Help picking out a Layer 2 switch

CreationGuy

Hi everyone, I'm going to be buying a Netgate 4100 soon and need to upgrade my current unmanaged switch that does not support VLAN routing.

Here's what I want to do:
On the Netgate 4100, have 3 VLANs, one for internal, internet only and one security cameras. I will want the security stuff to not have access to anything but their NVR device that will be on that VLAN but I will want my internal devices to have access to that VLAN.

Internet modem > PFSense 4100, then one of the 4100's ports will connect to this switch. All devices, including an AP will be connected to this switch.

I'm looking at the Netgear GS324TP switch. I'm a bit confused on what it supports, reading their their spec sheets, it looks like it supports Layer 2. What do you think? Will this work for my needs? I need to keep this below $400.

Switch Data Sheet
User Manual

Thank you in advance!

johnpoz

@prtonguy77 ah your looking for a vlan capable switch - your title a bit misleading.. I was like what?? A layer 2 "router" ??

Sure any vlan capable switch would work, $400 is a pretty decent budget for sure. You might want to look at something that can also do routing (layer 3) if you want to explore or lab doing stuff with downstream routing at some point. That switch seems to have some layer 3 ability via acl and qos but doesn't seem to sport any routing features.

That switch would work for sure doing the routing of vlans on pfsense. Do you need/want poe - that model is poe, and comes with 2 fans so it might be a bit noisy. You can normally find 24 port switches without poe that have no fans (so no noise at all).

CreationGuy

@johnpoz I updated the title :)

I do need the POE for cameras and it's staying in the basement some noise isn't much of an issue.

So this switch would handle intervlan routing? When looking at features, what am I looking for to handle what I'd like to accomplish?

johnpoz

@prtonguy77 said in Help picking out a Layer 2 switch:

So this switch would handle intervlan routing?

No pfsense would do the routing between your vlans. That switch would isolate your vlans in to different L2 networks.

This prob the most common setup - you let pfsense route and firewall between your vlans. when you route at the switch, pfsense is not involved in any of that traffic so you could not doing any firewall between your networks. And would be limited by the capabilities of filtering between your networks to the switch features, which you can normally do some basic acls sure, but are way more complicated to setup then just firewall rule on pfsense.

Normally you would do routing at the switch for very large networks that need wire speed between multiple networks.. You normally wouldn't see such a setup in a smb or home setup..

But if you got a switch that is capable of it - then gives you ability to learn, play, lab, etc. Not saying you should or need to get that - but with a $400 I would think you could find something in that budget that has that as an option.

edit: electronics not really great prices right now.. So maybe not for a poe layer 3 with 24 ports. But few years back I had picked up a sg300-28 port (non poe) that could do Layer 3 for less than $200 new..

CreationGuy

@johnpoz When I first started looking at Pfsense, the 2100 was out and was told that routing between the VLANs would be slower, under 1 Gb. I may have mis-understood the terms as I'm still learning.

I just need the 1Gb speeds between the VLANs with the setup I had suggested in the first post.

For clarification,

Switch Port 1 has Desktop 1, which is on VLAN 2
Switch Port 20 has Device 1, which is on VLAN 3. VLAN 3 is configured to not have any communication with VLAN2, they are separate and can't see eachother.

Is that possible with this switch if I use the 4100 for VLANing? I don't want to use the switch to control that stuff, I just want the switch to know how to handle the traffic properly.

johnpoz

@prtonguy77 said in Help picking out a Layer 2 switch:

Is that possible with this switch if I use the 4100 for VLANing?

Yes... Your still handling routing at pfsense - be it actual discrete interface or a vlan interface on either a discrete interface or a switch port. Be it you allow traffic between some network is up to you. But pfsense still needs to route the traffic, even only from that network/vlan to the internet.

bingo600

@PrtonGuy77

If this one is a HW Revision C - I'd consider D-link too.

Grab this one DGS-1210-28P in a hurry , quite cheap , for a new one
https://www.ebay.com/itm/134087296339

24 Gbit ports + 4 Combo Gbic - ether or sfp

According to D-Link : Does L2+ Static Routing

Remember D-Link DGS = Giga , DES = 100Mb

Normal price
https://www.amazon.com/D-Link-WebSmart-DGS-1210-28P-Ethernet-Switch/dp/B009F7N7B8/

https://www.dlink.com/en/products/dgs-1210-28p-28-port-gigabit-smart-managed-poe-switch

UG
https://support.dlink.com/resource/PRODUCTS/DES-1210-28P/REVC/DES-1210-28P_REVC_MANUAL_4.00_EN.PDF

FW etc.
https://support.dlink.com/ProductInfo.aspx?m=DES-1210-28P

A Former User

Hi together,

Dump Switch

• pfSense comes with enough LAN port and you might be
  able to insert a dump switch on each, and you don´t need
  VLANs, pure routing is here the entire job of the pfSense

Layer2 Switch

• pfSense is sorted with one or more VLAN capable switch
  and is doing the entire routing between the VLANs on top
  of its other work!

Layer3 Switch

• pfSense is sorted with one or more Layer3 Switches and
  the switch(es) are routing the entire workload self, this free´s up your pfSense for doing other work, or you may be able to install some more packets without problems.

So this might be the first problem, for VLAN or not VLAN
usage. And the other thing is how many Volt/Watt are all the cameras are needing, so you should be looking for
two different numbers their;

• Volt/Watt per port that all cameras will be getting enough per port
• the entire electric budget must be also covering all port
  with "xyz" Watt in total!

So if your power budget total and per port is right and
you have a really let us say powerful pfSense you can
also go with dump or layer2 switches.

NETGEAR GS728TP 28 Port Gigabit Ethernet LAN PoE Switch Smart (Netzwerk Switch Managed mit 24x PoE+ 190W, 4x 1G-SFP for ~450 €

NETGEAR GS324TP PoE Switch 24 Port Gigabit Ethernet LAN Switch Smart (24x PoE+ 190W & 2x 1G-SFP, Managed Switch mit WebGUI, VLAN, IGMP, QoS, PoE Switch 19 Zoll Rack-Montage) for ~350 €

Netgear GS524PP Switch 24 Port Gigabit Ethernet LAN PoE Switch (mit 24x PoE+ 300W for ~400 €

NETGEAR JGS524PE PoE Switch 24 Port / 16 PoE Ports (100W) ports for ~200 €
12 PoE ports

Netgear (GS524UP) unmanaged but PoE++ for ~450 €
16 PoE ports