I am looking to setup a new home network configuration. My plan is to get a Protectli Vault with PfSense (4 or 6 port). I am looking for a managed network switch. The main appeal for me is to be able to create VLAN’s to separate traffic (isolate security cameras, work computers, etc…), not many, maybe like 3 or 4.
I have 2 questions about this,
First off, would it be better to just get a smaller managed network switch to have the capability of being able to create VLAN’s, then purchase unmanaged network switches to expand the ports. For example if I had a managed switch with only a handful of ports, I plug an unmanaged switch into one of those ports and set that single port on its own VLAN, then any devices plugged into that unmanaged switch would already be on that VLAN. Is there any disadvantage to doing this? Or should all devices be connected to a single switch?
For VLANs, would I be able to connect say 2 ports from the Protectli Vault into the managed switch and say I have one port on the Protectli for VPN access and one for no VPN access, from the managed switch, would I then be able to route certain devices to one port on the Protectli, and some to the other? Would this involve creating a VLAN on both PfSense and on the switch?
You must log in or register to comment.
there are a couple things to understand about pfsense on regular computer hardware like a protectli box. Those are not switch ports, they are individual network interfaces.
you can bridge them, and you can have different networks part of different LANs, and set all those rules, but they are not switch ports and they cannot be VLAN tagged on ingress.
My advice to you is for the most part, only use one LAN port on the Protectli box and then run everything off a core switch that is managed.
First off, would it be better to just get a smaller managed network switch to have the capability of being able to create VLAN’s, then purchase unmanaged network switches to expand the ports. For example if I had a managed switch with only a handful of ports, I plug an unmanaged switch into one of those ports and set that single port on its own VLAN, then any devices plugged into that unmanaged switch would already be on that VLAN. Is there any disadvantage to doing this? Or should all devices be connected to a single switch?
this will work fine, but basic managed switches are very cheap so I would just get all managed switches.
For VLANs, would I be able to connect say 2 ports from the Protectli Vault into the managed switch and say I have one port on the Protectli for VPN access and one for no VPN access, from the managed switch, would I then be able to route certain devices to one port on the Protectli, and some to the other? Would this involve creating a VLAN on both PfSense and on the switch?
In this case you would create a VLAN on the switch but it would not be necessary to create a VLAN on the pfsense box because you are piping into two independent NICs. You use VLANs on the switch to seperate devices into which ports they go into on the pfsense box, but you untag them on egress, but tag them in ingress.
As I stated earlier, your Protectli hardware has independent NICs, and unless you bridge them, they will already be seperated in the pfsense network.
Or, you could not run two connections, and just use one and then run VLANs.