Thanks for the feedback on the relevance of my questions, I'm always looking to improve the way I interact with people. It's my fault, I should have explained it better. Many times on this forum, it's necessary to probe a bit to find what the underlying problem
really is, especially for people who are new to the subject matter they're asking about.
Your original post indicated you will be acting like an ISP in the future, not that you're simply adding 2 additional clients to a service you're already providing to 3, and want to simply add security. This is why I was asking about capacity, and more general questions related to acting as an ISP, since you are just starting out.
The reason I asked about your type of internet connection is it might be possible to eliminate your old Asus router altogether, and do all routing on your Brocade L3 switch. This could remove a potential bottleneck from your network.
Here is a possible network design you could consider, which requires more command-line work, but will keep inter-VLAN traffic load off your internet router, and in your Brocade instead:
Option 1
- Use a separate VLAN for each client, so they would all have their own /24 subnet (ex. 10.1.0.1/24. 10.1.2.1/24, etc) exposed as an ACCESS port on your Brocade, then each client's AP would plug into such a port.
- Use your Brocade's L3 routing capability for inter-VLAN routing only, and use your Asus for internet routing and DHCP only
- Create a Transit VLAN where internet traffic will flow between your router and Brocade switch's VLANs.
- To limit inter-VLAN traffic to only what you want (ex. Plex, AP management), use ACLs on the switch. (cmd line, somewhat tricky)
This will keep your Plex traffic off of your internet router. Instead, it will be handled by the extremely fast silicon in the switch itself. This is how I run my network in my personal homelab. It can be more complex to configure than other options, but is very performant.
Another option would be to do all routing inside a device with a management GUI, whether that's your Asus router, a pfSense box, a new Ubiquity router, or something else. Your Brocade will not do any routing in this case.
Option 2
- Create VLANs on your Brocade as before, but use it as a purely L2 device (no routing on your Brocade)
- Plug your VLAN-aware router w/ admin GUI into a TRUNK port on your Brocade, where all VLANs are tagged
- Use the router's GUI to configure firewall rules to limit inter-VLAN traffic (easier than cmdline ACLs)
- Using a pfSense box in-place of your Asus may be a good option here, or a Ubiquity and use their ecosystem (more expensive)
This would require your router to handle ALL traffic, not just the internet but Plex too - But it would let you configure and manage the system using an admin GUI, with less command-line config.
There might also be an additional choice:
Option 3:
- Buy a new Ubiquity switch/router combo to handle your clients' L2 and L3 requirements
- Your network (Plex, etc) would connect to the Ubiquity as simply another "client" (VLAN)
- Use your Brocade as a "dumb" switch to handle your own equipment only
- Use the Ubiquity GUI to config VLANs, DHCP, inter-VLAN firewall rules, and everything else
So as you can see, depending on which direction you go, inter-VLAN routing can be handled on an internet router, or inside a L3 switch.
That is not an exhaustive list of options, the possibilities are limitless when it comes to networking. There are many ways to accomplish the same thing, and it may not be as simple as it seems. The question of precisely how to run DHCP and DNS, and which specific firmware your Brocade is running for L3 support, for example, all still need to be answered depending on the option you are looking at.
Consider looking at some Youtube videos on this subject matter. Having someone else show it to you (instead of looking in manuals) may be beneficial to your learning style. None of this is a trade secret, there are people who volunteer hours of their time every day simply to help others, like a lot of people on this forum.
Hope this helps,
Dave