Network Switch Upgrade Advice

I am wanting to upgrade the network switches and right now I am using five DGS-1100-24 switches and one DGS-1100-16 switch. The basic topology of my network is like this:

pfSense -> Switch 01 -> Switch 03
-> Switch 02
-> NanoHD -> NanoHD -> Switch 04
-> NanoHD -> Switch 05
-> NanoHD -> Switch 06

I am looking at replacing 3 of them with the Unifi US-8 switch (which would replace Switches 4 -6) and the other 3 with either 2 US-48 or USW-Pro-48. The reason I am looking only at Ubiquiti switches is I have multiple NanoHD APs and this would move all my networking gear to one interface minus the pfsense firewall. It would also introduce proper NTP settings on the switch as well as ease the use and management of the various VLANs in use on the network.

I have looked at the 24 port models as well but with my current port usage, it would only leave a few ports free for expansion. I run both my home network off of these switches and also my homelab as well. Currently, only the home network is using the wireless uplinks and the rest is wired gigabit with most being done with LACP bonded connections. Here is my current port usage:

Switch 01 - 16 of 24 (5 x Servers with 2 Links each for the hypervisor, 4 x servers with 1 link each for IPMI)
Switch 02 - 12 of 24 (5 x Servers with 2 Links each for VM traffic)
Switch 03 - 12 of 24 (4 x NAS servers with 2 links each)
Switch 04 - 03 of 24 (NanoHD, Desktop, Desktop)
Switch 05 - 05 of 24 (NanoHD, Chromecast, Playstation 4, Smart TV, Gaming Desktop)
Switch 06 - 03 of 16 (NanoHD, Chromecast, Playstation 4)

I am wanting some advice and guidance as I have never used any Unifi switches and also not sure the extra cost for the Pro is needed though eventually I would like to upgrade the core of my network to 10G and I also use multiple VLANs so layer 3 features are a plus on the pro model.

I don’t use Unifi, out of my budget, but you might want to consider buying one switch with PoE to give yourself some flexibility. I regret doing this myself for my main switch.

You can use pfSense as your NTP server connecting to multiple pools and giving out the average time to your devices.

Actual users can give you the downsides on the models.

Hey, unifi fanboi here…

Depending on your physical layout you could almost go for a 3 layer network approach here.

  • Edge switching on US-8, US-8-60w or maybe USW-FLEX (flex has poe but only 5 ports, new model not sure on availability)
  • Core / Server switching on a couple of USW-Pro-24 (with SFP+ for 10gb down the line) or USW-Pro-24-POE if you want / need the POE (or replace the 24 with 48 if you need / want the additional ports)
  • Distribution switching on a something else depending on if you want to go 10gb now, or start using SFP fibre at 1gb or just use copper. Maybe another USW-Pro-24[-POE] for now and then something different if you go to 10gb (I don’t think unifi do a switch with lots of SFP / SFP+)

(ed. added bullets to make it more readable)

I am still looking at the USW-Pro-48 and wanted to know if layer 3 will work the way I believe it will, I am wanting to define a number of VLANs in pfSense and also on the Unifi Controller and have it that if the pfSense goes down the switches will be able to route traffic between VLANs on their own. I am looking at getting 2 of the 48 port switches and will have a line from each of them to the pfSense install and also to each other than should be off unless the pfsense is down via spanning tree.

Does this sound right or am I miss understanding layer 3 in these switches.

This is what happens when you set up Layer 3 with the Gen 2 Pro switches:

  1. The IP address which would be used as the gateway IP, e.g. 192.168.2.1, is set up on the switch instead of the router.
  2. A new VLAN and subnet is created automatically for communication between the router and the switch. This shows up in the network list in Unifi. The router takes the .1 IP address in this network, and the switch takes .2 (I believe, might be wrong).
  3. The switch’s default gateway IP is set to the router IP in the network created in #2
  4. The router has a static route created for the network (e.g. 192.168.2.0/24) with the next-hop set to the switch’s IP in the network created in #2

At this point, assuming you have at least two networks that have the switch assigned as their gateway instead of a router, traffic between networks on the switch can communicate directly to each other. There is no firewall or ACL support on the Layer 3 switches at this time - this may come in the future but it has not been promised.

All of the above assumes you have a Unifi router device (USG, UDM, UDMP, UXGP). To make it work with PFSense you have to replicate yourself what it would do otherwise:

  1. Look at the network created in #2 and add that VLAN/subnet to PFSense. PFSense’s IP address will be the first IP in that subnet.
  2. Create a new “Gateway” in PFSense with the IP address of the switch in the network created in #2
  3. Create a static route for your network (e.g. 192.168.2.0/24) pointing to the switch-gateway entry.
  4. Repeat #7 for your other networks which use the switch as a gateway.

One thing I’m not sure about, is whether the switches run the DHCP server for the networks they are assigned, or if they do a DHCP relay to the router.