first of all, thanks you guys from Lawrence system for your work at Youtube. I found your tutorials there very helpful.
I’m in process of setting up my home network with pfSense.
I didn’t start yet cause I’m still waiting for my 4 port NIC card to arrive for my pfSense device.
My first post is about designing my network. I draw 2 pictures of what I try to achieve
in my network.
Only difference is should I connect 2 managed Layer2 switches together or each one to different port on pfSense device.
As I’m newbie in networking, I’m not sure which is better in my case.
Can you give me advice how to setup this properly so I don’t do wrong at first and then have to rearrange everything from beginning?
Thanks in advance and sorry for bad English cause it’s not my native language.
On my network I’ve setup a LACP lagg on 4 ports between my pfSense box and main switch. I have a LAN set up but don’t really use it, everything is on a vlan.
You could do the same, I suppose, if you have a lot of traffic you can run the vlans directly from the pfSense box.
Your first approach will require less faffing around later, easy to add more vlans if required.
Yeah I connect all my switches with 2 cables over an LACP Lagg. If you are running new cable I would run more than you think you need, trust me you will find a use for them later.
I reconnected switches together, everything seems to be ok.
Next question I have is about VLANs.
I would have to make set of VLANs (looking at picture one):
IOT VLAN (IoT devices) - VLAN 80
PRINTER VLAN (one printer) - VLAN 20
KIDS VLAN (Kids WIFI and Kids Computers) - VLAN 50
GUEST VLAN (Guest WIFI) - VLAN 90
I’m not sure should I make another VLAN for everything else (VLAN 10) or leave on default LAN interface network (VLAN ID 1). If I make VLAN 10 in pfSense and create new DHCP for that VLAN, what will happen with default LAN interface and it’s DHCP server?
I’ve setup various vlans but these are then mirrored on my AP with the corresponding SSiD, I know some people just put the wifi on it’s own vlan. Sometimes I find it handy to move from one vlan to another on my phone for example.
I also have a Management vlan for switches and AP, you might want to consider that.
I also start my vlan / subnet numbering from 10, with my Netgear switches they have some defaults for vlans below 10, so I just don’t use them.
As I mentioned, I don’t really use the LAN, only if for some reason I need to hook into the pfSense box directly on the LAN I can. It’s still there with a DHCP on subnet 1, I don’t have any vlans on the same subnet. In your case I just wouldn’t use vlan 1, no idea if you will have problems, but it’s also easier to remember vlans in increments of 10.
The other thing I found, when I later went to add another vlan it took absolutely ages to do, as I didn’t make any notes. My switches were also cranky, I had to factory reset them and add all the vlans a 2nd time.
You might have a different experience but making notes and adding a few placeholder vlans for the future might save you some grief later.
I’m still learning about VLANs and now I’m confused about setting VLAN port membership.
First picture is from my first switch (HP 1820) and second is from second switch (Netgear GS108T).
I can set each port as excluded/empty, untagged and tagged.
TRK1 (first pic) is LAG on ports 5 and 6 both connected to Synology NAS.
TRK2 (first pic) is LAG on ports 7 and 8 both connected to second switch LAG1 (ports 7 and 8).
Port 1 on first switch will be connected to pfSense device. Should this port be untagged on all VLAN ID’s?
Ports 7 and 8 on both switches should be also untagged on all VLANs as they are part of LAGs that connects two switches?
Rest of ports should be tagged according to devices connected to them, so tagged on correct VLAN ID, excluded/empty on other VLAN IDs?
Can someone tell me would it be beneficial to me to make LAGG of 3 ports on pfSense device for LAN interface? My device will have 4 ports, does it make any real difference if I use rest of ports for LAN interface LAGG. In my home setup only 1 switch will be connected to pfSense so it cross my mind to make 3 port LAGG for LAN
So my pfSense is done, I went with Dell Wyse 5070 Extended as my device.
I also put Dell 09YD6K 4-Port 1 Gbps Ethernet NIC inside.
That is Intel i350-T4 card. I had problems with this card, dell machine was not posting after NIC was inserted. It signaled memory problem (2 x 4 GB so-dimm).
So if anyone has similar problem with i350 card, solution is to block pins B5 and B6 with electric tape.
After that it posted and everything works ok.
Solution was found here: Modding a Dell Perc 6 / Dell H310 / Dell H710 (other LSI 1078 or 9223-8i based) SAS Raidcontroller.
In comments on that blog post, someone mentioned i350 NIC.
I think it depends on the amount of traffic you have, if it’s a lot you might keep a network on it’s own interface. On the other hand if you have an average home setup, than an LACP increases the bandwidth and redundancy. I’d say it’s more convenient to have an LACP in place.
