In my opinion, L3 switches only make sense in big setups like data centers where you want very high routing speeds and bandwidth. Also a computer cluster or an ISP can require L3 switches.
They have less flexibility than a firewall/router like PFSense and having routing done at the switch and at the firewall/router is more complex and prone to errors in the configuration.
Thank you for your reply … So basically our final plan is buy a unifi switch 48 with 4 ports SFP+ as our main core switch(IT Switch), pfSenseBox > Unifi 48 Port Switch connected to Switch 1 and Switch with LACP Single Mode Fiber Cable > Connect Switch 1 to Switch 3 using LACP > Switch 3 to Switch 5 and so on… But then add extra fiber cable from each switch that is directly pointed to the core switch (IT Switch) for future upgrade… The problem now is if we have SFP+ module on Unifi(IT Swtich) and the Switch 1 TP-Link Jetstream 52 TS has only SFP port… is there compatibility issues? or its backward compatible?
I think SFP has to match the card, some accept generic modules and some accept only certain models . But there are more compatible on the fiber side. Ours only work with intel’s SFPs. We tried to use spares we have from Cisco, but it refused to work with them. I had the option to compile the driver with that check disabled, but I don’t want a production box that may break on each update. So, on the Cisco side we use Cisco SFPs and on the pfsense we use intel, because the card is intel.
Thanks… so we will possibly experience compatibility issues when using different sfp’s… We’ll test first the setup using TP-Link switch and Unifi Switch 48 with different SPF modules…
The compatibility issue is more likely to be between the card and the sfp, the fiber s more compatible. But it goes that it has to match the fiber regarding the connector, mono mode multi mode. It causes a lot of stress to me.
As long as the modules use the same wavelength there shouldn’t be a problem. SFP+ on one end and SFP on the other could be an issue. Make sure SFP+ modules are 1G compatible and not 10G only. You can get on the Ubiquiti forums to ask for module recommendations. In general, it sounds like pretty much all modules work with Ubiquiti products.
Thank you sir… so fiber cable is not an issue of compatibility…
unifi Switch SPF+ module need confirmation for backwards compatibility…
We may end up creating 10-12 VLANS… pfSensebox is a bare metal i3-7100 RAM 4GB 120GB SSD and Intel NIC with 3ports… 1LAN and 2WAN for failover… Should I get 4 ports NIC card? then setup the VLANs on the 4th physical interface…
If you go from 1 LAN to 2 LAN ports it would be for capacity. You could lag to the core switch. Most of your bottleneck at this point is your single links further down the chain. So, I’m not sure how much difference it would make.
How many servers do you have, of which how many are file servers? Which server would incur the maximum traffic
Are your file servers only on a certain vlan but would certain vlan need to go through your firewall to reach it? If yes then all that bandwidth is moot since the traffic needs to pass through pfsense which has a gigabit link…
Even if there are 10 different servers and they have their own gigabit connection it’ll still be limited to a sum of 1gbit.
Does anyone know if the hp 1950 accepts third party transceivers like 10gtek I’m considering picking up one of these
Should I change my pfSense interface LAN to a 10gbe connection to core switch? For now we only have a Dlink NAS (4of them) and I think we will build a freenas and do a syncthing on all workstations… and use the Dlink NAS for others files and laptop users…
The 1G links between switches will still be a bottleneck. Until you can get 10G from the core to each switch, it doesn’t make sense to upgrade the link to pfsense to 10G. I would lag as many links as possible from the core switch to pfsense though.
You can do LAG on pfSense LAN Interface? if that’s the case then I need at-least 4ports of NIC… 2LAN 3-4ports for my WAN interfaces…
He would benefit a little bit actually. With all switches terminating at a gigabit and the servers are directly connected to the IT switch, without vlan and firewall rules you would at least be able to push a gigabit to each connected switch, now with vlan and pfsense it needs to have the sum of all those switches capped at a gigabit since that’s the link to pfsense.
LAGG is needed from core switch to pfsense… I’ll consider that thanks!
3-4 wan interfaces?? No. Your connection to the ISP is limited to the speed you buy from them. You could take a single connection with a gigabit, but you will only get the Max speed you subscribe to.
I mean LAG the LAN interface… 2ports , then 3 -4 ports for our 2 ISPs.
If I remember correctly there will only be two of the distributed switches connecting to the core switch. So from my understanding he’s limited to 2G of traffic flow to the larger network. If each of the switches had a dedicated run, then absolutely a 10G link or two would be beneficial.
@mariem56 If you have a PCI-E slot or two open you can easily add a 4 port Intel based NIC or two and have all the ports you need. I think you are usually limited to 4 ports in a lag.
My motherboard has a total of 3PCIE slots… can I use 3x2ports Gigabit NIC and LAG the 4ports and then use 5,6 as the WAN connections?
That shouldn’t be a problem. Use Intel if at all possible. Pfsense (BSD) doesn’t work well with some of the other chip makers. If you still need to get them, compare the price of 2 port nics and 4 port nics for the best solution.