USB NIC or managed switch?



  • Performance wise which is better?

    I just realized the machine I bought for pfsense has only 1 NIC, and no expansion slots (aside from the mPCI that I'm using for storage)

    I'm currently trying to hunt down my Monoprice USB3.0 to gigabyte NIC to see if it's compatible, but in the off chance i can't find it or pfsense doesn't detect it; what would be the better option?

    Sidenote: do I even need a 2nd NIC port? Could use my old router as a wireless Ap +managed switch?



  • With only one NIC and no expansion slots, you will need a managed switch and VLANs.

    However, if you have a slow Internet connection, you might be able to get away with using a USB NIC for that.  Compatibility and stability with FreeBSD/pfSense is a potential issue though.

    Usually the LAN ports on consumer routers are bridged to the WiFi,  So you can connect the pfSense machine, your NAS and two other wired devices to the AP.  You typically don't use the WAN port on the AP but some devices do allow you to configure the WAN port for connecting back to an upstream router (pfSense).

    Edit: Some third party software for your router may provide VLAN support for your router but I can't advise on that.



  • Get a managed switch and use VLANs. Just skip the time inbetween when you will buy such a device anyways.
    USB NICs are a roulette choice. They might work but perform badly or might not even work at all. This is FreeBSD, not Windows or Linux.


  • LAYER 8 Global Moderator

    "I just realized the machine I bought for pfsense has only 1 NIC"

    Some other advice would be just to return it and get something that has the correct amount of nics you need to support your network for the performance you want/need..

    Yes you can vlan on a nic.. But this is never a max "performance" choice.. Because any inter vlan traffic is now a hairpin.  So if your going to do a wan/lan on same physical nic you just cut your possible available bandwidth in half. Not an issue if your internet is low… But as you get higher speeds you could have problem with full speed between intervlans..

    All vlans on physical interface share the bandwidth of that interface..  If you think your going to get get gig between your 2 vlans on the same physical nic, think again..



  • @johnpoz:

    Some other advice would be just to return it and get something that has the correct amount of nics you need to support your network for the performance you want/need..

    Or, if return isn't possible and budget permits, use the single NIC machine as your SAMBA server.  You'll get much better SAMBA performance than you're getting from your Asus.

    Put the Asus (as AP), your SAMBA server and any other wired stuff on a switch connected to the pfSense LAN port.  The switch could be an unmanaged one but spending a tiny bit extra on a managed switch is worth it, even if you don't need the functionality now.



  • It actually depends on your USB Ethernet dongle. I've used ugreen adapters which worked great on pfsense 2.3.4 for as long as they were configured with a static IP (so mostly on the LAN side). I never got one that worked properly with DHCP when configured as a WAN interface.

    If your on board ethernet is a dependable gigabit interface there is nothing wrong with using it on a vlan supporting switch. Go with a reputable brand which enjoys good software reputation. We have many entry level D-Link smart switches and they never failed or got hacked.
    Basically leave vlan1 alone, use vlan2 for WAN and vlan3 (and more) for your LAN. You will be amazed how well it works.



  • @biggsy:

    @johnpoz:

    Some other advice would be just to return it and get something that has the correct amount of nics you need to support your network for the performance you want/need..

    Or, if return isn't possible and budget permits, use the single NIC machine as your SAMBA server.  You'll get much better SAMBA performance than you're getting from your Asus.

    Put the Asus (as AP), your SAMBA server and any other wired stuff on a switch connected to the pfSense LAN port.  The switch could be an unmanaged one but spending a tiny bit extra on a managed switch is worth it, even if you don't need the functionality now.

    Unfortunately, I only have two SATA ports left on the motherboard. So while I'll be removing the CPU bottleneck by using this desktop, I"ll be introducing a USB3.0 bottleneck, if I ever go beyond 2 disks.
    @johnpoz:

    "I just realized the machine I bought for pfsense has only 1 NIC"

    Some other advice would be just to return it and get something that has the correct amount of nics you need to support your network for the performance you want/need..

    Yes you can vlan on a nic.. But this is never a max "performance" choice.. Because any inter vlan traffic is now a hairpin.  So if your going to do a wan/lan on same physical nic you just cut your possible available bandwidth in half. Not an issue if your internet is low… But as you get higher speeds you could have problem with full speed between intervlans..

    All vlans on physical interface share the bandwidth of that interface..  If you think your going to get get gig between your 2 vlans on the same physical nic, think again..

    I got the computer used a few weeks ago, and I never took a good look at it until recently. I knew it was a SFF, but I assumed it would have at-least one expansion slot.

    In anycase, it's a Haswell i5 CPU /w 8GB of ram and a 120GB SSD for 180$ USD.

    My internet speed is 100Mbps and I don't see myself upgrading to 1Gbps anytime soon.

    –-----------------------------------------------------------------------------------------------------------------------------------------------
    Thanks for the responses.

    I think I'll browse around for USB3.0 NICs with FreeBSD support, and if that doesn't work I'll just put this project on halt. Until I can get a hold of a new system.


  • LAYER 8 Global Moderator

    "My internet speed is 100Mbps and I don't see myself upgrading to 1Gbps anytime soon. "

    And what about local side vlans, or you just going to have 1 lan?  If your going to do vlans on your network then you will be hairpin for any intervlan traffic.  So its not only your internet speed you have to worry about unless your just going to be on 1 lan..


Log in to reply