New Router and Switch for Networking - Network Diagram

[SonnieP]

I am looking to take as much advantage of 2.5Gb connections as I possibly can. I need to make sure I am thinking correctly about how to best wire the network and make sure I am getting the proper TP-Link router and switch. I want to be able to control them via the Omada OC300 Controller that is already in the network. I have included the current and potential network diagram below.

Comments and recommendations are most welcome. Thank you!

 

[beers]

I'd probably just use a single 2.5g NIC on the Dell, if you don't have VLANs they're on the same broadcast domain anyway.

I'd also just replace the 16 port with a SG3218XP-M2, it's not much more expensive than the 8 port and you wouldn't be limited east/west between switches by that single gig backhaul, while also having 80w more PoE budget (allowing all eight to negotiate at PoE+/30w concurrently, the other eight are non-PoE).

Then your topology is more simple while having higher bandwidth at each point in the chain and you can leverage 2.5g for any future upgrades like wifi7 APs or if you upgrade a PC with a 2.5g NIC you're simply good to go.

Also possibly might be worth considering upgrading to the ER8411 for additional WAN edge capacity, it's about $200 more but if you ever wanted to increase to 5g WAN then it's just your ISP provisioning the shaper since you already have fiber, plus you could uplink to your new core switch with that 10G lan interface.

 

[SonnieP]

Thanks for the info!

I looked at the SG3218XP-M2, but the loud fan is the biggest complaint. It has to be located in our utility room, behind an open-top corner cabinet (a covey hole) in our great room. I've read that it would likely be audible. I guess I could replace the fan with a Notura fan to make it quieter.

I do like the idea of going ahead and getting the ER8411.

 

[SonnieP]

Here's what it's looking like at the moment. Any recommendations?

 

[beers]

Seems pretty reasonable. Also you could get 10 gig SR optics and use multimode fiber if you wanted to for the uplinks.

I think the cat6 length for 10 gig is something like 55m/180ft. Your terminations would have to be pretty tight though.

 

[SonnieP]

I have a new issue... I originally thought we would be able to keep our camera network separate from our home Internet network, but as it turns out, the non-Internet methods of controlling our gate are not our best and most reliable options. We will need MyQ, which will require Internet to the switch on the service pole at our gate. Below is a diagram of the network. What will be the most secure method of getting Internet to that switch? Many thanks!

 

[beers]

Separate VLAN, whitelist traffic out to internet, deny traffic originating from iot segment to other segments.

If you want to access it remotely don't port forward but use a VPN mechanism. It looks like Omada added wireguard features so I'd just use that. Permit stateful return traffic from iot segment to VPN and/or internal segments. That gives you an enterprise DMZ style setup where you can only initiate new connections one way, from a more secure area to a lesser secured area. Connections initiating the other way around such as TCP SYN are dropped.