VLAN setup with more than enough physical network ports

johnpoz

The book is not everything there is to know about networking and more and how to best leverage interfaces based upon your specific networks requirements ;) The book is about pfsense, and sure it goes over how to setup vlans, and it goes over how to setup an interface on a network. And sure touches on some basic concepts where required to explain how something work in pfsense, etc.

To be honest this is basic 101 network management and understanding... The very nature of a vlan means that they share the physical constraints of the interface they will be on.

How you setup router and switches to best suite your needs/wants is up to you... Sure if the 1 physical interface can handle your traffic - then yeah you get by with 1 physical interface for all of your networks. Be it 100, gig or 10+ gig interface, etc.. etc..

Or maybe you want to setup all your physical interfaces as a lagg and then run your vlans on the lagg..

If the book went into all the possible things - it would be as thick as old school encyclopedia, and still be missing out on vast amount of information ;)

A Former User

@johnpoz The more you learn the more you realize you know very little. I'm consistently amazed by people who can drag some obscure bit of experience out from something they did years ago.

On the other hand you can learn how to find the information you need quickly when needed. Google foo or whatnot...

makesnosense

@johnpoz said in VLAN setup with more than enough physical network ports:

If the book went into all the possible things - it would be as thick as old school encyclopedia, and still be missing out on vast amount of information ;)

It is already thick :)

@jwj said in VLAN setup with more than enough physical network ports:

@johnpoz The more you learn the more you realize you know very little.

My line exactly!

JKnott

@makesnosense said in VLAN setup with more than enough physical network ports:

Is it because this isn't the most "economical" way to use your physical resources?

Unless you have physically separate networks, there's no real point in using multiple ports. The whole idea with VLANs is to logically separate virtual networks, while running them over the same wire. So, you might want to provide higher priority for VoIP, while using the same LAN connection as a computer. Or, you'd use VLANs if you had multiple SSIDs for the same access point, perhaps for guests that only connect to the Internet, etc..

johnpoz

@jwj said in VLAN setup with more than enough physical network ports:

The more you learn the more you realize you know very little

So true... I have been in this field professionally like 25 years.. There was some cross over years where I was paid to do engineering on the mechanical side but also did IT related stuff.. But about 25 years ago or so went full time into IT.. My title changed and got new boss, etc.

But have been overall interested and playing with IT, and all things nerdy before there was even computers as we understand them today..

And yes I can say for sure that I learn something new every single day in my own field..

And yup - how to find info is very underrated skill ;)

Unless you have physically separate networks, there's no real point in using multiple ports

Sorry dude but that is just utter nonsense... We just went over why you might want to use physical interfaces... If I have box on vlan A, and box on vlan B and I want to move data at 1gbs between these networks/vlans... I sure and the hell can not put both those vlans on 1 physical interface that is only 1 gig.

A Former User

@johnpoz Thanks for sharing. I can recall more than one time over the last year or two when you gave me the push to learn not just what order to push the buttons to get the desired result but why that is so. Good stuff!

JKnott

@johnpoz said in VLAN setup with more than enough physical network ports:

If I have box on vlan A, and box on vlan B and I want to move data at 1gbs between these networks/vlans... I sure and the hell can not put both those vlans on 1 physical interface that is only 1 gig.

I believe I already mentioned improved performance in an earlier post, but the OP said with a small network, that wasn't an issue. Also, in your example, wouldn't LAGG be better? After all, why have a NIC just for VoIP, when it uses so little bandwidth? Also, what's on the WAN side? If there's only a 100 Mb connection, multiple 1G interfaces to the switch won't do much.

makesnosense

@JKnott said in VLAN setup with more than enough physical network ports:

@makesnosense said in VLAN setup with more than enough physical network ports:

Is it because this isn't the most "economical" way to use your physical resources?

Unless you have physically separate networks, there's no real point in using multiple ports. The whole idea with VLANs is to logically separate virtual networks, while running them over the same wire. So, you might want to provide higher priority for VoIP, while using the same LAN connection as a computer. Or, you'd use VLANs if you had multiple SSIDs for the same access point, perhaps for guests that only connect to the Internet, etc..

Wiring is not really an issue as that's how it looks like in a CoolerMaster box...

Please, appreciate the effort that I had to disconnect almost everything :D

JKnott

@makesnosense said in VLAN setup with more than enough physical network ports:

Wiring is not really an issue as that's how it looks like in a CoolerMaster box...

What I meant by "wire" is the cable connecting the various locations around a home/office/factory etc. Instead of running multiple Ethernet cables to each location, you just need one to carry whatever virtual networks.

makesnosense

@JKnott said in VLAN setup with more than enough physical network ports:

@makesnosense said in VLAN setup with more than enough physical network ports:

Wiring is not really an issue as that's how it looks like in a CoolerMaster box...

What I meant by "wire" is the cable connecting the various locations around a home/office/factory etc. Instead of running multiple Ethernet cables to each location, you just need one to carry whatever virtual networks.

I know what you meant that's why I pointed out that it's not the case :)
Everything is within a metre of the router except 1 PC, the Unifi AP (actually the PoE power supply is next to the router) and the CCTV cams

makesnosense

Well, as the main question is pretty much sorted - I will have separate VLANs without tagging on separate interfaces and separate switches - could you help me out on some structuring, please?

So that's how it would be:

1. Should I just create one more VLAN on my spare LAN port and call it WIFI and move the Unifi AP from the LAN switch to there?
   And then I can create two or three separate WiFi VLANs on the Unifi controller?
   Question is if I did that should I rather create those WiFi VLANs on that spare LAN port with tagging?!?
2. Is the Kodi box and the printer okay on crap network?
   I think I can create a firewall rule to access the printer from the LAN and that's fairly straightforward.
   But what about the kodi box? If I create a rule for the kodi box to access the file server (and only the fileserver) then is there any way to restrict it to only access the media dataset and nothing else on the FreeNAS box?