New uses for a Netgate FW-7541?
-
I have a 5 year old Netgate FW-7541 that I retired due to it not being able to keep up with my FIOS Gigabit connection. I’m looking for some ideas for it. Can I use it as a switch? Any other uses or ideas?
-
I have a 5 year old Netgate FW-7541 that I retired due to it not being able to keep up with my FIOS Gigabit connection. I’m looking for some ideas for it. Can I use it as a switch? Any other uses or ideas?
If it still works, I would use as a switch.
-
I wouldn't use it as a switch since those are not switch ports. You won't get near the same performance out of it as you would a switch.
You could always use it as an internal appliance for something like DHCP or DNS, something similar to pihole, perhaps. Doesn't need to be pfSense, could run FreeBSD or Linux on there directly.
-
Donate it to some (family member?) who needs it.
-
I wouldn't use it as a switch since those are not switch ports. You won't get near the same performance out of it as you would a switch.
I am really curious about the comment about not getting near the same performance out of an old router re-purposed as a switch, as one would from a switch. I've seen numerous articles about doing just that–in the consumer world. I note with a little more digging that some IT folks point out you would never do that in an Enterprise setting. The main concern, though, is usually that you don't want the router to get accidentally reset (or to reset itself) to defaults, and suddenly be trying to do DHCP, etc. (something I've never run into.) But I haven't heard this argument about--say--a gigabit router not performing just as well as a gigabit switch by turning off DHCP and only using the LAN ports. Why would that be? I thought the ports themselves would be just as robust and would function just as well. Can someone state more evidence for this?
Thanks,
Michael -
In the "consumer" world, multiple ports on a device are most likely a switch. The ports are not individually addressable, and the device can only talk to the switch directly (e.g. an uplink) and can't isolate individual devices or ports, or if it can it requires making use of VLANs. Traffic between switch ports is handled in the switch and not by the OS
On a device like the 7541 each port is individually addressable. Those are expensive individual network interfaces that are not meant to work as a switch. That means bridging them together so they act like a switch incurs a ton of overhead because you're making the OS pass packets between the ports. The upside is you can filter between the ports, but the downside is a huge performance hit and other bridge-related issues.
-
If you search this forum you'll find the subject "a router is not a switch" has had lengthy discussions already.
Basically, what a switch does in hardware (ASIC/FPGA) is done in software on any software-based router. So each and every packet entering an interface has to travel all the way through the software-stack down to the kernel and back up again to egress on another port.
Not really the description of efficient. -
If you don't know anyone with like 10/1 ADSL who needs a new firewall, I'd e-waste it.
-
Thanks @ jimp and @ jahonix for those explanations. I think I understand now and it makes sense to me.
However, it seems like you are implying that on a cheaper consumer router, the ports might actually be just switches, and it's on the more expensive commercial routers that there would be more overhead to the ports–if it were configured as a switch. So, other than the problem that the router might go rogue and reset to defaults, some cheaper routers might actually act equivalent to a small switch if you were to turn off DHCP and ignore the WAN port? If that's the case, it sounds like the remaining issue might be the small number of useful ports and actually knowing how the ports are configured. (Plus the fact that an un-managed 8- port gigabit switch only costs about 20 bucks nowadays.)
Michael
-
Some good info here! I think I'll give FreeBSD a shot on it. Thanks for the ideas. :)
-
However, it seems like you are implying that on a cheaper consumer router, the ports might actually be just switches, and it's on the more expensive commercial routers that there would be more overhead to the ports–if it were configured as a switch. So, other than the problem that the router might go rogue and reset to defaults, some cheaper routers might actually act equivalent to a small switch if you were to turn off DHCP and ignore the WAN port?
Yes, exactly that. In fact we tell people to do exactly that to use a wireless router as an AP: https://doc.pfsense.org/index.php/Use_an_existing_wireless_router_with_pfSense
If that's the case, it sounds like the remaining issue might be the small number of useful ports and actually knowing how the ports are configured. (Plus the fact that an un-managed 8- port gigabit switch only costs about 20 bucks nowadays.)
Other than "it's sitting here collecting dust so I'll use it", there isn't really any advantage to using a router with router ports as a switch in the vast majority of cases. The major exception being if you need to filter between the ports, which most people don't.
It would still make a fine internal router, a spare/secondary firewall, or a network server appliance for any number of different uses. But I'd focus on using it in a role that doesn't involve using most of its ports.
-
…it seems like you are implying that on a cheaper consumer router, the ports might actually be just switches…
Exactly that. Most SOHO style devices have a 5 port switch IC on board. Even if you kill the firmware so it's not running an OS at all it will still be a switch.
Many of them have some VLAN capability which allows some configuration of the ports separately but that is usually hidden from the user. You can often get additional functionality with alternative firmwares such as OpenWRT.
https://openwrt.org/docs/guide-user/network/vlan/switchSteve
