Results 1 to 7 of 7
  1. #1
    Newbie
    Join Date
    May 2020
    Location
    Canada
    Posts
    10

    Default Home Network outline

    Hello, Complete newbie looking for help with networking. I have had untangle running for over a year now and recently bought a managed swtich to setup vlans and isolate my Work computer and IOT devices.

    Currently I am only using 1 port from Untangle to the Cisco switch. On untangle I have 6 vlans maped with DHCP. The Cisco switch has the same vlans maped and accepting the IP's from untangle.


    Questions:
    1)Would it be better to have the switch do the vlans and DHCP and just have 1 lan port on untangle?
    2) Or would it be simpler just to use the 6 ports on the device I am using for untangle and ditch the switch?


    Hardware:

    • ISP Cable modem Bridged
    • Qotom 6 port running untangle
    • Switch: Cisco sg250-26hp
    • Asus AX86u in Access Point Mode



    Network Diagram
    https://app.lucidchart.com/documents...8a40a647ad/0_0

  2. #2
    Untangler
    Join Date
    Nov 2014
    Location
    Charlotte, NC
    Posts
    79

    Default

    I am not a network engineer, so take my advice with caution. It seems to me that if you can get by with the 6 ports that you have in the PC, I would use them instead of the switch. That way you don't have to use vlans. Just keep in mind that ports fail. I had one fail on my qotom PC. Good Luck.

  3. #3
    Master Untangler
    Join Date
    Oct 2013
    Posts
    196

    Default

    You're in my wheelhouse.

    I prefer running VLANs on an L-3 switch and apply ACLs where certain VLANs shouldn't be able to see another. Untangle is relegated to perimeter security and I don't want it to get bogged down by inter-VLAN traffic, which I do have quite a bit of.

    It's just using the best tool for the job...
    Untangle for internet traffic
    Cisco switch for inter-VLAN traffic

    Having the VLANs terminated and routed at the switch can present a few challenges. For one, Untangle doesn't support (at least in the GUI) setting up multiple address pools in its built-in DHCP server. You will have to do one of the following:
    a. Play around in Untangle CLI and/or deep into the advanced settings to configure multiple address pools
    b. Enable DHCP server on the Cisco switch then create an address pool for each VLAN
    c. Run an external DHCP server (ie. Windows Server) and configure ip helper-address on the Cisco switch

    I applied the third option since I already have a Windows box running my internal DNS server. Adding the DHCP role and consequently the different address pools was just a breeze.

    I've posted my setup in the following threads if you wish to take a look:
    https://forums.untangle.com/networki...tml#post239469
    https://forums.untangle.com/networki...tml#post244240

  4. #4
    Newbie
    Join Date
    May 2020
    Location
    Canada
    Posts
    10

    Default

    Quote Originally Posted by oj88 View Post
    You're in my wheelhouse.

    I prefer running VLANs on an L-3 switch and apply ACLs where certain VLANs shouldn't be able to see another. Untangle is relegated to perimeter security and I don't want it to get bogged down by inter-VLAN traffic, which I do have quite a bit of.

    It's just using the best tool for the job...
    Untangle for internet traffic
    Cisco switch for inter-VLAN traffic

    Having the VLANs terminated and routed at the switch can present a few challenges. For one, Untangle doesn't support (at least in the GUI) setting up multiple address pools in its built-in DHCP server. You will have to do one of the following:
    a. Play around in Untangle CLI and/or deep into the advanced settings to configure multiple address pools
    b. Enable DHCP server on the Cisco switch then create an address pool for each VLAN
    c. Run an external DHCP server (ie. Windows Server) and configure ip helper-address on the Cisco switch

    I applied the third option since I already have a Windows box running my internal DNS server. Adding the DHCP role and consequently the different address pools was just a breeze.

    I've posted my setup in the following threads if you wish to take a look:
    https://forums.untangle.com/networki...tml#post239469
    https://forums.untangle.com/networki...tml#post244240
    Thank You OJ88, While I am already way over my head at the current state. option B seems to be the way to go. Is there a cisco config file i could upload to mirror your setup?

  5. #5
    Master Untangler
    Join Date
    Oct 2013
    Posts
    196

    Default

    Quote Originally Posted by Isitpluggedin View Post
    Thank You OJ88, While I am already way over my head at the current state. option B seems to be the way to go. Is there a cisco config file i could upload to mirror your setup?
    Uh oh... Sorry to have lead you into the wrong path but apparently, I found out that the SG250 does not have a built-in DHCP server. This is one of those SMB switch which only supports a subset of what Cisco Catalyst switches can do. I mistakenly assumed that it's running Cisco IOS, but unfortunately this is web-based only and has practically no CLI capability.

    In which case, you're only left with options 1 and 3, unfortunately.

  6. #6
    Newbie
    Join Date
    May 2020
    Location
    Canada
    Posts
    10

    Default

    Quote Originally Posted by oj88 View Post
    Uh oh... Sorry to have lead you into the wrong path but apparently, I found out that the SG250 does not have a built-in DHCP server. This is one of those SMB switch which only supports a subset of what Cisco Catalyst switches can do. I mistakenly assumed that it's running Cisco IOS, but unfortunately this is web-based only and has practically no CLI capability.

    In which case, you're only left with options 1 and 3, unfortunately.

    Sounds like option 3 now. I have a Raspberry Pi, Running Pi-hole that can be the DNS & DHCP server. I need to do some research.

  7. #7
    Master Untangler
    Join Date
    Oct 2013
    Posts
    196

    Default

    Quote Originally Posted by Isitpluggedin View Post
    Sounds like option 3 now. I have a Raspberry Pi, Running Pi-hole that can be the DNS & DHCP server. I need to do some research.
    I was about to suggest that. If it can run multiple DHCP pools, all you need to do is turn on DHCP relay on the switch and point it to your Pi.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2