Menu
What's new
By:
Filters Better Search

An overly complicated home network. Converting from dumb to managed switch.

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

T

tiwing

New Around Here
Hi all, need a little help please! I'm venturing into the wonderful world of a managed switch. A shiny new netgear gs324tp is coming in the mail tomorrow. I need some help please to help to think through this. First to answer the question why is my small network so complicated... "Because I can" is why, and I enjoy learning this stuff. Here is a picture of my current setup.

1611796266002.png


The netgear will replace hopefully both the Lan unmanaged switch and the guest switch.

Currently the APs are wired with two cat 6 cables each, one for my main ssid for general use, and right now the other one carries separate "guest" ssids for actual guests, iot, security, and my single work laptop. The guest ssids are treated slightly differently on the APs themselves, wire through to a separate physical port on the pfsense boxes and everything coming in that port on the FW are treated differently in the firewall rules.

The parts that confuse me are:
1) do I ditch the entire concept of a separate physical guest network and pass all AP traffic over the primary (Poe) cat 6 and back to the pfsense boxes on a single cat 6 to the "Lan" port there?
2) since I have primary and secondary pfsense boxes, how do these get connected to the switch? Does the answer to 1) impact this question?
3) since the AP will possibly be passing multiple vlan id's back to the switch from each guest ssid, does the "guest" port on netgear from the AP need to be set up as "tagged" (trunk) port?

I'm going to stop here for now. I have a hundred more questions but I'm very much in "learn" mode and not even sure what to ask next.

Thanks
Tiwing.
 
Other than learning, what is the point of your network configuration?

As to the actual learning part, what is the takeaway for you so far?

The questions about the GS324TP will be best answered with the unit in your hands, the manual on the screen, and the feedback from your network.
 
Good & valid questions. I want to achieve isolation of guest and iot devices from my main network and from each other. This works with separated physical networks like I have now, but I have an issue with what I think is being caused by a cheap "guest switch" that's possibly causing an loop (as suggested in another thread here recently). Since I figured I'd have to buy a decent switch any way I've taken the opportunity to upgrade.

Further, since I have relatively slow high speed internet (40d/10u) and run a family plex server, I want to treat each network differently as far as individual device limits so no single device, or device group (home, guest, etc) takes all the bandwidth. This has been implimented using a combination of limiters in pfsense per interface, and limiters on guest ssids on the mist aps.

I manage a solution architect group in my 9-5 and infrastructure and network security is becoming a bigger focus for the company. So I'm taking the time at home to learn about some of this, albeit at a home and small business level only some of which is applicable at an enterprise level. It's the concepts I'm after.

My biggest take away is that while I understand physical separation reasonably well (cause its simple), I'm still lost when it comes to vlans, and setting up access ports vs trunking. Virtualizing a network is a mind f$*# for me.

I read most of the switch manual online yesterday before I clicked "checkout" so I'm pretty familiar with the capabilities. Before I touch it I was hoping to get some thoughts from experts who've traveled this road before me.

Cheers
 
Thank you for the detailed response. :)

I am sure that @coxhaus, @Trip, and others will be able to share their thoughts here for you (hopefully soon).
 
just imaging the vlans as individual ethernet cable runs with color coded cables (VLAN name) only these are colored lines on a piece of paper. THere is a basic VLAN tutorial on the main site here.
 
thanks degrub. I poked around but couldn't find on this site - but have read a lot of other "tutorials" out there. And I've had to reset the switch to factory defaults 3 times so far because I didn't think through (or understand) the consequences. For example, I changed the two ports going to my APs, and two ports going to the firewalls, to tagged ports (trunked). And I lost complete connectivity. 2 hours of googling later and I still can't figure out if I messed up in the switch, or if the pfsense boxes weren't set up to handle ... I imagine some day this will just 'click' for me. ... but that day is so far not today.
 
You must log in or register to reply here.

Similar threads

R
Building a Homelab
Replies
2
Views
598
coxhaus
C
K
Going from Home to Small business (NAS+CCTV) - AiMesh and possible managed switch
Replies
8
Views
379
keyboard99
K
A
Dumb vs Managed PoE switch
Replies
4
Views
1K
Tech Junky
T
Maverick009
Looking at purchasing a new WiFi7 AP. Deciding on brand to go with.
2
Replies
23
Views
4K
Tech9
Tech9
D
VLAN Config Query using pfSense and Unifi
Replies
18
Views
2K
awediohead
A
Similar threads
Thread starter Title Forum Replies Date
J why have a domain name in a home LAN? Other LAN and WAN 9
dlandiss Home networking Other LAN and WAN 12

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Members online

Total: 751 (members: 33, guests: 718)
Top