VLAN Segmentation with Firewalla Gold, AP7, and Managed Switch
I just received my AP7s yesterday and am working out how to incorporate them to replace my previous APs.
I haven't come across too many network diagrams showing a VLAN segmented network for a Firewalla, AP7s, and managed switch(es). So, I wanted to post what I am thinking and get some feedback.
Notes:
The blue ports are trunk ports / have all VLANs (or arent in use).
The red Switch (Managed) is a spare one that isn't in use.
Was thinking connecting the homeassistant pi to the Firewalla (or the second port on the AP7 if that works) so that local flows between it and all the IoT and personal devices are visible.
-
Thanks. Had it that way first but the switch ports are only 1gb, was thinking the 2.5gb between AP7 and Firewalla might be better.
While there is some LAN traffic to the NAS it is mostly backup storage.
If I moved the homeassistant to the core switch and one of the nas connections to the firewalla, would that gain me anything?
-
Because the firewalla is doing your inter-VLAN routing over the switch trunk, it would probably be good to make that a 2 port LAG trunk (that trunk would be passing all traffic twice). There would be a big benefit to moving to 2.5G or 10G at least on the core switch (2x2.5G LAG to gold SE since it maxes out at 2.5, and then 10G to the AP7s if you go 10G core, otherwise 2.5G). The AP7s very easily pass well over 1Gbit over WiFi for devices that do WiFi 6E, 7 isn’t even required for that. 1Gbps is also a big bottleneck on a NAS unless it’s not used for much.
-
Are you suggesting that I create a LAG trunk between the Core switch and the Firewalla?
Or between the AP7 and the Core switch? Or both?The switches are TL-SG108E (8x 1GB ports)
The NAS is a Synology DS220+ (2x 1GB ports) and is mostly used for system backups and file storage (not movies/videos/streaming).
Most of the traffic on my network is
1) Work VPN
2) Streaming (Netflix, Hulu, Prime, etc)
3) IoT device traffic -
Looks pretty good. If the second switch is VLAN capable you can run trunked between them, letting you hang home assistant on the second switch with the other low bandwidth stuff. That would free up capacity on your core switch allowing wired backhaul to the second AP7, or a free port for something else high bandwidth.
If you’re thinking about upgrading the switch later, going ahead and putting the LAG on ports 1 and 4 of the gold SE will allow them to scale up to 2.5Gbit without reconfiguration. The firewalla can be picky about moving ports around if WiFi is enabled on devices connected through them so best to arrange your ports how you want them.
-
Thanks for the suggestion, I was thinking about that as well (using ports 1 and 4 of the Gold SE).
The fiber internet is only 400/400 Mbps (could upgrade to 1Gbps,but not needed currently) so the 2.5 Gb Gold port really isnt needed for it. I'll probably do that and use ports 1 & 4 for the switch so that if I do upgrade the switch, it will have the higher speed ports.
The homeassistant also talks to lots of IoT devices that are on Wi-Fi in addition to the hubs on the second switch. But both switches are the same, so, I could setup the VLAN on the second switch.
Unfortunately, at the moment, I wont be able to do a wired backhaul between the AP7s. No great way to get a cable to where I am putting the second one. -
Alright, I think I am close. Had to make a few more tweaks as I was setting it up. But this is where I am at now.
I sitll have to setup the second AP7. And the LAG between Firewalla and the Core Switch isn't working. I think the config for it looks right, but when I plug in the second port connectivity between them stops.
Please sign in to leave a comment.
Comments
19 comments