I have been lurking on this list of a long time and have learned much over the years. Now I'm hoping someone can point me to a good resource to understaning vlans. For some reason networking configurations beyond the most basic setups have never been something I really have gotten my head around. Databases are more my thing. I have a Linksys E4200 router that I have flashed with the latest dd-wrt v24-40559_NEWD-2_K2.6_mini. My objective is to setup multiple vlans with multiple SSID's associated with the vlans to segragate my business, home, and iot devices from one another. After trying this tutorial https://www.ciscopress.com/articles/article.asp?p=1730493 and reseting the router many times I decided I need to understand how vlans work and how to set them up properly with this setup. I would like to start by understanding the default setup and what role the default bridge br0 plays in that setup and then move on from there. Thanks in advance, Mike
"Mike" == Mike Long via WLUG <wlug@lists.wlug.org> writes:
Mike> I have been lurking on this list of a long time and have learned much Mike> over the years. Mike> Now I'm hoping someone can point me to a good resource to Mike> understaning vlans. For some reason networking configurations Mike> beyond the most basic setups have never been something I really Mike> have gotten my head around. Databases are more my thing. So for VLANs you will also need your core switch at home (or ideally all your switches) to support VLANs properly. Or you need to have seperate physical networks, which gets un-wieldy. Mike> I have a Linksys E4200 router that I have flashed with the Mike> latest dd-wrt v24-40559_NEWD-2_K2.6_mini. My objective is to Mike> setup multiple vlans with multiple SSID's associated with the Mike> vlans to segragate my business, home, and iot devices from one Mike> another. After trying this tutorial Mike> https://www.ciscopress.com/articles/article.asp?p=1730493 and Mike> reseting the router many times I decided I need to understand Mike> how vlans work and how to set them up properly with this Mike> setup. I would like to start by understanding the default setup Mike> and what role the default bridge br0 plays in that setup and Mike> then move on from there. Can you explain (or show a diagram) of your network? So in my case, I've been starting to play around with VLANs as well, but since my wife and kids are working from home, along with me, it's hard to find time to possibly break the network screwing around with VLANs. The basic idea is that packets are tagged with the VLANid they are supposed to be presented to. So on a switch port, it will either be on all VLANs, or will only pass traffic for one or more specific VLANS. I have TP-Link EAP-EAP225 WAPs (Wireless Access Points) at my house. I finally gave up on my old Netgear WNDR3700v1,2 routers I had running DD-WRT, but only using them as WAPs. I have a PCEngines APU4 running as my firewall, running OPNsense. I like keeping these things seperate. My core switch is an ancient Dell PowerConnect 5324 with 24 1gb ports. And a small TP-link switch upstairs since I only have one path up from the basement. Anyway... I mean to setup VLANs as well, but the possibility of breaking things has stopped me for all of 2020 basically. Heh. since the Linksys E4200 only has four internal ports, I'm pretty certain you're running a switch or two behind it. So what I would do as a first step would be to setup a small switch on a single port, and set up that port on the E4200 to be in VLAN 10. Then make sure you route traffic to that VLAN. So I'd also make VLAN 10 be the subnet 192.168.10.0/24, to keep it all simple. Put a RaspberryPi or somethingh where you can access it directly, then configure it for that subnet and see if you can ping and pass traffic. At that point, you can setup things so that VLAN 10 can only send traffic to the internet, and not to any other VLANs. But I don't know how good the E4200s with DD-WRT are in terms of supporting VLANs. I seem to remember it was kinda flaky and problematic. The real trick is when you want to pass multiple VLANs down a single cable, and have the switches at each end (or a linux server with VMs and VLANs configured) pass traffic properly. Then it starts getting more hairy. I'd offer more ideas, but we really need to know more about your network setup (and your needs/desires) to make it work. I too want to put my IOT things onto a seperate VLAN on my WAPs, so I can isolate that traffic, I just need to setup the core switch properly. Ideally while everyone else is gone for a day. Or two. *grin* Please keep posting, I'm sure a bunch of us are in the same boat. John
I have verizon fios as my internet provider. The setup is: Verizon (FIOS-G1100) internet facing router. D Link DGS-1008 8 port swich (currently used to give additional ports for NAS, computer, printer, etc.) 1 wifi network for all wireless devices provided by FIO-G1100 router. The E4200 router is not currently used and I intended to repurpose it to create the vlans. I can confirm that dd-wrt is buggy with the e4200 which may be one reason I have not been successful. Because of my lack of time to dedicate to this project and possible hardware incompatability I'm thinking I am better off getting a different router that is capable of assigning differnt vlans to the ports as well as provide a wifi networks for each vlan. Ideally I would have 4 vlans for a guest network , iot, personal devices and work devices. Does anyone have any suggestions for a good router that has this functionality built in? -mike On 1/5/2021 2:20 PM, John Stoffel via WLUG wrote:
"Mike" == Mike Long via WLUG <wlug@lists.wlug.org> writes: Mike> I have been lurking on this list of a long time and have learned much Mike> over the years.
Mike> Now I'm hoping someone can point me to a good resource to Mike> understaning vlans. For some reason networking configurations Mike> beyond the most basic setups have never been something I really Mike> have gotten my head around. Databases are more my thing.
So for VLANs you will also need your core switch at home (or ideally all your switches) to support VLANs properly. Or you need to have seperate physical networks, which gets un-wieldy.
Mike> I have a Linksys E4200 router that I have flashed with the Mike> latest dd-wrt v24-40559_NEWD-2_K2.6_mini. My objective is to Mike> setup multiple vlans with multiple SSID's associated with the Mike> vlans to segragate my business, home, and iot devices from one Mike> another. After trying this tutorial Mike> https://www.ciscopress.com/articles/article.asp?p=1730493 and Mike> reseting the router many times I decided I need to understand Mike> how vlans work and how to set them up properly with this Mike> setup. I would like to start by understanding the default setup Mike> and what role the default bridge br0 plays in that setup and Mike> then move on from there.
Can you explain (or show a diagram) of your network?
So in my case, I've been starting to play around with VLANs as well, but since my wife and kids are working from home, along with me, it's hard to find time to possibly break the network screwing around with VLANs.
The basic idea is that packets are tagged with the VLANid they are supposed to be presented to. So on a switch port, it will either be on all VLANs, or will only pass traffic for one or more specific VLANS.
I have TP-Link EAP-EAP225 WAPs (Wireless Access Points) at my house. I finally gave up on my old Netgear WNDR3700v1,2 routers I had running DD-WRT, but only using them as WAPs. I have a PCEngines APU4 running as my firewall, running OPNsense. I like keeping these things seperate.
My core switch is an ancient Dell PowerConnect 5324 with 24 1gb ports. And a small TP-link switch upstairs since I only have one path up from the basement.
Anyway... I mean to setup VLANs as well, but the possibility of breaking things has stopped me for all of 2020 basically. Heh.
since the Linksys E4200 only has four internal ports, I'm pretty certain you're running a switch or two behind it. So what I would do as a first step would be to setup a small switch on a single port, and set up that port on the E4200 to be in VLAN 10. Then make sure you route traffic to that VLAN.
So I'd also make VLAN 10 be the subnet 192.168.10.0/24, to keep it all simple.
Put a RaspberryPi or somethingh where you can access it directly, then configure it for that subnet and see if you can ping and pass traffic.
At that point, you can setup things so that VLAN 10 can only send traffic to the internet, and not to any other VLANs. But I don't know how good the E4200s with DD-WRT are in terms of supporting VLANs. I seem to remember it was kinda flaky and problematic.
The real trick is when you want to pass multiple VLANs down a single cable, and have the switches at each end (or a linux server with VMs and VLANs configured) pass traffic properly. Then it starts getting more hairy.
I'd offer more ideas, but we really need to know more about your network setup (and your needs/desires) to make it work.
I too want to put my IOT things onto a seperate VLAN on my WAPs, so I can isolate that traffic, I just need to setup the core switch properly. Ideally while everyone else is gone for a day. Or two.
*grin*
Please keep posting, I'm sure a bunch of us are in the same boat.
John _______________________________________________ WLUG mailing list -- wlug@lists.wlug.org To unsubscribe send an email to wlug-leave@lists.wlug.org Create Account: https://wlug.mailman3.com/accounts/signup/ Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/ Web Forum/Archive: https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/PNFLCG...
"Mike" == Mike Long <mlong@datalong.com> writes:
Mike> I have verizon fios as my internet provider. The setup is: Mike> Verizon (FIOS-G1100) internet facing router. Mike> D Link DGS-1008 8 port swich (currently used to give additional ports Mike> for NAS, computer, printer, etc.) Mike> 1 wifi network for all wireless devices provided by FIO-G1100 router. Mike> The E4200 router is not currently used and I intended to repurpose it to Mike> create the vlans. I can confirm that dd-wrt is buggy with the e4200 Mike> which may be one reason I have not been successful. Mike> Because of my lack of time to dedicate to this project and possible Mike> hardware incompatability I'm thinking I am better off getting a Mike> different router that is capable of assigning differnt vlans to the Mike> ports as well as provide a wifi networks for each vlan. Ideally I would Mike> have 4 vlans for a guest network , iot, personal devices and work devices. Mike> Does anyone have any suggestions for a good router that has this Mike> functionality built in? It depends. I used to think Ubiquity would be the way I would personally move forward... but I've decided that their gateway router wasn't upto snuff, and the rest of their line wasn't compelling enough. Do you have full control of the FIOS-G1100 router? Does it support VLANs? If not, then you'll need another box behind it. Anyway, I don't have personal experience with MicroTik, but it's got a decent rep, and you can get a 10 x 1g system running RouterOS which supports VLANs. https://mikrotik.com/product/RB3011UiAS-RM I've used an APU1 board with OPNsense 20.7.x and it has VLAN support, but I can't say how well it works since I didn't get my core switch and VLANs configured, and was hesitant to do it while the rest of the family is at home with me. But I should. The D-Link DGS-1008 probably won't support VLANs, so you won't be able to put an IoT devices on there. Getting a switch that supports VLANs is key, since most routers don't have alot of ports to use. So getting a switch with VLAN support (careful, my upstair TP-LINK one is said to have trouble where it puts all traffic on VLAN1 no matter what... Depending on where all your gear is located, maybe something off ebay like an old Cisco switch/router with VLAN support would be a good bet? I personally like keeping the WAPs seperate from the firewall/router and then a seperate switch(es) as well. It means more gear needing VLAN support, but it also means that each device does what it does with much less compromise. In any case, please keep sharing your results! John
participants (2)
-
John Stoffel -
Mike Long