Vlans No Switch?
-
If Pf sense is routing your entire network do u need a switch to segment traffic into separate vlans
-
How exactly are you connecting these devices with out switches ;)
If your going to use vlans then yes you need a switch that supports vlans.. You don't need a 1000 enterprise grade switch, unless you want one ;) A port gig switch that understands vlans is like 30-35$ to start..
But if your going to create vlans - then yes your whole infrastructure needs to understand them.. ie your switch, your AP, etc..
Now if you want to use all different switches and AP for your different networks - sure have fun ;)
If your whole network is wireless - then sure you could connect your vlan capable AP into a port on pfsense and do it that way..
-
Ok...I have pfsense running entire home network it has 3 real interfaces em0 em1 and opt1. I have multiple possibilities I have DDWRT vlan capable routers multiple of them ea4200 is the fastest. I also have a second machine with 3 more ehernet ports and 1 wireless card so possible to make this running Linux maybe I could turn it into vlan tagging switch or something. I'm not familiar with this stuff.i want to secure my network to close off any possible attacksi mean I have enough machine a 12 gb ram so I am hopeing maybe a few suggestions on DDWRT and can you use multiple openvpn instances to secure local traffic from each device or machine wouldn't that be more secure
-
With the price of switches these days, why bother trying to create one. Just avoid TP-Link managed switches.
-
@telescopedepth said in Vlans No Switch?:
I could turn it into vlan tagging switch or something
What a horrible horrible idea when a 8 port gig switch that does vlans NEW will cost you like $30 to your door in 2 days..
You could prob find some screaming full managed 24-48 port switch on ebay for less than a $100, etc..
Here 10 second google find under $40 24 port FULL MANAGED switch - why would you did around with some PC and some nics trying to make a switch??? That box prob make a decent ROUTER!!
use multiple openvpn instances to secure local traffic
Another just HORRIBLE idea... Talk about loss of performance!! for ZERO reason..
-
Thanks You I'm buying the switch from ebay
-
That specific one - or just a switch off ebay? That was something I found in 10 seconds... I have no idea on that seller etc.. Could be a complete rip off, etc.
While you for sure can find some great deals on ebay - please do some research both on the seller and the device before buying, etc. While that seller might be great and the switch a scream of a deal - for all you know half the ports are dead, etc. You never know what you might get off ebay could be real jem at great price or it could just be someones junk your taking off their hands vs them throwing it in the traffic because is really worthless..
You can for sure buy NEW at reasonable prices with full warranty, etc. for few bucks more.. Especially if you don't need full managed and just need basic features like vlan support. And don't need high port density or poe.. Which are things that raise the price..
-
@telescopedepth In a pinch you can just use ea4200 as a 5 port managed switch.
-
I bought that exact one and I hope it has all I need it had a 30 day DOA money back guarantee... Usually I do try to figure out the best option but I spent so much time on this.. I thought that was one that will work and has 30 day DOA money back I will try its overkill but maybe I will start a neighborhood watch program and get everyone's surveillance feeds and put NASA out of a job and No Not NaSa but you know who they that must not be named ...I wasn't sure which one i needed I thought I needed full managed... Thanks Again
-
Let us know how it turns out... 24 ports isn't all that many ;) I have a 28 port sg300 that is getting full.. You would be amazed at how fast you can use up ports when you have them...
And you can never have too many features in your "switch" Go Big or Go Home as they say -- hehehe
-
@johnpoz especially when your a nerd I was thinking of seeing if Android supports usb Ethernet your right you never remember the 400 devices laying around not being used until you decide a new use for them
-
From a quick look at the specs that should be a great switch at the price point.. Quick glance it only seems to be layer 2 and not 3... So guess you won't be able to use it as downstream router ;)
While DOA warranty is nice and all - but 23 ports dead out of 24 is not DOA... I would validate all ports work and such asap..
-
This post is deleted! -
@telescopedepth Hi!
VLANs on pfSense work well with right hardware, my question is why
I mean ,the final goal of bulding more virtual lan instead of putting additional ethernet cable and interface on pfSense?For my work I do VLANs on hotel with older network layout and a cable "do it all in one" PPPoE , private lan, guests lan, lool ... So I put two identical switchs at both ends for bulding one VLAN TRUNK and only why not available quick other method to manage different networks above.
This not avoid me to notice "poor performance" with high load traffic, like frame retransmission and packet loss. So is not too much fun when your customers make pressure on you everyday, because network is slow even if it's "more secure".
Basically my first rule in mind is "K.I.S.S."
(Keep It Simple Stupid)
for good reasons, I mean I need very good reason for build more "complex" network layouts with VLANs and in most case is better to leave existing network "as is" if you not planning a "serious" rebuld of network at your site.VLANs just for fun? No thanks
-
@babiz said in Vlans No Switch?:
@telescopedepth Hi!
VLANs on pfSense work well with right hardware, my question is why
I mean ,the final goal of bulding more virtual lan instead of putting additional ethernet cable and interface on pfSense?For my work I do VLANs on hotel with older network layout and a cable "do it all in one" PPPoE , private lan, guests lan, lool ... So I put two identical switchs at both ends for bulding one VLAN TRUNK and only why not available quick other method to manage different networks above.
This not avoid me to notice "poor performance" with high load traffic, like frame retransmission and packet loss. So is not too much fun when your customers make pressure on you everyday, because network is slow even if it's "more secure".
Basically my first rule in mind is "K.I.S.S."
(Keep It Simple Stupid)
for good reasons, I mean I need very good reason for build more "complex" network layouts with VLANs and in most case is better to leave existing network "as is" if you not planning a "serious" rebuld of network at your site.VLANs just for fun? No thanks
The purpose of VLANs is to provide logical isolation. For example, many networks use VoIP phones and a pass through port for a computer. On one job I did in a seniors residence, a few years back, there was the native LAN for the office and VLANs for VoIP,
inmate'sresident's internet access and one for network management. -
@jknott
Yes, you are right, I'm agreed your point of view!
Cheers. -
There is one thing for logical, and then there is actual isolation and security... I don't want iot devices on the same network as my PC and NAS, etc.. I sure an the hell do not want guest wifi clients on any of my networks, etc. Who knows what nasty billy's device has on it, etc..
Sorry but the days of the single lan home network are thing of the past... Atleast from any sort of security concerns - your typical home has more and more devices on the "network" Doesn't mean that have to be on 1 flat network.. I want a firewall between these different types of devices thank you very much ;)
KISS while sure that 1st S can stand for simple and it can also stand for SECURE ;)
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 24.11 | Lab VMs 2.7.2, 24.11 -
@johnpoz said in Vlans No Switch?:
I don't want iot devices on the same network as my PC and NAS, etc.. I sure an the hell do not want guest wifi clients on any of my networks, etc.
You often don't have a choice about cabling. You have to use what's there. In that senior's residence I mentioned, we used ADSL over existing phone lines to bring Internet access to the rooms. I did similar in a hotel turned university residence. Phone lines were there, Ethernet cables weren't, so ADSL was used over the phone lines.
-
@johnpoz said in Vlans No Switch?:
I sure an the hell do not want guest wifi clients on any of my networks, etc. Who knows what nasty billy's device has on it, etc..
Assuming the guest WiFi has it's own SSID and VLAN, how would a guest user have access to the main LAN traffic? Even if they managed to tag their traffic, it would result in QinQ tagging, which wouldn't get them anything.
-
Have no idea what your talking about dude - yeah the ssid would be on its own vlan - DUH... My points were to the ""do it all in one"" sort of comment..
ie " leave existing network "as is"
That is not what the OP should be doing but segmenting his network. Which is the point trying to make.
