This is an automated archive.
The original was posted on /r/homelab by /u/Bernie51Williams on 2024-01-24 06:07:48+00:00.
Embarrassingly 10 years ago I had the knowledge to at the very least create and route vlans in a cisco home lab in CLI. I have forgotten 70% of what I've learned but its coming back to me. I'm not asking for "how do I set this up"...I'm more looking for idea and conversation.
Protectli 4 port 2.5GB running OPNsense
Unifi 24 port 2.5ghz layer 3 core switch
Supplemental secondary switch for a few 10GB interfaces.
Connected devices will be your standard layout I suppose: 4-5 Pcs, plenty of IOT and some Wyze cams/nest doorbell, a few printers.... 2 rack servers SPF+ Cisco UCS240/NAS/UPS/PDU (managed). Then some old cisco equipment (touch on this below).
Like I said I remember/understand the concept of vlans but routing between them and/or giving devices access to a different vlan is what I need to brush up on, about start watching hours of youtube. I remember tagging and trunk ports but none of the actual implementation. I recall 802.1Q? Is that correct lol? Ive never setup a lab where my devices would be in production, I've just installed opnsense so no experience there or with any "real" firewall, lots of videos to watch.
First I'm wondering about the physical connection from opnsense box to switch. Thinking of LACP which leaves me one port. I assume the unifi WAP needs to be connected to unifi switch to be seen by the controller? (I've never used U gear)...if its possible or wise to hang the AP off the protectli let me know. I could go with a dedicated management port (no idea how to setup, maybe that's another post later) Or I could hit the router for the old cisco equipment straight from the protectli. I don't want the cisco gear to hit the wan as its old and unsecured so I'm debating or learning rather whether to hang this off the core switch or opnsense box, suppose it wouldn't matter with its own vlan and/or FW rules (I've zero experience with rules as well).
As for a management port I'm going to need a management vlan for server IPMI, router/switches/PDU/UPS..I suppose a dedicated port may be worth it as well, Id lose LACP from router to switch, I don't really see this making much difference at 2.5gb throughput especially considering cross vlan routing should be done at the switch level. I'm no expert though, if there's something to be gained aside from redundancy let me know.
As for vlan division what do you guys typically do? Ill need a guest wifi that doesn't have access to our PCs and servers/nas...I see many people put cams on a separate network ( I only have a few). I'm not 100% sure what all I am doing with the servers as of now, there will be a Cisco UC lab, some form of nas and storage for backups but they most certainly be accessed constantly. I'm wondering if I should separate appliances (servers/nas) and clients (PCs) as well if only for security. I wouldn't even think of this with an L2 switch, maybe its still dumb regardless?
Honestly I'm just getting this out so I have something to look at tomorrow. There a ton of these posts here and I'm sorry to bog this board down with another one. However if you read this far please poke holes in anything I've said or let me learn from your previous mistakes. I'm very very rusty at this and some of what I said may not make any sense or be practical/possible at all. Its going to be a few months a least learning to optimize but I'm up for the challenge. This is now my fav sub.
Thanks Nerds, love ya