Need suggestions for home topology
-
@JKnott & @johnpoz - please weigh in on this thread with your affirmative comments.
Hi,
I will be re-configuring my Home Network topology in light of my new found knowledge of VLANs
Here is the arsenal at my disposal:
- Qotom device (like this one) running pfSense (5 LAN ports + 1 WAN port)
- Dell RCT4M S60-44T (seems like a L3 switch) that I boughton eBay But it makes hell of a noise, so have to run from attic but it seems well equipped from hardware perspective to run firewall, run DHCP and handle traffic
- Few L2 managed switches from Trendnet (see here)
Here are my logistics constraints:
- Qotom (pfSense) is mounted on my desk and I like its UI for managing things from my desk
- Netgear Orbi base unit that runs the satellites and WiFi (in AP mode) is also on my desk
- The hardwired cable junction for rest of the house (each room has an Ethernet port) is right behind my office window and I have direct access to it. I can install Trendnet L2 switches at each room depending on congestion to leverage VLAN functionality.
- Dell L3 switch has the hardware but I like the pfSense GUI to manage details unlike the console interface offered by Dell L3 switch
- I have one dedicated Ethernet cable that can run from attic to my desk and if needed (as option) I can use an electrical modem (like this one) to create more direct connection with Dell L3 switch in attic. But for now assume no connection as I am not sure of the performance of these electrical modems.
- Most of the IoTs is on WiFi via Orbi that is the one that I want to isolate on its own LAN and not have ability to snoop around on rest of the network.
In an ideal set up with no constraints, I'd think it makes sense to have put hardware in following order: pfSense --> Dell L3 Switch --> Trendnet L2 switches.
But with my present constraints I am thinking that following would make most sense:
pfSense --> Trendnet Switch (VLANs confured) --> Dell L3 switch --> distribute to rest of the house through Dell Switch --> install Trendnet Switch(s) in rooms as needed.Q1: Do you guys agree with above order? Also important to know why, if there is disagreement?
Q2: Any suggestions on how to run the wires and configure the network using the hardware with contraints?
Have a great new year and a very happy 2021!!!!!
-
@pm_13 said in Need suggestions for home topology:
pfSense --> Trendnet Switch (VLANs confured) --> Dell L3 switch --> distribute to rest of the house through Dell Switch --> install Trendnet Switch(s) in rooms as needed.
Why are you calling out that its a L3 switch - do you plan on routing on it?
-
You have a lot of switch ports there. You don't need a L3 switch for routing, since pfsense can do that. Same with DHCP server. Also, with all those ports on the Dell switch, do you need the Trendnets? Why not just run cables to all the locations. Those switches give you 8 ports at 1 location, one of which goes back to the Dell. You can get 6 position outlet box panels, which can be cabled back to the Dell. Unless you have space restrictions, pulling in 6 cables isn't much harder than 1. One other consideration is that Dell will likely be power hungry, as well as noisy. Are you sure you want to use it?
-
This post is deleted! -
Thanks for your input and your questions are definitely helping clear things in my head.
Here are few more clarifications:
- Dell Switch was a bargain that I stumbled upon on eBay and got a functional L3 switch for forty bucks!! But not planning on using it for routing as I like the UI and ease of pfSense.
- There is a utility junction box outside the house that runs an Ethernet cable from each room to this junction box, these cables were put in during home construction and it is not possible to run any more cables except one room (see next point).
- My office desk where pfSense is installed is on the other side of the wall that hosts the junction box and all I needed was to drill a hole and I can add more wires (as needed) between pfSense and the utility junction box. Currently I have an unmanaged switch in the junction box that connects all the cables from each room to pfSense.
- The attic sits on top of three bedrooms so I can use one of the existing Ethernet cable from one of the bedroom and extend it few feet to get into attic.
- In attic I am putting following hardware:
a. A rack server (4 Ethernet ports) that will run four components:
i. Home Assistant server
ii. Zoneminder for surveillance cameras
iii. NAS for home LAN
iv. Central log server for all machines on home LAN
b. Dell Switch
c. TBD ā alarm system, the house is pre-wired and would put one in place this year - The Dell switch and rack server have really noisy fans but putting them in attic eliminates the noise factor and also makes them physically secure.
I think following would make sense:
- The pfSense machine has 6-ports which can be used as follows:
i. WAN
ii. LAN-1: Netgear Orbi ā this will make WiFi a dedicated VLAN, barring 1~2 devices most of it is either IoTs or guest network devices.
iii. LAN-2: trusted machines like work laptop
iv. LAN-3: test network for VMs and all trial projects which I have started doing a lot off lately
v. LAN-4: TBD
vi. LAN-5: TBD - Current WiFi hardware does not support VLANs in AP mode but ithat will change in future so hopefully filter out āguestā from āIoTsā using VLANs
- Since there is only a single dedicated cable from utility junction box to attic, adding a L2 switch at both ends would create more virtual cables as number of ports on Trendset L2 switch.
- There are only three rooms (office and two living rooms) where there is congregation of multiple devices and I can use a Trendnet L2 switch in each of these rooms to leverage VLAN functionality.
-
@pm_13
I'd make one or two of the Qotom lanports Vlan capable from the beginning.
Murphy (experience) says that you will always need more lan segments than yo have physical pfSense ports.And you prob need it anyway for a multi SSID WiFi setup.
/Bingo
-
@bingo600 I agree...as it is Better to have it and not need it rather than needing it and not have it......
Thanks!!
-
Nothing wrong with putting switches at both ends of cable ;) But for bandwidth reasons don't go daisy chaining switches for the fun of it ;)
And I am all for multiple interfaces on the router that is for sure. And can be helpful in spreading out the bandwidth for your vlans. If possible would use interface on the router for each segment. But when you have more networks then interfaces you will have to share.
My question about the L3, was there is no reason to call out that its an L3 switch unless your planning on using it as router..
Whats the specific model of the dell switch? Old enterprise gear can be enticing at low costs - but quite often they are very loud and very power hungry... The power can eat up any upfront perceived cost savings really quickly... Be amazed at how much it costs you to run a 130W switch per year vs just 10w switch.. When they are on 24/7/365
-
FWIW I donāt have any ethernet between the rooms at home, I get over the issue running vlans over Devolo ethernet over power devices, not ideal but they do pass tagged ethernet packets.
-
@johnpoz said in Need suggestions for home topology:
When they are on
24/7/265Poor guy ...
10100 days downtime/yrEdit: Totally agree w @johnpoz
The initial saving on used enterprise equipment is easily eaten up by electricity cost , in the long run. -
We both did typos ;) 365 - nice catch - doh!
Fixed ;) heheheh
edit: Just for example.. That 120w difference depending on what electric costs you could be $120 a year difference. Multiply that out for say 5 years that you use said switch and its not all that much of a cost savings ;)
I am all for leveraging old enterprise gear for a lab you have on a few hours now and then to "lab" something.. But if going to be your networks switch and they are sucking juice 24/7 you really prob want something that is very low power.. Especially if you going to have a lot of them due to layout and lack of wiring, etc..
-
@johnpoz said in Need suggestions for home topology:
Poor guy ...
10100 days downtime/yrWe both did typos ;) 365 - nice catch - doh!
Well maybe i can get my tuition money back for calc ...
Nice catch too