Hi all,
We currently have a pfsense box and then dumb switch like 30pcs of them located in some weird places like the ceiling or under the table… And we want to upgrade and simplify our connection… so instead of PfsenseBox -> 30dumbswitch branch out… We would like a pfSensebox as our firewall then use a TP-Link Managed Switch 48gigPort Jetstream 4Port SFP 5pcs of them connected to 5 different locations using a SingleMode Fiber then have all end-users connected to specific switch no in-between dumb switch. Have VLAN setup per department (currently only have 1 subnet 10.x.x.x) then Use UAP AC as the main wireless connection… The switch will be set up using STP.
Question:
Can the switch handle the setup?
Other recommendation about setting it up?
Should we buy a different Layer3 Switch for VLAN or pfSense can handle it all?
Thanks for the help. Please feel free to recommend or give tips… Thank you.
I’ve never used that switch, but don’t see any reason it wouldn’t work. As far as ease of management goes, the central configuration of the Unifi line makes it nice.
How much traffic will you have going between the departments/vlans? Your choke point will be your single or lag connections between switches. If the traffic is staying within the department, the routing will be done within the layer 2 switches and work like it does currently. If you have more inter-vlan traffic than your choke points between switches and pfsense can handle then it’s time to look at layer 3 switches.
I think a gigabit connection is OK… We only use Fiber SC type connection because of distance… Can you recommend any Layer 3 switch brand/model? Or we need to partner a TP-Link Brand too? Typical work is just excel, Email and SAP…
Level 3 switches are something I’ve never had a use case for and thus not a ton of knowledge about. As long as the manufacturer is implementing the vlan protocol correctly, brand shouldn’t matter. For these switches you’re starting to talk about $1000 minimum price tag. There are some in the Unifi line currently in early access. Arista has really nice stuff from what I’ve heard and most of the code they’re running is open source.
Hopefully someone with more experience can add some more specific recommendations.
Interestingly, I’m doing something between 2 offices over fibre, a little similar to what you’re doing.
However I’ll be upgrading to 10, GBe between the offices and the nodes at a gigabit.
Ok coming to your case. If you are ready to cut down on the interlinking bandwidth ( this will be your bottle neck) HP 1920s is one of the cheaper L3 switch available. However it’s a gigabit speed.
The main reason why everyone is telling you look at your links, is because all 47 other clients can only connect to the other switches at a combined speed of 1gbit. So if you have a file server and a few people trying to access it, your bottleneck would be bandwidth as well.
You could also look for cheaper L3 switches second hand, like hp 2910al. Which include 4 X 10gbe sfp ports. This way, on its own you have 44 gigabit users sharing a 10gbe uplink
Of course you could always use lacp to increase the bandwidth between switches and provide some sort of stability/ fail over for both cases
If you do go down the 1gbit link, I highly recommend at least doubling it to 2 with lacp.
Oh yeah if you do decide to daisy chain your switches the uplink of the lower tier switch to the root switch would be limited and shared with all the other clients and switches connected to the uplink switch. Which would be slow in case you have all your servers in the root level switch, which is what most people will have.
Note:
Assuming that 7 Switches were managed and 4SFP ports…
All 7 switches are 100meters apart…
If I will use the IT switch as the root bridge and do a LACP using 2 fiber SM links…
We’ll this option work? or an L3 Switch is needed? or upgrade the core switch?(core just means here that its located at the IT server room, not high spec)
Layer 3 switch are basically with routing protocol, one instance would be where the switch is the default gateway. Otherwise everything will go through pfsense, which would normally be what you want.
I would add a link from IT to switch 5/6 if possible , that way no switch is more than 2 hops away, if it’s viable then, choose the one with the higher bandwidth requirement…
If you are using inter vlan traffic then a layer 3 switch would be better., however, how to maximize it is currently beyond my scope.
These days SFP+ is standard in 48 port switches. Since you’re running SM fiber, I would upgrade the core (IT) switch to 10G and have two runs to each switch in lag. This would give you redundancy and enough bandwidth for an easy 5-10 years without having to replace anything. A SG-7100 or SG-7100U would have no problem routing all the traffic.
At least core switch? with 4 SFP+ Ports? We are in a tight budget… It took us 1year to finally convince them to upgrade the dumbswitch to Managed switch… But I’ll consider your suggestion… Any problem if the core switch is the only SPF+? what if the core is SPF+ and the other switch I will connect it is only SPF?
I think you should REALLY consider the 10gbe, it will be the primary bottle neck.
You mentioned you are using LACP, this means you will have 2 x fibre cable pair, which will give you redundancy as well.
If you went with the Unifi US-48 and US-16-XG, you would have your 10G for an increase in cost of $800. It feels like you’ll be running into bandwidth issues very soon with the TP-Link and network design. With 10G you would have an easier time cascading the switches.
If I’m not mistaken SFP+ is 10gbe, and SFP would be 1g, so your speed would still be 1g.
Try to use this with the admin to maybe bump up the budget.
Think of it this way, you have the individual ports with 1gb, these are the city streets , urban housing neighborhoods etc. IF the same smaller streets are used with the same number of people on the streets try to go intercity, or home you will have a bottle neck very quickly. You also have a daisy chain of switches, which means you need go through more cities/towns in the middle and absorb their traffic as well. By using LACP, you will make a 1 lane into 2 lane. By going 10gbe, you will make it a highway of 10 lane.
You also need to pay attention to the SFP+ modules you’re using. I’m not sure that all of them will negotiate down to 1G. So you have possibility of things not working.
OK, so you have the facts and figures in front of you, I think everyone here would recommend you move 10g specially with the fact you have traffic going through multiple switches before they hit their target.
If you still insist on staying with 1gig links, please use 2 cable between switches, enable lagg/lacp so you can bump it up to 2gig. 47 ports sharing a 1gig link will not be fun specially if the switches BELOW are sharing your uplink. So switch 2 has to share the bandwith with switch 4 and switch 6. Add additional cabling between IT to switch 5/6 so you reduce the maximum number of hops, this will help decrease network congestion.
