Hey all,
I have some questions and this community has been great with my other ones, I’m hoping you can help me out with these too.
This is the diagram of how I think I want my physical network laid out.
Hardware:
The patch panel has LAN cables I installed in the walls on ports 1-20. The ISP feed comes into the patch panel on port 21.
I was looking at getting a Cisco CBS-220 but I found out that those are EOS/EOL and the Catalyst 1200/1300 replaces them. Also that the C1200/1300’s aren’t actual Catalyst switches but that’s beside the point. I couldn’t find exact stencils for the C1300 but just know the Catalyst in the picture is supposed to be a 48 port C1300 with 10G SFP+ ports on the right side.
The Netgate is an 8200. According to Netgate’s specs, the 8200 LAN ports operate at 2.5G and if I wanted faster, I’d have to upgrade to the 8300 plus some expansion cards. No need for that.
Questions:
- 
Does this diagram make sense? I want everything in my LAN to be protected and controlled by the Netgate. By connecting the switch to the LAN port of the Netgate and then the WAN of the Netgate to the internet feed, I feel like that accomplishes that goal. 
- 
Can the C1300 be connected like this? I would need to get a 10G SFP+ for ethernet, not fibre, which I haven’t looked for yet. I know with fiber you have to be careful to match both sides of the connection with the same speed otherwise they won’t work. Does the same hold true for ethernet SFP’s? Meaning, if I find a 10G ethernet SFP+ (since that’s what the Catalyst port is rated for) and plug it into a cable going to the 2.5G LAN port on the Netgate, will they communicate properly? 
- I think you’re good! - For my UDM pro i used a Direct Attach Copper cable to achieve 10G, maybe you can find something for your brand? - Ohhh that’s interesting, I forgot about those DAC cables. Although I don’t know if that would work in this case because the LAN ports in the Netgate are already RJ45 ports not a SFP port. Unless they make a DAC that is SFP+ on one side and RJ45 on the other… 
 
- Does this diagram make sense? - Not so much, no. At least, I’m having issues with it … and I’ve been a networking professional for more than 25 years. - Diagrams are best scoped to the OSI layer you’re talking about, in my experience. For my home lab I have a huge layer 2 diagram, and a totally different one for layer 3. - If you’re asking about ‘LAN protected by Netgate’, then we’re concerned with layer 3 - so I’d omit the patch panel and illustrate things from a layer 3 point of view. - That aside, it looks like yes, your whole LAN will be ‘behind’ your Netgate. I can’t speak to the specifics of the C1300 you mention though as I’ve never used a Netgate product. - Ah yeah I see. I didn’t design the diagram to a specific layer but if I had to choose one after the fact I guess this would be Layer 1 honestly. I’m really just looking for the physical interconnection of devices and making sure I don’t have a path out of the network that doesn’t go through the Netgate. - But more specifically, I was looking for information on if the C1300 and the Netgate can communicate on the ports I’ve put in the diagram or if the mistmatch in speed ratings for the ports would be a problem. As well as if the SFP+ port on the C1300 can even be used as a connection like that. In their documentation, Cisco has an example of use for those ports as stacking ports to other switches. I’ll only have the one and won’t need to stack any other so I was looking to see if the SFP+ ports can be used for non-stacking purposes. 
 
- 2.5G with SFP+ port might be tricky. You want to be sure that the SFP+ module you buy does support 2.5G explicitly - don’t assume that any 10G module can negotiate that speed. This might work. - Yeah. Because 2.5GbE was invented far later than 10GbE (from 2002 to 2016), and never popular in data center. 
 


