Search results

  1. C

    Layer 3 Switch w/ PFSense

    I don't know as it has been many years since I setup a multicast and I think back then it was all in 1 VLAN. Here is something that might relate across VLANs. From what I remember it was a manual process for each port to assign multicast or not. Configure Access Port Multicast TV Virtual...
  2. C

    Layer 3 Switch w/ PFSense

    Why do you think you need multicast? It is a 1 to many relationship. Unless you are going to put all your TVs on the same channel it probably won't help you.
  3. C

    Layer 3 Switch w/ PFSense

    I have been thinking about this diagram and I think it will not work with your pfsense L3 structure. If you use only new networks on the SG350X L3 switch I think you can make it work Pfsense knows all the networks by DHCP and it would try to use your L2 connection as you can't point to the...
  4. C

    Unifi AP Vlan pass through basic POE+ switch to Sophos Firewall

    No. I extended the SG300-10MPP switch with a trunk port so the SG300-10MPP was doing tagging also. The SG300-28 switch was doing L3 only as there was no L3 on the SG300-10MPP switch with my setup even though it was an L3 switch. I would stay with the Cisco SG500X switch and maybe buy another...
  5. C

    Unifi AP Vlan pass through basic POE+ switch to Sophos Firewall

    I don't know about TP-Link but I had in the past a Cisco SG300-28 L3 switch connected to a Cisco SG300-10MPP switch which I used to power my Cisco WAP581 wireless APs. I have 2 VLANs on each wireless AP. It all worked great. I only used the SG300-10MPP switch to power my POE+ stuff. The only...
  6. C

    Layer 3 Switch w/ PFSense

    I wonder if pfsense is pushing the return traffic back through the trunk port since there are no route statements. Can you disconnect the trunk port and add route statements and ping out from a client? I don't care if DHCP is broken. Never mind. You can't add route statements with DHCP...
  7. C

    Layer 3 Switch w/ PFSense

    Looks right. But no static routes makes me wonder whether you are really doing L3. PS Back when I tried pfsense I used NTP on pfsense for the switches.
  8. C

    Switch inter-vlan routing with only WAN traffic going to a firewall

    I think it looks better. Can you post a trace route from a client on the 10.25.100.x network to 9.9.9.9? I want to make sure untagging does not cause an issue. A L3 switch needs to calculate the route on the first packet from L3 routing. Then all other packets use that calculated route at...
  9. C

    Layer 3 Switch w/ PFSense

    I would not use a trunk from pfsense to the Cisco SG350 L3 switch. Using a trunk if your router gets slow then it will slow your switch for local routing for all the 10 networks. You realize your 10 networks are being routed by pfsense for foreign networks Post a trace route from workstation...
  10. C

    Ruckus Wireless as an Unifi alternative?

    This is a hard one to swallow considering radios are half duplex. If you are running 160mhz wide 5 GHz maybe but you would be using the DFS channels and there needs to be no one around using some of the channels. It is coming I believe with 6E. My Cisco WAP51 wireless APs have dual ports but...
  11. C

    Switch inter-vlan routing with only WAN traffic going to a firewall

    The last trace route I saw was to 9.9.9.9 and it was doing layer 2 to10.25.100.1 on the router. Why don't you try setting up the router with the 172 network only and no DHCP and we can see if the trace route changes. Just hard code the IP addresses manually on the clients that way we can check...
  12. C

    Switch inter-vlan routing with only WAN traffic going to a firewall

    I don't believe that is true. Just because you create a 172 network does not mean you will use it. If you are not using s trunk port then I would say the switch is broke because it still should not do layer 2 unless your trace route has changed. Has your trace route changed? You should see...
  13. C

    Switch inter-vlan routing with only WAN traffic going to a firewall

    I explained this problem already. You are using a trunk port between the switch and router so the routing is not happening to 172 network. Think about it. Network 10.25.9.0/24 and 10.25.100.0/24 are known networks so they will not use the default gateway.
  14. C

    Switch inter-vlan routing with only WAN traffic going to a firewall

    Seems like to me you need the 172 network also defined on the layer 3 switch otherwise the L3 switch is going to use the router for layer 3 so in affect the switch is doing layer 2. How does the router route to the L3 switch in your example above? You are trying to substitute untagging for...
  15. C

    Intrusion detection / prevention for home network IoT devices

    Untangle takes way less support than Snort on pfsense back when I ran both of them. Untangle might use the snort engine but you don't see it like pfsense. Untnagle assigns enough tunning that the home requires vary little tunning from default setup. When I first fired up snort on pfsense I...
  16. C

    Intrusion detection / prevention for home network IoT devices

    Untangle requires a lot less tunning than pfsense with snort when you are trying to use it at home. I think Untangle is the better firewall. But run both and you decide. Untangle is almost set and forget compared to SNORT.
  17. C

    Layer 3 Switch w/ PFSense

    You have to do all the same stuff that we are playing with. It is just like running multiple routers on the same LAN. I would not try to route multiple 10 gig devices across the smaller switch. That is why I recommend using L2 to keep it all within the 10-gig switch. If you could pull a...
  18. C

    Layer 3 Switch w/ PFSense

    I pretty sure protocol can be used on the SG350 and SG350X switches with ACLs.
  19. C

    Switch inter-vlan routing with only WAN traffic going to a firewall

    STP, spanning tree protocol is going to protect you from network storms. But I guess it won't hurt to try.
  20. C

    Layer 3 Switch w/ PFSense

    If you want different networks then I would turn on intervlan routing. The ACLs on the Cisco SG350 and SG350X are very good. They do both port and VLAN. You can even do protocol I think, I am old and I may be mixing it up with Cisco IOS. ACLs are written once and then forget about them. So I...