Do I need a layer 3 switch?

[Fingers]

I am looking for some advise please.

I have a pfsense self build router connected to an unmanaged Netgear 8 port switch. That is feeding some wired devices close by and also a 'BT Whole Home' 3 disc mesh/ap that is connected to tplink av1200 homeplug, so I have the next best thing to a wired backhaul as the other 2 discs are connected to some homeplug too. The mesh/ap's connect to pfsense via dhcp, and I have since assigned them static Ip's in the default 192.168.1.x range.
My needs have changed and I need to create a VLAN to have a separate guest WiFi network that runs concurrently with the existing one (that will be just used for family with phones, tablets ect). So I also want the WiFi network to be available, for example on the 192.168.2.x range.
Do I need a layer 3 switch to assign the port that feeds the WiFi to 2 networks?

Any help would be appreciated as I'm not too good with networking.

 

[System Error Message]

if you want to do layer 3 routing then yes

 

[Fingers]

Sorry what I mean is, would a layer 2 or 3 switch allow me to assign one port with the AP connected, to both the default subnet and the vlan?
Appologies if I'm not explaining it very well.

 

[thiggins]

A Layer 2 smart/managed switch with port-based VLANs will let you do what you want to do. But you'll need to keep everything in the same subnet.

https://www.smallnetbuilder.com/lanwan/lanwan-howto/30071-vlan-how-to-segmenting-a-small-lan

 

[Fingers]

Thank you, just needed expert conformation. Looks like I need layer 3.

Thanks for the link I'll do some more research to see if I can come up with something else suitable.

 

[abailey]

Since you run pfSense you don't have to have a layer3 switch. The pfSense can do the internal routing (especially if your talking home environment). That way you can just use a layer2 smart switch. The real question to me is does your BT Whole Home system support VLANs. Personally, for a home environment, I would not purchase a layer3 switch if you already have a router that can support routing of VLANs in your network. It just adds more complexity.

 

[Fingers]

Since you run pfSense you don't have to have a layer3 switch. The pfSense can do the internal routing (especially if your talking home environment). That way you can just use a layer2 smart switch. The real question to me is does your BT Whole Home system support VLANs. Personally, for a home environment, I would not purchase a layer3 switch if you already have a router that can support routing of VLANs in your network. It just adds more complexity.

I think this is what is confusing me. I couldnt see how to use the BT Whole wifi over VLAN's on different subnets. I just assumed the only way, would be to assign a port on the switch to the default subnet and the new created VLAN on a different subnet. I may be way off with my thinking as I am reading and learning as I am going along with this.

 

[abailey]

If your BT Whole Home system does not support VLANs or have its own internal filter for guest, then there is really no way to make it isolate the traffic (there is really nothing you can do in the switch or pfSense router to make it work). Even if you use ACL's in the switch and router, the traffic can still intermingle in the WAP itself if it does not support some type of isolation.

 

[Fingers]

Damn! I read the Netgear orbi has had an firmware update to supprt VLAN, but im not sure my wife will see the justification to get rid of my kit and buy that. I am in the middle of reading the link that Tim posted up so I will see if I can somehow come up with another soloution.

Thank you for your excellent help.

 

[thiggins]

The article link I posted does not require a Layer 3 switch. Just a smart/managed switch supporting port-based VLANs.

 

[Fingers]

Yes thanks I read that, but it seems I cannot set a guest wireless network up with the BT Whole Home as I can only have one SSID and password.

 

[System Error Message]

what thiggins might have gotten wrong is that if you are doing segmentation on both layers 2 and 3, you dont need a layer 3 switch. If you are using the same subnet or have inter routing but do layer 2 segmentation, then a layer 3 switch will help.

Regardless of your setup, the simplified way is, if you want to prevent any or limit communications between vlans and subnets, you dont need a layer 3 switch, if you want communications between the segments, then you need a layer 3 switch.

 

[Fingers]

So would I just be better off ditching the BT Whole Home AP's and using a few standard router/AP's dotted around the house?

The more reading I'm doing the more confused I'm getting. It's the WiFi aspect of things I'm struggling with.

 

[Fingers]

After a bit more studying, it looks like I'd be better to ditch the BT Whole Home kit and replace it with the Linksys LAPAC1750 Business Access Point. As it supports VLAN and up to 16 SSID's.

 

[System Error Message]

that would be right, the BT wifi router has limited range despite being decent. Its firmware is basic as well that it is meant for the basic home user.
However you can still use it with a managed switch.