Jump to content
RESET Forums (homeservershow.com)

A new router / firewall


Recommended Posts

Switches run at layer 2 but the best switches have a layer 3 engine in them. I have not seen a router which can switch at the speeds of a layer 3 switch. The layer 3 switches have the routing built-in to switches. Layer 3 switches are much nicer and faster than using a router.

Link to comment
Share on other sites

  • Replies 73
  • Created
  • Last Reply

Top Posters In This Topic

  • jmwills


  • ikon


  • KrisseZ


  • coxhaus


Well of course but what we must understand that there are a time and a place for every device. At a quick glance L3 switches may seem omnipotent but that is something they are not. For example, L3 switched haven't been designed to do NAT, PAT, firewalling, VPN, they might lack some QoS features. Switched speeds are amazing and it's no wonders L3 switches are widely used in internal routing affairs, but always when we go to the edge, there should be proper router present and usually it is a must, cause L3 switches lack the advanced routing protocols such as BGP and IS-IS. What they certainly don't know how to do is MPLS and frame-relay.


And since we are talking about stuff that would be fun at home, all this becomes irrelevant. Who can raise their hand up and tell me, that they need a L3 switch in their house to do vlan routing?

Link to comment
Share on other sites

I think here we need to distinguish between LAN routing and Internet routing.


We could also distinguish between corporate and home use. I don't know about others but my setups are always like this:

NAT outside, where the ISP resides.

NAT inside, where the LAN resides.

NAT inside, where the WLAN resides.

NAT DMZ (optional)


The thing here is that in oder for everything to work properly they need to be processed by the firewall. I agree that L3

switches are awesome, but can someone tell me one practical scenario where a full featured L3 switch could be used

at home?


If someone tells me you can "firewall" with L3 switches ACLs I might scream. :D

Link to comment
Share on other sites

I think we really have three categories routers, firewalls, and switches. Routers and firewalls coming together came about with home and small business networking. Originally firewalls were separate devices from routers. Having a firewall in your router makes it more complicated to setup routing.


Switches process data faster than a router so the needs of vlans required the layer 3 engine to come about to handle the routing needs of switching. ACLs do exist in layer 3 engines. I do not know at what extent firewalling exist in layer 3 switches now as I have been out of the biz for several years. I know we were building our MPLS network with layer 3 Cisco switches.


I the only reason I brought up the Layer 3 switching is because I think vlans should be handled this way. Trying to setup vlan support on a firewall is difficult at best. It would be much easier to setup a layer 3 switch for vlan support. A small home version would be real nice and I would buy it.


I may end up separating my router needs and my firewall needs into separate boxes. I currently run a old Cisco router with a untangle box behind it. Untangle does not handle vlans. It drops the vlan tags. Behind the Untangle box I may install a router to handle just vlan support and no firewalling. I wonder how pfsense works with firewalling turned off?

Edited by coxhaus
Link to comment
Share on other sites

You might want to look at the Netgear GS116E. It sits between a pure layer 2 switch and a full blown layer 3, providing the layer 3 features most people want: VLAN, QoS, network monitoring. It even has a cable test feature, loop prevention (broadcast storm control), IGMP snooping, port mirroring, and jumbo frame support.


I'm using one and it's been great.



Link to comment
Share on other sites

check the link out yourself but, yes, it does have 802.1q VLANing. It also comes with a pretty nice config utility that I think is much easier for average users than those used for the more fully managed switches.

Link to comment
Share on other sites

Correct me if I am wrong, but 802.1q only means VLAN and trunk support. I doesn't state anything about routing capabilities. Usually so called smart switches or L2+ switches can do static routes -> handle inter vlan routing. Plain L2 switches are just limited to VLAN information and trunking.


Coxhaus why do you consider handling vlans with a router / firewall difficult? I understand that it's easy with a L3 switch just to state all the networks for OSPF or EIGRP and done, but it isn't a major task to create the sub interfaces to a nic and terminate the vlans there.


Especially with the pfSense, which handles vlans with the GUi and does a superb job at it. I recommend to take a look and a try. pfSense may change the way you feel about handling vlans with a firewall.


Does anyone else think that this thread has taken a slight detour? :D

Edited by KrisseZ
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Create New...