Need to add hub / switch - Recommendations?



  • I need to expand my current setup. I need to add some sort of hub/switch on my DMZ. Currently I have 1 box that is wired directly to the pfSense NIC. I need the capability to have 4 machines in the DMZ so I need to add a hub/switch but I'm not much of a hardware guy or a network guy so I'm looking for advice. I'm using my Linksys as a switch to manage my LAN2 clients and that is working fine. This is for home setup so I don't want to break the bank but would like something decent quality. I'm thinking of redesigning my network and possibly isolating my wi-fi traffic and maybe create a VLAN for multiple segments. Again, I'm not a network guy so this would be a learning project but if I decide to do so I'd like to buy a switch that has this capability. Any suggestions much appreciated.

    DSL Modem
                                                        l
                                                  PFSense
                  l                                    l                                l
                LAN1                              DMZ                            LAN2
                  l                                    l                                l

    NAS/File Server                        Linux Box            Linksys WRT54GS (acting as switch) 
    (No outbound connectivity)                                                  l
                                                                3 Clients (Wireless/Wired Mix) Limited outbound access



  • What do people think of the netgear GS108 ?


  • Netgate Administrator

    I see no mention of VLANs on the GS108.
    If you are planning to use them you will need a VLAN capable switch.

    Steve



  • The Mikrotik Router Board 250GS (http://routerboard.com/pricelist.php?showProduct=101) is VLAN capable and priced well for home users.


  • Rebel Alliance Developer Netgate

    The Netgear GS-108T is good, and is a managed switch that does VLANs.

    I have one and it works well, though at the moment I am not using VLANs on it.

    http://www.netgear.com/products/business/switches/smart-switches/gs108t.aspx

    Administrative Switch Management
        * IEEE 802.1Q Static VLAN (256 groups, Static)



  • I'd second the RB250GS if 5 Gigabit ports is sufficient for your needs.  It's exceedingly cheap for a VLAN capable switch (priced like a dumb 5 port gigabit) and does a decent job.  Only quirk is that it might ship with a non-functional firmware (1.00) and needs an upgrade before the features work properly.



  • Cool, thanks for the recommendations.

    So just a quick question about pfSense and VLAN's.

    If you look at the diagram at the first of the thread you see that I have 3 NIC's in pfSENSE. I currently have LAN2 managing a mix or wired and wireless machines. All of them are plugged into my Linksys WRT54GS that is plugged directly into my pfSENSE essentially acting as a switch. If I buy one of these VLAN supported switches and place it between my pfSENSE box and the Linksys, could I create 2 VLAN's making two different segments/subnets so I could isolate my wired and wireless traffic?

    PFSENSE
                                                                    l
                                                                Switch
                                                    l                                l
                                        Wired Machines                      Linksys WiFi
                                                                                      l
                                                                                  WiFi machines


  • Netgate Administrator

    Yes.
    Each incoming VLAN is treated as a separate inteface by pfSense so the two will be isolated unless you put in a rule to connect them.
    One thing to bear in mind is that all the traffic from both VLANs will have to travel down the same cable so that may limit your bandwidth between the two VLANs. Of course you may also be limited by the speed of your pfsense box which will be firewalling between the two.

    Steve



  • What about on the client machines themselves? From my reading this would be considered a port-based VLAN. I would not need a special VLAN supported nic on the client machines unless I want to do tagging to support multiple VLAN's. It's a bit confusing to read about but am I on the right track?


  • Netgate Administrator

    Yes.
    I must confess I have only flirted with VLANs as a test but it seemed quite straight forward.
    You assign the ports on your switch to each VLAN and incoming packets are tagged appropriately.
    The only NIC which must support VLAN tagging is that which is in your pfSense box.

    Steve



  • I built my pfSENSE for low power so I went with mini-ITX. Used the JETWAY AD3INLAN-G daughterboard for the 3 port NIC so it doesn't look like it's supported. But thanks for giving me the fundamental understanding before I go out and waste money. I only need to buy a regular switch at this point.



  • @HiTekRedNek:

    Used the JETWAY AD3INLAN-G daughterboard for the 3 port NIC so it doesn't look like it's supported.

    Is that the daughtercard with three Intel NICs (rather than three Realtek NICs)?

    What do you mean "doesn't look like its supported"? Most Intel NICs are supported (in that there are device driver for them) and most modern NICs include VLAN hardware support.



  • Is that the daughtercard with three Intel NICs (rather than three Realtek NICs)?

    Yes it is.

    What do you mean "doesn't look like its supported"? Most Intel NICs are supported (in that there are device driver for them) and most modern NICs include VLAN hardware support.
    

    Earlier in the thread it was mentioned that the only NIC that has to support VLAN tagging is the one if my pfSENSE box. I read the spec sheet on the Jetway sight and it didn't specifically mention anything about VLAN support.



  • @HiTekRedNek:

    Earlier in the thread it was mentioned that the only NIC that has to support VLAN tagging is the one if my pfSENSE box. I read the spec sheet on the Jetway sight and it didn't specifically mention anything about VLAN support.

    A better place to look for a statement about VLAN support would be the FreeBSD man page for vlan (see http://www.freebsd.org/cgi/man.cgi?query=vlan&apropos=0&sektion=0&manpath=FreeBSD+8.1-RELEASE&format=html. There it lists a number of NICs with hardware vlan support and a number of NICs with "software emulated" vlan support. There are Intel and Realtek NICs in both lists.



  • I looked into it a bit further and the AD3INLAN-G has the Intel 82541PI ethernet controller. When I looked it up it had the following specs.
    IEEE 802.1Q VLAN support with VLAN tag insertion and stripping and packet filtering for up to 4096 VLAN tags.

    Looks like I'm going to be picking this up along with the Mikrotik RB250GS. I found the switch for $55 shipped door to door.

    Thanks for helping me narrow this down.


Log in to reply