Network switch with sg2440? Or use the extra available ports?
-
Super newbie question but wanted to get some opinions:
In an effort to make my super secure/private home network I have been struggling to setup the following with my SG2440:
- Dedicated access for webGUi (I have a dedicated Apple Mac for this) - Currently using Opt1
- Dedicated network for Apple TV - Currently using Opt2
- Dedicated Wifi* (A) interface/SSID for my email and Google Voice - Currently using LAN
- Dedicated Wifi* (B) for my wife to click on anything! Complete separation from my secure Wifi - Currently using Vlan on LAN
- Dedicated Wifi (C) for IOT devices - Not set up but thinking another Vlan
- I am using a Unifi Pro AP which is Vlan capable for my Wifi
I have been scoping the forum and I start getting into Trunking and Bridging discussions which I don't think will enhance my security setup. Am I better of using a switch? I have an extra Apple router if that makes thinks more secure
I have PIA VPN set up, Geo in pfBlocker, Snort running however I am getting snort alerts on Wifi(A), being triggered by Wifi (B) and have not been able to get DNSLB.
Any set up thoughts, feedback or setup advice would be greatly appreciated…
Thanks!
-
Am I better of using a switch?
Thanks!Yes. Especially since you're already using VLANs, a managed switch or a "smart" switch (one with many of the features of a full managed switch, VLANs being most important) makes a lot of sense for you. They can be very inexpensive now, and are a worthy investment, especially if you find yourself wanting to connect more wired devices to your VLAN networks. If you're wireless only for the most part, your current strategy of using your Unifi AP (which, in effect, is performing the same function for your wireless devices as a smart or managed switch would for your wired devices) is fine. But using your extra interfaces on the SG2440 as bridged switch ports is not ideal IMO. Your strategy of using dedicated ports on the 2440 for dedicated networks is of course fine; it's just that when you want to expand those networks to more than one connected device that you'd want a switch.
Hope that makes some sense.
-
Thank you sir! Started setting up a switch…
-
Good choice! A real switch beats making a switch by bridging ports almost every time.
The only time it make sense to do that is if you need to filter between two sections of the same subnet. For instance your wifi connected smart TV needs to be in the same subnet as your media server in order to 'see' it but you want to filter what it can access.Also in this case it looks like you;re using all 4 available ports anyway.
Steve
-
Thank you sir! Started setting up a switch…
If you are copying big files over the network using a NAS or a server you might be better with a small Layer3 switch and if
not doing that you may better of with a smaller Layer2 Switch and let the VLAN routing do the pfSense firewall.Layer3:
- Cisco SG300-10 (EoL)
- Cisco SG350-10 (new)
- D-Link DGS1510-20 (budget)
Layer2: - Cisco SG200 (EoL)
- Cisco SG220 (new)
- Zyxel GS1910 (budget)
-
The sg300-10 has not been EOL'd.
http://www.cisco.com/c/en/us/support/switches/sg300-10-10-port-gigabit-managed-switch/model.html
-
The sg300-10 has not been EOL'd.
http://www.cisco.com/c/en/us/support/switches/sg300-10-10-port-gigabit-managed-switch/model.html
For sure thats right beut the following model is only ~20 Euro away from the older one and so it might be better to go with the
following or newer models if we are talking about the smaller ones with only 10 Ports. -
@BlueKobold:
The sg300-10 has not been EOL'd.
http://www.cisco.com/c/en/us/support/switches/sg300-10-10-port-gigabit-managed-switch/model.html
For sure thats right beut the following model is only ~20 Euro away from the older one and so it might be better to go with the
following or newer models if we are talking about the smaller ones with only 10 Ports.If going used, the SG300-28p is a good choice.
Ebay pricing is about 50% of list, where the SG300-10P is about 80% of list, making the 28 port switch pretty close to the secondary market price of the 10 port.
I won't touch an unmanaged switch anymore.
-
Thanks again folks! Got my switch, VLANs and AP up and running. A little for work to be done on rules…I went with a dlink managed 5 port switch.