Searching For hardware with builtin managed switch
I am searching for some hardware to use for remote user offices, I am hoping to find single unit that can connect to the DSL or cable Modems, and have at least 4 LAN ports. With the ability to assign those ports to different VLANs, but also have more than one port in a VLAN. Wireless capability would be a huge plus as well but isn't required.
The Goal is to setup a home office, for the users, that allow them to connect their work laptop, and network based printer, and IP Phone to one VLAN that is configured to access an OpenVPN tunnel while allowing them to plug a home PC into another port on a separate VLAN that is limited to just internet only. But not require adding an additional layer 3 or two layer 2 switches.
I have been searching recommended hardware vendors as well as forum information, and haven't had any luck so far, the closest thing I have found <http://www.hacom.net/catalog/phoenix-it-100-pfsense-appliance>, but a quick email to their sales support team revealed that its ports function as a single non managed switch.
I am wanting to try and sell management on a cost savings over deploying the much more complicated Cisco 800 series routers using EasyVPN. So the hardware needs to fall under $500 to fit into the cost point, I have some pfSense units already deployed at remote facilities, where they are tied into a managed switch, so I have already proven the capabilities and reliability of the software. The setup for OpenVPN and the VLAN network segregation is a breeze compared to the ACLs required on the Cisco 800 series, along with the EasyVPN setup, which will save a lot of time on the configuration and management once purchased. Just need to find some hardware.
You aren't likely to find anything with a fully managed switch built into a box like that, especially at that price point.
Closest you'll get it something with a lot of ports (Like http://store.netgate.com/Netgate-FW-7535-P1693.aspx) and you can bridge ports together to make them act like a switch.
The downside of that is the extra overhead on the firewall from passing traffic for bridged ports, but depending on the type of traffic you expect on the ports it may be negligible.
Or you could take a cheaper firewall unit, like an ALIX, and hack it into a 1U chassis with an actual 8 port VLAN switch like a GS-108T. :-)
Something like this almost helps: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00245681&prodTypeId=329290&prodSeriesId=428161
But, it's unmanaged, so no VLANs. Oh, and since they're HP and a non-normal and non-commodity item, they're not cheap.
That was just from a quick search, I saw another one that looked like it might work, but didn't research too much in to it, and it claimed VLAN support: http://www.dssnetworks.com/v3/gigabit_pcie_6468.asp I'm sure there's others.
Otherwise, the problem looks like a nail to me and my favorite hammer is VMWare. You could run ESXi on the host, have a quad port card, each assigned to their respective internal vSwitch, or use port groups assigned to VLANs. Each VM can connect to any one or all of the internal vSwitches, you can run pfSense inside ESXi and it can manage traffic between the vSwitches. Pretty much everything you're looking for.
I haven't tested how well VMWare acts as a switch by simply adding multiple ports to a vSwitch. But, you might be able to use the HP card above along with ESXi in a relatively cheap "server" plus an inexpensive quad port card (or even dual, depending on your needs) for the individually assigned ports, especially if they don't have to be Gigabit.
a relatively cheap "server" plus an inexpensive quad port card (or even dual, depending on your needs) for the individually assigned ports, especially if they don't have to be Gigabit.
My path would be similar to yours…
Pick up a cheap 1U surplus/retired server and throw in 1 or 2 quad port card. This would give you 6 or 10 total gigabit ports.
Cheap HP DL360 G4's are dirt cheap nowadays (you can get a decent one for around $100 mark ) and the quad port cards hover around 40 to 80 each on fleabay...
Install pfSense and assign ports accordingly.
Do you really need VLAN's ?
Or can you get away with assigning different networks and setting up rules for devices on the network ?
I'm running an "overkill" box and have no issues besides the lack of Infiniband drivers for IPoIB, but i don't know how to compile or code so i have to sit and wait patiently which isn't a strong suit of mine LOL