Home Network with Cisco SG350 Best Practice?
-
Hi johnpoz.
I like your drawings. Once the SG350 arrives (March 1, 2017), I will probably ask more configuration nuts & bolts questions.
I think I will start off with just two networks (untagged and VLAN 10). I like to implement your second drawing which has a trunk for each network to the pfSense box. If I understand your second drawing correctly, how does VLAN 100 gets to the Internet?
PfSense
To implement the two uplinks, I just use the default LAN interface for the untagged network. Then I define a VLAN and assign it to the the Opt1 interface?SG350 Switch (This will be my 1st time using a managed switch.)
-
How to designate Port for UniFi AC Pro which will have untagged and VLAN 10?
-
How to designate uplink ports for each of the untagged and VLAN 10?
-
In this configuration, is switch acting only as Layer 2?
-
-
yes switch is only doing layer 2 in my drawings.. You only need to trunk a port if its going to carry tagged vlans. If you only have 2 networks and your going to use 2 different uplinks you don't need a trunk to the switch the only place you would have to create a trunk is to your AP which will carrry untagged and tagged traffic on the same wire.
-
Thanks johnpoz for explaining trunking.
So in your second drawing if I am just going to have 2 newtorks (untagged & VLAN 10) and using two interfaces on pfSense:
-
I don't need to define any VLAN interface on pfSense and just configure two interfaces?
-
On the switch, each uplink port will automatically receive an IP address from pfSense or is there a special designation (terminology) for the switch's uplink port?
I apologize for the second question because it is more related to the Cisco Sg350 switch, but I am trying to understand what to look for when I read the SG350 manual in trying to configure the switch.
-
-
Switch only needs ip in the network/vlan u will manage it from/one the port connected to pfsense for vlan 10 just need to change vlan of port to 10 native vlan / pvid on port connected to ap u will need to trunk
-
So I installed the Cisco SG350-28 switch using two uplinks, 1 each for the trusted and untrusted networks. The UniFi AC Pro is on a trunk port and it is tagging my untrusted network. The pfSense firewall rules allows traffic from trusted to untrusted and untrusted to Internet, but untrusted is not allow into my trusted network except for printing.
Everything seems to be working as anticipated. I have even created a link aggregation for my unRAID server (802.3ad). Looks like the SG350 is always in Layer 3 mode since I haven't found any settings in the web GUI to switch between the two modes like in the SG300 (as reported by SG300 users). For now, my needs are only using it as a layer 2 device since it make more sense to me at the moment to configure pfSense to control the routing between the two networks.
Now my home network feels right. Let's see what the future will bring so that I can utilize some of the other features on the SG350. I don't know how I've been living with an unmanaged switch all these years.
Thank you to all for helping me.
-
Looks like the SG350 is always in Layer 3 mode since I haven't found any settings in the web GUI to switch between the two modes like in the SG300 (as reported by SG300 users).
There is still a layer 2/3 setting, but it is per vlan interface rather than for the entire device. If you enable Advanced Display mode, you will find it in VLAN Management -> Interface Settings -> Switchport Mode. It defaults to layer 2.
-
Thanks. I forgot about the Advance display mode.
