Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VLANS and Unmanaged Switches

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 4 Posters 224 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      joseb
      last edited by

      I have a brand new NetGate 1100 which will be connect to my WAN and LAN. I will be attaching a managed switch to the LAN side of the NetGate 1100. The managed switch will then be connected to two (2) unmanaged switches. One unmanaged switch connected to my 6 computers and the other connected to my four NAS(s). The NAS(s) and computers are in two different locations. So I can't run all that ethernet cable all over the place, hence the branching off into unmanaged switches.

      Will this setup with a managed switched connected to two unmanaged switches provide me all the benefits of having a VLAN? Or should I be getting two more managed switches on which to plug my NAS(s) and computers. In other words do all devices need to end/be plugged into a managed switch?

      1 Reply Last reply Reply Quote 0
      • M
        Mission-Ghost
        last edited by

        As long as you want everything plugged into an unmanaged switch to be on the same vlan it should work fine given that unmanaged switch is connected to a managed switch port assigned to a specific vlan.

        I believe you should also be able to connect the unmanaged switch to a managed switch trunk port but your end points would have to be able to process the vlan tags on their own. The unmanaged switch won’t process vlan tags in any way but pass them through.

        M J 2 Replies Last reply Reply Quote 0
        • M
          marcg @Mission-Ghost
          last edited by marcg

          @Mission-Ghost said in VLANS and Unmanaged Switches:

          As long as you want everything plugged into an unmanaged switch to be on the same vlan it should work fine given that unmanaged switch is connected to a managed switch port assigned to a specific vlan.

          I believe you should also be able to connect the unmanaged switch to a managed switch trunk port but your end points would have to be able to process the vlan tags on their own. The unmanaged switch won’t process vlan tags in any way but pass them through.

          Depends on the particular unmanaged switch. Some pass tags unmolested, others strip tags.

          Agree that untagged traffic from clients attached to an unmanaged switch can be reliably tagged by an access port on an immediately upstream managed switch. However, if maintaining the VLAN tags (and isolation) all the way to/from the clients is important, using managed VLAN-aware switches throughout is the most robust solution.

          Relatively inexpensive managed switches are available. My suggestion would be to use those. Configure the ports between them and the upstream switch -- both ends -- as trunks.

          1 Reply Last reply Reply Quote 0
          • J
            joseb @Mission-Ghost
            last edited by

            @Mission-Ghost So the rules which I create on the managed switch for the VLANs that go to the unmanaged switches will still work on the devices on the unmanaged switch?

            M M 2 Replies Last reply Reply Quote 0
            • M
              marvosa @joseb
              last edited by marvosa

              Will this setup with a managed switched connected to two unmanaged switches provide me all the benefits of having a VLAN?

              Depends on the plans for your design and the desired future state of your network. As long as you understand that all traffic from devices plugged into the unmanaged switches will end up on the VLAN configured on the uplink connection to the managed switch.

              Or should I be getting two more managed switches on which to plug my NAS(s) and computers. In other words do all devices need to end/be plugged into a managed switch?

              The short answer is no, all devices do not "need" to be plugged into a managed switch, but the more accurate answer depends on the vision you have for your network. You certainly will have more granular control using managed switches throughout. Using unmanaged switches at the access layer will limit your ability to segment traffic on a port-by-port basis..

              1 Reply Last reply Reply Quote 0
              • M
                Mission-Ghost @joseb
                last edited by

                @joseb as @marcg pointed out, it depends.

                If the unmanaged switch is connected to a managed switch access port configured to pass only traffic for one specific vlan the unmanaged switch should continue to pass that traffic down to it’s connected nodes and any traffic coming back from those nodes via the unmanaged switch will get tagged by the managed switch on the way to wherever they’re going.

                This should be true whether or not the unmanaged switch strips tags or not. But you’ll only get traffic to and from the one vlan you configured at the managed switch port for all of your unmanaged switch. No different than plugging your computer into the managed switch port.

                @marcg has a point: managed switches can be had brand new, cheaply. I use Netgear gs308ep managed switches and they work well. And I don’t have to worry about the distinction. I send a trunk line down to my access switches and then set the ports up as access ports for the specific vlans I want for each endpoint or a trunk for a Wi-Fi access point.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.