Configuration Questions for Small Home Use
-
Let me start by saying I have a strong Unix background but very little networking experience beyond the basics. I will probably over explain some stuff but I don't want to leave out any details that I don't realize the importance of.
I have a few laptops and phones that connect with wifi on my network. I have a NAS and server that are always on and have a fair amount of traffic between them (it is primarily a media server). My NAS supports link aggregation but my server only has 1 NIC and the server is basically all that is ever connected to the NAS so I don't plan on using link aggregation at the moment but I would like to keep it an option. I will probably do backups of the router to my NAS so I guess I will add a second client. My server currently runs OpenVPN but I plan to move that to my router. I am thinking of the following hardware:
pfSense SG-2440
NETGEAR ProSAFE GS108T
UniFi AC LiteI am not sure about the switch but the rest seems appropriate?? Any recommendations on hardware would be great :). Cheaper is better but I am willing to invest if I really need to.
I also have a question about traffic monitoring. How can I setup pfSense so I can monitor the traffic on my LAN? When watching movies, large files are sent from the NAS to the server to the media player so there is more traffic on my network than most homes of my size if that matters.
-
to be honest a sg2440 seems a bit overkill of a home network on a budget, you could for sure run pfsense on cheaper hardware..
As to your amount of traffic.. because you stream movies off your storage? You would be surprised at how common such a setup is these days..
As to monitoring your lan traffic. Lan traffic unless its on 2 different segments routed through pfsense is not going to transverse pfsense so you wouldn't be able to monitor that with pfsense. Your switch should be able to give you stats on how much traffic each interface is moving.
As to your link aggregation idea.. This is where many people get confused that don't work in networking, 1+1 does not = 2 in laggs or etherchannels or portchannels, how ever you want to call it based upon the hardware your using. So unless you have lots of devices talking to lots of other devices on opposite sides of the lagg its not going to get you much. There is going to be a hashing method used to determine what connection goes over each leg in the lagg. And device A talking to device B on the other side is going to always use the same leg.. So doesn't really matter if you have 1 +1 or 1 + 1 + 1 + 1, those devices talking to each other are only ever going to see 1..
As long as your switch supports some advanced features like vlans, you should be fine for pretty much anything you might be looking to do in a home network. And your unifi choice for a AP is a good one and very home budget friendly..
If it was me I would reduce the money spent on the pfsense hardware and put that saving into better switch.. I am a big fan of the cisco sg300 model.. You can get the 10 port gig for like $130 currently and it also supports sfp so you could add fiber to your network at some future date ;) It has a huge feature set, and can even do Layer 3 if you want.
The money save on the pfsense box could get you that better switch and even better model of the AP or multiple AP for better overall coverage of wifi in your home. I currently have 3 of the unifi in my home. the LR, the Pro and the lite.. The LR is located near my outside patio to give me good 5ghz coverage out there, the pro is in the center of the house to cover pretty much everywhere else and the lite is the back of the house to give good coverage in the back bedrooms. If what your after is AC coverage, keep in mind that the range is not anywhere as good as 2.4ghz.. So multiple AP with proper placement is key to good wifi coverage. Its possible depending on the size and makeup and layout of your house that 1 AP will be enough if properly placed.. But more than likely you will want more than 1 at some point.
Back to your monitoring.. If your switch supports flows, you could always these flows to something like ntop or other flow collectors to report on the amount and type of traffic flowing of your network. Not to many home budget switches support flows.. But pretty much any smart switch will support port mirroring/spanning that would allow you to connect something to watch all the traffic flowing over the switch and report on it or convert that into a flow and send it to an analyzer like ntop or manageengine opmanager has a free 10 device option, etc.
-
to be honest a sg2440 seems a bit overkill of a home network on a budget, you could for sure run pfsense on cheaper hardware..
Probably but I would really like to keep things small and low power if possible. I was really looking at the ones from Netgate and the 2440 is $50 more than the 2220 so I figured why not when comparing the two. I have an apartment so my NAS, server, router, speakers, TV, media player, etc are all on a single shelf in the living room because that is where the cable comes in and I can't easily run wires. Any recomendations on small hardware for pfsense?
As to your amount of traffic.. because you stream movies off your storage? You would be surprised at how common such a setup is these days..
Yeah, it isn't much compared to larger places. I do probably use more than most in my setting though (I have used 2TB of internet this month… 4 days). That is for my server alone and it copies everything over to my NAS and then it goes back to the server for transcoding to generate thumbnails, so 6TB network usage just for the server :). And this is before I have even watched anything....
As to monitoring your lan traffic. Lan traffic unless its on 2 different segments routed through pfsense is not going to transverse pfsense so you wouldn't be able to monitor that with pfsense. Your switch should be able to give you stats on how much traffic each interface is moving.
As to your link aggregation idea.. This is where many people get confused that don't work in networking, 1+1 does not = 2 in laggs or etherchannels or portchannels, how ever you want to call it based upon the hardware your using. So unless you have lots of devices talking to lots of other devices on opposite sides of the lagg its not going to get you much. There is going to be a hashing method used to determine what connection goes over each leg in the lagg. And device A talking to device B on the other side is going to always use the same leg.. So doesn't really matter if you have 1 +1 or 1 + 1 + 1 + 1, those devices talking to each other are only ever going to see 1..
As long as your switch supports some advanced features like vlans, you should be fine for pretty much anything you might be looking to do in a home network. And your unifi choice for a AP is a good one and very home budget friendly..
If it was me I would reduce the money spent on the pfsense hardware and put that saving into better switch.. I am a big fan of the cisco sg300 model.. You can get the 10 port gig for like $130 currently and it also supports sfp so you could add fiber to your network at some future date ;) It has a huge feature set, and can even do Layer 3 if you want.
The money save on the pfsense box could get you that better switch and even better model of the AP or multiple AP for better overall coverage of wifi in your home. I currently have 3 of the unifi in my home. the LR, the Pro and the lite.. The LR is located near my outside patio to give me good 5ghz coverage out there, the pro is in the center of the house to cover pretty much everywhere else and the lite is the back of the house to give good coverage in the back bedrooms. If what your after is AC coverage, keep in mind that the range is not anywhere as good as 2.4ghz.. So multiple AP with proper placement is key to good wifi coverage. Its possible depending on the size and makeup and layout of your house that 1 AP will be enough if properly placed.. But more than likely you will want more than 1 at some point.
Back to your monitoring.. If your switch supports flows, you could always these flows to something like ntop or other flow collectors to report on the amount and type of traffic flowing of your network. Not to many home budget switches support flows.. But pretty much any smart switch will support port mirroring/spanning that would allow you to connect something to watch all the traffic flowing over the switch and report on it or convert that into a flow and send it to an analyzer like ntop or manageengine opmanager has a free 10 device option, etc.
Because I live in an apartment, range is 100ft worst case through 2 walls. There are a very large number of wireless networks around me though so I have to be careful about interference.
I definitely understand that link aggregation won't double speeds. Currently, having a 10Gbit connection to the NAS would be a complete waste because there is only 1 client and it is 1Gbit. I just would prefer a switch that has link aggregation because I might use it in the future. I am sure every managed switch supports link aggregation anyways.
I am comfortable at the command line but maybe not for a switch. Does the Cisco sg300 have a good web interface?
Thanks for the help!!
-
yeah the sg300 has a great web interface compared to the netgears.. Many of the netgear models require software from netgear to manage. I have an older gs108t, that was web - but that we doesn't work in firefox, have to use IE.
I just ordered a netgear gs108e that I believe have to use the software on.. But for 33$ after rebate just too cheap to pass up to replace my old gs108tv1, I would assume your looking the gs108tv2. I show it for like 93 on amazon. For that price difference I would really go with the sg300, that I see for like $125 on amazon. I got mine for $180 back a year or so ago… Very happy with it. can send you some screenshots of the web gui if your interested. It also has console support, which can be a life saver if you really mess up its config ;)
I would of gotten a second one, but its just the switch in my av cab, and while I do need vlan support there, and I do igmp snooping/blocking for the 100$ difference I can live with using their software to set it up once and forget about it. Only reason replacing the now very aged v1 model is it has a tendency to lock up and have to reboot it. And more than a couple of times its has lost its complete config.. So when it locked up on me twice the other day figured it was time to replace. And at that price wont get any grief from the wife ;)
I show the 2220 on pfsense store for 300, while the 2440 is 500.. you getting the 2440 somewhere else? You know another option for pfsense is to just do it virtual. If you got a box running virtual, esxi, hyper-v, etc. add some interfaces and there you go nice firewall/router on the cheap that uses low power and takes up no extra space... I run pfsense on old hp n40l that also runs multiple other vms for me. Including my storage and plex server, etc.
-
yeah the sg300 has a great web interface compared to the netgears.. Many of the netgear models require software from netgear to manage. I have an older gs108t, that was web - but that we doesn't work in firefox, have to use IE.
I just ordered a netgear gs108e that I believe have to use the software on.. But for 33$ after rebate just too cheap to pass up to replace my old gs108tv1, I would assume your looking the gs108tv2. I show it for like 93 on amazon. For that price difference I would really go with the sg300, that I see for like $125 on amazon. I got mine for $180 back a year or so ago… Very happy with it. can send you some screenshots of the web gui if your interested. It also has console support, which can be a life saver if you really mess up its config ;)
I would of gotten a second one, but its just the switch in my av cab, and while I do need vlan support there, and I do igmp snooping/blocking for the 100$ difference I can live with using their software to set it up once and forget about it. Only reason replacing the now very aged v1 model is it has a tendency to lock up and have to reboot it. And more than a couple of times its has lost its complete config.. So when it locked up on me twice the other day figured it was time to replace. And at that price wont get any grief from the wife ;)
I show the 2220 on pfsense store for 300, while the 2440 is 500.. you getting the 2440 somewhere else? You know another option for pfsense is to just do it virtual. If you got a box running virtual, esxi, hyper-v, etc. add some interfaces and there you go nice firewall/router on the cheap that uses low power and takes up no extra space... I run pfsense on old hp n40l that also runs multiple other vms for me. Including my storage and plex server, etc.
I definitely don't want software managed, I would rather have CLI than software. The SG300 seems pretty nice and there is a POE model. Probably not worth it for $60 more but it would be nice to not have the POE injector on the UniFi AP.
Netgate: http://store.netgate.com/Desktop-Systems-C83.aspx. Netgate makes the hardware, they are just rebranded by pfSense and marked up. But obviously buying the pfSense one helps support them and you get phone support.
-
I don't think the lite model is standard poe, you would need to use a unifi poe switch or the injector. I believe the pro model is standard poe that other switches do.. Double check that for sure before ordering a poe switch.
If your looking at the T model of the netgear your prob ok with web, I think its the E models that have to use their software.
Odd they don't seem to mark up the 2220, that is same price it looks like but yeah that is a $150 mark up on the 2440..
-
I definitely don't want software managed, I would rather have CLI than software. The SG300 seems pretty nice and there is a POE model. Probably not worth it for $60 more but it would be nice to not have the POE injector on the UniFi AP.
Netgate: http://store.netgate.com/Desktop-Systems-C83.aspx. Netgate makes the hardware, they are just rebranded by pfSense and marked up. But obviously buying the pfSense one helps support them and you get phone support.I have pretty much this same setup; An SG300-28 and a UniFi AP LR and it's fantastic. The UniFi is the only device that I have that requires PoE, so I went with the less expensive, non-PoE switch and just handle the injector since for my switch the PoE version of my switch is $700 on amazon vs. the $271 I paid for the unpowered version.
-
I don't think the lite model is standard poe, you would need to use a unifi poe switch or the injector. I believe the pro model is standard poe that other switches do.. Double check that for sure before ordering a poe switch.
If your looking at the T model of the netgear your prob ok with web, I think its the E models that have to use their software.
Odd they don't seem to mark up the 2220, that is same price it looks like but yeah that is a $150 mark up on the 2440..
Thank you! I didn't even realize it isn't normal POE.
Yeah, that and the $50 difference makes me think the 2220 is normally cheaper from Netgate. If it were normally $200 or even $250 everything would make a lot more sense. But I have no clue.
-
I definitely don't want software managed, I would rather have CLI than software. The SG300 seems pretty nice and there is a POE model. Probably not worth it for $60 more but it would be nice to not have the POE injector on the UniFi AP.
Netgate: http://store.netgate.com/Desktop-Systems-C83.aspx. Netgate makes the hardware, they are just rebranded by pfSense and marked up. But obviously buying the pfSense one helps support them and you get phone support.I have pretty much this same setup; An SG300-28 and a UniFi AP LR and it's fantastic. The UniFi is the only device that I have that requires PoE, so I went with the less expensive, non-PoE switch and just handle the injector since for my switch the PoE version of my switch is $700 on amazon vs. the $271 I paid for the unpowered version.
What are you running pfSense on?
-
BTW my gs108ev3 switch got here last night, it does have a web interface.. Its pretty much the same feature set as my older gs108t.. Atleast it works in firefox now. Or you can use the util if you want to admin it..
Does not support snmp. Sucks I normally like to monitor my switches..
For 33$ it will do what I need, which is understand vlan tags in my av cabinet. I really would suggest you go with the sg300 if your looking for a smart switch with actual features..
You had asked how the sg300 web gui was, etc.. Here is a comparison between brand new gs108ev3 and my sg300.. You can tell from just the menu options that sg300 has way way way more features than these netgear devices. Now if you do go with the T model, they do support snmp atleast.