An overly complicated home network. Converting from dumb to managed switch.


New Around Here
Hi all, need a little help please! I'm venturing into the wonderful world of a managed switch. A shiny new netgear gs324tp is coming in the mail tomorrow. I need some help please to help to think through this. First to answer the question why is my small network so complicated... "Because I can" is why, and I enjoy learning this stuff. Here is a picture of my current setup.


The netgear will replace hopefully both the Lan unmanaged switch and the guest switch.

Currently the APs are wired with two cat 6 cables each, one for my main ssid for general use, and right now the other one carries separate "guest" ssids for actual guests, iot, security, and my single work laptop. The guest ssids are treated slightly differently on the APs themselves, wire through to a separate physical port on the pfsense boxes and everything coming in that port on the FW are treated differently in the firewall rules.

The parts that confuse me are:
1) do I ditch the entire concept of a separate physical guest network and pass all AP traffic over the primary (Poe) cat 6 and back to the pfsense boxes on a single cat 6 to the "Lan" port there?
2) since I have primary and secondary pfsense boxes, how do these get connected to the switch? Does the answer to 1) impact this question?
3) since the AP will possibly be passing multiple vlan id's back to the switch from each guest ssid, does the "guest" port on netgear from the AP need to be set up as "tagged" (trunk) port?

I'm going to stop here for now. I have a hundred more questions but I'm very much in "learn" mode and not even sure what to ask next.



Part of the Furniture
Other than learning, what is the point of your network configuration?

As to the actual learning part, what is the takeaway for you so far?

The questions about the GS324TP will be best answered with the unit in your hands, the manual on the screen, and the feedback from your network.


New Around Here
Good & valid questions. I want to achieve isolation of guest and iot devices from my main network and from each other. This works with separated physical networks like I have now, but I have an issue with what I think is being caused by a cheap "guest switch" that's possibly causing an loop (as suggested in another thread here recently). Since I figured I'd have to buy a decent switch any way I've taken the opportunity to upgrade.

Further, since I have relatively slow high speed internet (40d/10u) and run a family plex server, I want to treat each network differently as far as individual device limits so no single device, or device group (home, guest, etc) takes all the bandwidth. This has been implimented using a combination of limiters in pfsense per interface, and limiters on guest ssids on the mist aps.

I manage a solution architect group in my 9-5 and infrastructure and network security is becoming a bigger focus for the company. So I'm taking the time at home to learn about some of this, albeit at a home and small business level only some of which is applicable at an enterprise level. It's the concepts I'm after.

My biggest take away is that while I understand physical separation reasonably well (cause its simple), I'm still lost when it comes to vlans, and setting up access ports vs trunking. Virtualizing a network is a mind f$*# for me.

I read most of the switch manual online yesterday before I clicked "checkout" so I'm pretty familiar with the capabilities. Before I touch it I was hoping to get some thoughts from experts who've traveled this road before me.



Part of the Furniture
Thank you for the detailed response. :)

I am sure that @coxhaus, @Trip, and others will be able to share their thoughts here for you (hopefully soon).


Part of the Furniture
just imaging the vlans as individual ethernet cable runs with color coded cables (VLAN name) only these are colored lines on a piece of paper. THere is a basic VLAN tutorial on the main site here.


New Around Here
thanks degrub. I poked around but couldn't find on this site - but have read a lot of other "tutorials" out there. And I've had to reset the switch to factory defaults 3 times so far because I didn't think through (or understand) the consequences. For example, I changed the two ports going to my APs, and two ports going to the firewalls, to tagged ports (trunked). And I lost complete connectivity. 2 hours of googling later and I still can't figure out if I messed up in the switch, or if the pfsense boxes weren't set up to handle ... I imagine some day this will just 'click' for me. ... but that day is so far not today.

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!