VLAN setup on Smart switches

LANshake wrote:
Logical to use GS716T as top level switch in network ?

Yes, considering your list of switches it's the mos powerful.

LANshake wrote:
Start out with three VLANs. [...] Looking for configuration recommendations.

Smart Switches should also be able to use Auto VOIP VLAN, so yes you can separate that into a extra subnet.

Since the smart switches will (at maximum) support static routing, you'll at some point need separate a "router on a stick" for inter-vlan routing or shared internet access.

3 VLANs make sense if you need to separate the video stuff from the rest of the network.

Smart switches will support static routing ?!? What on earth do you mean by that ???

To the best of my knowledge Netgear's SmartSwitches are all layer2 switches - they perform no routing whatsoever - so you will definitely need an external router that can handle VLANs for your project.

It may also be an idea to confirm if your switches support the auto voice VLAN or auto VOIP VLANs - because those switches are older units.

A closer look at the switch labels shows,
FS726TP v1h2
GS716T v2h2

The FS726TP has no auto voice or VOIP functions.
The GS716T does have voice VLAN and Auto-VoIP functions.

I was looking to use the FS726T for the phones, as it has open PoE ports.
Currently the FS726T switch is setup as a stand alone network, connecting the IP cameras to the video server. The video server has a second NIC that is connected to the General PC network switch ( view portal ).

The GS716T is mounted in the rack, with all ports open. From what I have read, the "IEEE

802.1Q VLAN" setting will need to be selected on the FS726TP to connect to the other VLAN switch ( VLAN tagging ?) .

fordem wrote:
Smart switches will support static routing ?!? What on earth do you mean by that ???

The fully managed L2 line can in fact do static IPv4 routing, I didn't look whether Smart Swiches wer able to - but that seems to be an additional differentiator between the two lines. (beyond not having access to local and remote CLI)

LANshake wrote:
I was looking to use the FS726T for the phones, as it has open PoE ports.

IMHO the missing Auto-VOIP should hinder you using your phones on this switch as it omits installing power bricks. Auto-VoIP means that the switch recognizes VoIP traffic and applies QoS / priorizes the traffic. Voice VLAN can automatically put traffic in a separate VLAN if it detects certain MAC-Adresses.

LANshake wrote:
From what I have read, the "IEEE 802.1Q VLAN" setting will need to be selected on the FS726TP to connect to the other VLAN switch ( VLAN tagging ?) .

The port ports connecting both switches (up- or downlinks) will need to transport all VLANs you want to share accross your switches. A 802.1Q trunk port (Cisco terminology) is a link transporting multiple VLANs using 802.1Q vlan tagging.

You'll have to to set Port VLAN ID (PVID) set to according VLAN for each access port you have an end user device connected to. This way the switch will tag incoming untagged packets (most devices don't tag) for you and thus "puts" the packets in the right VLAN.

Hope that makes sense. :)

For inter-VLAN routing you'll indeed require an extra box.

kofi wrote:
The fully managed L2 line can in fact do static IPv4 routing, I didn't look whether Smart Swiches wer able to - but that seems to be an additional differentiator between the two lines. (beyond not having access to local and remote CLI)

From my understanding of the ISO OSI model, you need a Layer 3 or L3 switch to do routing of any sort - by definition a L2 switch cannot route - perhaps you'd care to tell us which one of the fully managed L2 Netgear switches you have been able to successfully route with?

That's why Netgear tells some of these switches "L2+" to designate their limited routing capability.

The GSM7224P is for example what I have here - it takes the "ip route" command and allows inter VLAN routing with static routes. But does not do any advanced RIP or OSPF routing compared to the GS73xxS or GSM72xxS* series (i.e. the GSM7328FS here).

So yes, that's quite limited, but that's what other vendors also do on some of their entry-level managed switches as gap-filler between strictly L2 and full-blown L3 managed switches.

* GSM72xx(P)S: Provided, the L3 license is installed.

Switch model Clarification - Netgear FS726TP, with PoE on 12 ports.

kofi - Do you recommend the use of the FS726TP switch , or the GS716T switch ( with voice VLAN & Auto-VoIP,along with power packs) to network the phones ?

Total number of phone, 5 - 10 range. Plan on using AsteriskNow.

I was able to perform some testing of VLANs on the GS716T last week.
By using one subnet for the different VLANs, DHCP address assignment was working after setting up the VLANs on the Router / Firewall which is a pfSense box.

Just for the practical sanity I'd use the FS726TP and get rid of the power bricks and save all these power outlets. :-)

pfSense, good choice. Yes you'll have to set up the DHCP server for each interface and interface-VLAN according to your needs (no need for dhcp relay on the switch then).

If you want to pass traffic across your VLANs, you'll have to make according firewall rules, since pfSense' default is to block everything that is not explicitely permitted.

I'd like to recommend you the use of Aliases on pfSense to group ports, or IPs which in term makes your firewall rules slimmer and more human-readable.