Network Design Confirm / Built in Ports Question
I used to own a Cisco Gold Partner integration company - and have a full Meraki Stack (MX67 / MS390 / MR56s) here at my home.
I like the product - and its ease of monitoring / configuration - but the MX67 throughput is less than optimal.
The MX67 with balanced security features enabled seems to max at around 550Mbps.
The network is pretty simple - two VLANs - one is for my "home" devices that are setup by me and trusted (and also need bridging for things like Airplay, Sonos, etc) and one is for Guests and IoT devices. For the devices in the guest / IoT network - I use a meraki feature that isolates every device so that they can't talk to each other and only get outbound internet access as well as Identity PSK without Radius - to "separate" the guests from IoT. The primary reason for that is to apply a bandwidth policy to the IoT devices - as well as possibly control what on the Internet they're allowed to talk to.
My ISP (Ting) was initially doing symmetrical 1Gbps, and recently upgraded that to 2Gbps.
I was considering migrating to the Firewalla Gold SE.
I was planning on keeping the Meraki MS and MRs configured as is - and connect them to the Gold SE.
The plan was to connect the Firewalla WAN port to Ting, and setup another port as a Trunk to connect to the MS390 - with the two VLANs that I mentioned above.
So - to the Firewalla experts out there - any issues / concerns with the design? I have a fair number of clients (about 120 total). if there are suggestions to optimize the network - I might take that on after the initial migration. Since the Firewalla would be a SPOF - I'd also not like to change the network too much (if possible) so if it failed, I could pop the MX67 back in while I was getting the Firewalla fixed.
Second question - can the internal 1G ports be set to specific speed / duplex and assigned to a specific VLAN? I have one device (pool controller) that *only* runs at 10mbps / half duplex - and no matter what I did - I couldn't get it to cooperate with the MS390. I connected it to a port on the MX that I hardcoded at 10/half and assigned it to one of the VLANs - and it works fine that way.
apologies for the length of the post - and thanks in advance!
Please sign in to leave a comment.