Why only using 1 LAN port?

arthurroos · February 28, 2021, 7:23pm

I am a noob in networking so please correct me in any way if my understanding is incorrect. In many of Tom’s videos, he demonstrated using a netgate device (3100 etc) and a Unifi switch to plan out a small office/home VLANs. However, it seems that he would use only 1 LAN port from the netgate sg-3100 to pass through all VLANs to the switch’s trunk port and then select which switch port to which VLAN. (e.g. Office Network Design and Planning with VLANs, LLDP, Rules, IoT, Guest using UniFi & pfsense - YouTube )

My question is, Wouldn’t those VLANs share the (1Gbe) bandwidth? Why doesn’t he prefer to fully utilize the LAN/OPT ports of SG-3100? E.g. 1 LAN per LAN/OPT port so that the full bandwidth can be dedicated to that LAN. If he needs more VLANs than the ports, then he can share the trunk port.

Or is my understanding incorrect, and that the switching between LANs happen at switch level (unifi switch) despite having firewall rules at router (sg-3100) level? Does the firewall only establish connection and does not impede LAN-to-LAN traffic? If that’s true, can I use a 10 Gbe switch for LAN traffic with the same setup? Assuming NICs, switch and cables are 10Gbe, and just the router (3100) is 1Gbe.

Thanks folks.

LTS_Tom · February 28, 2021, 10:17pm

Your understanding is correct that the bandwidth is shared when using one port and It’s better to have each network on it’s own physical cable, but it’s not always practical to do so when building out a network because of the cost of running more cables. Phone as a great example of this in that video because using LLDP you can run one cable to each office but still provide separate computer and phone networks.

arthurroos · March 1, 2021, 10:50am

Thank you very much for your kind reply. It is a fair point you suggested. I guess for my particular situation in a home environment, I could do multiple cable between switch and router, and thus never thought about the consideration you mentioned.

This brings to a further question- many switches have L3 routing functions. Would it be more beneficial, speed-wise, to route LAN/VLAN traffic via the managed switch instead? Is the reason not doing that 1) pfsense capability/trustworthiness/security better than those of the switch, or 2) easier to have an central management in the case of multiple switches with a large network?

I guess the question for my specific cade is that for my particular situation with a small home environment, with one router + one 24 port managed switch, would the speed be faster NOT going through router for LAN only traffic? (Not regarding shared bandwidth, but regarding routing speed. Assuming cables and switches are all 1Gbe, but a sg-2100 has L3 forwarding imix ratings around 842 Mbps)

LTS_Tom · March 1, 2021, 11:54am

Just because a switch has Layer 3 routing does not mean it can do it at line speed, choose your hardware carefully or you won’t get the speed.