Need to add hub / switch - Recommendations?

wallabybob

The Mikrotik Router Board 250GS (http://routerboard.com/pricelist.php?showProduct=101) is VLAN capable and priced well for home users.

jimp

The Netgear GS-108T is good, and is a managed switch that does VLANs.

I have one and it works well, though at the moment I am not using VLANs on it.

http://www.netgear.com/products/business/switches/smart-switches/gs108t.aspx

Administrative Switch Management
    * IEEE 802.1Q Static VLAN (256 groups, Static)

dreamslacker

I'd second the RB250GS if 5 Gigabit ports is sufficient for your needs.  It's exceedingly cheap for a VLAN capable switch (priced like a dumb 5 port gigabit) and does a decent job.  Only quirk is that it might ship with a non-functional firmware (1.00) and needs an upgrade before the features work properly.

HiTekRedNek

Cool, thanks for the recommendations.

So just a quick question about pfSense and VLAN's.

If you look at the diagram at the first of the thread you see that I have 3 NIC's in pfSENSE. I currently have LAN2 managing a mix or wired and wireless machines. All of them are plugged into my Linksys WRT54GS that is plugged directly into my pfSENSE essentially acting as a switch. If I buy one of these VLAN supported switches and place it between my pfSENSE box and the Linksys, could I create 2 VLAN's making two different segments/subnets so I could isolate my wired and wireless traffic?

PFSENSE
                                                                l
                                                            Switch
                                                l                                l
                                    Wired Machines                      Linksys WiFi
                                                                                  l
                                                                              WiFi machines

stephenw10

Yes.
Each incoming VLAN is treated as a separate inteface by pfSense so the two will be isolated unless you put in a rule to connect them.
One thing to bear in mind is that all the traffic from both VLANs will have to travel down the same cable so that may limit your bandwidth between the two VLANs. Of course you may also be limited by the speed of your pfsense box which will be firewalling between the two.

Steve

HiTekRedNek

What about on the client machines themselves? From my reading this would be considered a port-based VLAN. I would not need a special VLAN supported nic on the client machines unless I want to do tagging to support multiple VLAN's. It's a bit confusing to read about but am I on the right track?

stephenw10

Yes.
I must confess I have only flirted with VLANs as a test but it seemed quite straight forward.
You assign the ports on your switch to each VLAN and incoming packets are tagged appropriately.
The only NIC which must support VLAN tagging is that which is in your pfSense box.

Steve

HiTekRedNek

I built my pfSENSE for low power so I went with mini-ITX. Used the JETWAY AD3INLAN-G daughterboard for the 3 port NIC so it doesn't look like it's supported. But thanks for giving me the fundamental understanding before I go out and waste money. I only need to buy a regular switch at this point.

wallabybob

@HiTekRedNek:

Used the JETWAY AD3INLAN-G daughterboard for the 3 port NIC so it doesn't look like it's supported.

Is that the daughtercard with three Intel NICs (rather than three Realtek NICs)?

What do you mean "doesn't look like its supported"? Most Intel NICs are supported (in that there are device driver for them) and most modern NICs include VLAN hardware support.

HiTekRedNek

Is that the daughtercard with three Intel NICs (rather than three Realtek NICs)?

Yes it is.

What do you mean "doesn't look like its supported"? Most Intel NICs are supported (in that there are device driver for them) and most modern NICs include VLAN hardware support.

Earlier in the thread it was mentioned that the only NIC that has to support VLAN tagging is the one if my pfSENSE box. I read the spec sheet on the Jetway sight and it didn't specifically mention anything about VLAN support.

wallabybob

@HiTekRedNek:

Earlier in the thread it was mentioned that the only NIC that has to support VLAN tagging is the one if my pfSENSE box. I read the spec sheet on the Jetway sight and it didn't specifically mention anything about VLAN support.

A better place to look for a statement about VLAN support would be the FreeBSD man page for vlan (see http://www.freebsd.org/cgi/man.cgi?query=vlan&apropos=0&sektion=0&manpath=FreeBSD+8.1-RELEASE&format=html. There it lists a number of NICs with hardware vlan support and a number of NICs with "software emulated" vlan support. There are Intel and Realtek NICs in both lists.

HiTekRedNek

I looked into it a bit further and the AD3INLAN-G has the Intel 82541PI ethernet controller. When I looked it up it had the following specs.
IEEE 802.1Q VLAN support with VLAN tag insertion and stripping and packet filtering for up to 4096 VLAN tags.

Looks like I'm going to be picking this up along with the Mikrotik RB250GS. I found the switch for $55 shipped door to door.

Thanks for helping me narrow this down.