, and internet access. I turned on IGMP snooping inside the Unifi network controller on each network (ie., VLAN) just in case. I can now play around with rules and network discovery.
-
@nerlins said in Am I thinking this topology through correctly?:
I created a bridge between dummy interface
Dude you come here and ask - and then just do it completely wrong..
Get a SWITCH!! If your creating a bridge on pfsense and then putting vlans on them? Clearly thought wasn't any part of that decision..
-
You have already stated that I can run VLANs on the AP, connected straight to the OPT1 port on PfSense, where I created interfaces for each of the VLANs. I did this, but couldn't see Unifi devices in the network controller.
The VLANs are not part of any bridge. The bridge is a connection of a separate interface on each of the OPT ports and the LAN interface. I created that bridge so I could see Unifi devices on my Unifi Network Controller hosted on LAN.
If I remove the bridge everything still works, but I lose the ability to see the devices in the controller. I don't understand where you read that I connected the VLANs to the bridge.
I might go ahead and put a switch in-line to always see the Unifi devices, but creating a fake bridge was an interesting way to see the flex mini switches and AP from different subnets. I could use set-inform for the AP to point it to the controller, but the flex switches don't have ssh.
-
@nerlins said in Am I thinking this topology through correctly?:
I did this, but couldn't see Unifi devices in the network controller.
Well your only going to see unifi devices when they are in the same L2 network, unless you did L3 adoption..
I even brought up putting wireless and wired in the same vlan, etc. Which is why you would want a switch.. Bridging interfaces is NOT a switch..
As I suggested from the get go - get a switch to put in front of pfsense so you can do whatever you want with putting anything you want in any specific vlan.. If your going to connect a AP that has multiple vlans on it directly into a port on pfsense, you would have no way to add wired devices to any of these vlans.. Without the nonsense that is bridging..
Spend the $40 and get a vlan capable switch to connect all your different devices together.. Then either use multiple uplinks or setup lacp into pfsense so it can route between the networks at L3..
Or get an appliance that has actual switch ports on it, like a 2100 or 3100
