Stuck New Install FW Gold Pro w/ L2/L3 EdgeSwitch and 2 FP7
Need guidance on VLANS with FWGpro as a router feeding a Layer 2/3 Managed EdgeSwitch ES-24-205w (https://store.ui.com/us/en/products/es-24-250w) and 2 AP7s.
I read this (and a bunch of other things):
https://help.firewalla.com/hc/en-us/articles/42156726305171-How-to-Set-Up-Firewalla-AP7-Using-VLANs-and-Managed-Switches
But everything seems to apply to Layer 2 switches. Problem is my EdgeSwitch is a Layer 3 by default? so I read that it needs to be setup and configured as a layer 2 and read conflicting things on changes and how to do this and not directly with anything in regards to FireWalla. But I know it is a super popular switch. And I prefer to do it in the 3.0 GUI so I can visually see and know what its doing/changing as opposed to command line, but will take what I can get. lol
So for a little more info:
- Xfinity/Comcast Cable Modem 1gb down (Netgear my own modem, not a combo box) (FWGP port #3 2.5g - so I need to change the default WAN from #4 port)
- EdgeSwitch ES-24-250w POE (port #2 2.5g)
- AP7 1 (FWGP port #1 10g) & AP7 2 (FWGP port #4 10g)
- I also have a older NetGear managed 24 POE switch I want to use and dedicate to 2 separate VLANS. 12x IP POE Cams (on Cam VLAN and Cam SSID WiFi for a few wireless ones) and also 12x ESPHome Audio music players for each room/speakers hardwired LAN on a another VLAN (IoT or another one?). Regardless I assume best to connect this from SPF port on EdgeSwitch to SPF port on NetGear.
I want to do a bunch of VLANS and WiFi SSIDs to isolate and group Home Assistant, IoT devices, home office, VOIP, Cams, Security, Printers, NAS, Guests, etc. I think I can figure all that out and work on the rules, etc. So I might be ok on that part.
But for now my initial issue is how to best start and configure my Level 2/3 Switch to optimize the use of FireWalla creating the VLANS. Which sounds like configuring it/them as a Layer 2 and send ALL traffic back to FireWalla so it can monitor everything. Which seems to defeat the purpose of a Layer 3 switch and causes a bottle neck. But my understanding is I think that it is the tradeoff needed for FireWalla to see/monitor all the LAN traffic/devices.
Later I guess I can change my mind and maybe optimize it further and make some changes back to Layer 3 where some or all LAN traffic stays on the switch (and lose FireWalla monitor/management) for speed/efficiency if needed. But I think to start I want to do Layer 2 so FireWalla can do/see it all.
I think that is what I need and should do. lol
Either way please correct me and tell me what and how.
I'm technical/analytical and know a little of everything but not a network engineer or router/switch/VLAN/Firewall expert (hence the Firewalla). lol
Sorry so long... Thank you!!!!
-
First thank you so much for the reply and help!!!
No. I want to turn my Layer 3 EdgeSwitch into a Layer 2 so that Firewalla Gold Pro can do everything.
So I need help converting it to Layer 2 and the steps on how to correctly create a VLAN on the edgeswitch and firewalla.Thank you so much!
-
Ok still a little confused. I read someone had hardwired:
FWGP port 1 > AP7 > Small Unmanaged switch
FWGP port 2 > Big/Main Managed Switch
So would/can all the VLANS/LANS from the FWGP and Big/Main Managed Switch be made available on the Small Unmanaged Switch connected to the AP7?Usage is a small office with 1 hardwired connection. Connect the AP7 (10g port) to the FWGP. Then the 2.5g port of the AP7 to a small unmanaged (or managed switch if needed) to hook up computer, printers, nas, maybe a cam. Some of which will be on different LAN/VLANS that are also on the main switch.
Basically acting as there are multiple ethernet wire runs to the office from the main managed switch as opposed to one.
Please sign in to leave a comment.
Comments
7 comments