NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
GS308E VLAN to separate home devices
I currently have a Nighthawk X4S as our home router. We have many devices, but I try to use a wired connection whenever possible. I'd like to segregate my kids' devices at a minimum, but ideally, I'd like to also segregate up to the following number of VLANs or subnets (I've done research and I'm still not 100% certain the difference):
1. work equipment for my wife and I, our personal devices, etc... (priority devices)
2. smart home equipment (e.g.; google home minis, nest thermostats, things like that)
3. kids' devices (school ipads, computers, tablets, etc...)
4. guest network for people that come over
I also have a NAS and networked printer I'd like to have available to all VLANs/subnets. At least the printer, but ideally both.
I figure that the Nighthawk has a guest wifi (tri-band), which I can use for #4 above. That means I only really need 3 separate networks. I'm looking at the GS308E, as I like having room to grow and expand.
Ultimately, I'd even be fine combining the kids' and guest network, if necessary. The key component is that all devices must have access to the printer.
Can anyone help me figure this out. I'm thinking this GS308E can be setup "downstream" from the Nighthawk, and I can put everything onto 4 different VLANs, with the printer and NAS connected to the Nighthawk. The only concern is that the other devices connected to the Nighthawk will also be exposed to everything on all 4 VLANs.
I have a spare Linksys EA4500 and might be able to scrounge up a WRT54GL. My concern about moving the Nighthawk downstream from the managed switch is that I need something upstream from it to perform the routing and DHCP. That makes me consider an edgerouter or something... Help please?
3 Replies
There is much more required I'm afraid.
Technically, 802.1q VLANs make up individual isolated networks, each needs it's own IP subnet, default gateway, DHCP server. Granted, a capable small business class router might fit here.
If you have some network cabling in the house and want to carry multiple VLANs over trunks, all switches in the rooms need to be VLAN capable, and need to be configured accordingly.
To make the VLANs communicate in a controlled way - to start with just TCP/IP and four VLANs and subnets - you either need a capable router able to deal with the bandwidth, or a advanced switch with L3 functionality.
Technically, "big" OS like Windows, MacOS or Linux can "print" or access a NAS (using the SMB protocol) over the plain IP address. Other platforms like iOS or Android or the likes need Apps - most of these depend on the ability to discover, being by Bonjour (limited to a single subnet), UPnP SSDP like the NAS SMB announcement (Multicast based, requires a capable forwarder to distribute announcement). Otherwise no NAS access, no printing from any device, ... The convenience of a discovery does - because many systems still depend on other mechanisms, typically various versions of broadcast .. which does never leave the subnet (and the VLAN therefore).
Even more difficult is the IoT story. Of course, IoT depending _only_ on an Internet service can be put into an own VLAN, permitting Internet only - that's what these odd IoT security theories imply. Trouble starts if mobile phones, tablets, controllers are used for the discovery, the initial installation, the later installation, and then for the daily operations. Say some fancy IP power switches can't really be used over the Internet - the latency would be much to high, and the dependency on the Internet availability is killing the idea. Read for example no way to switch on the lights over the Internet. And if you put your family members mobile phones, tablets and then the IoT into different VLANs ... they will unlikely to discover the controllers or IoTs in another VLAN.
Your consumer class router des not support more then one network, the so called "guest network" is a pure L2+ implementation on the same network and for the WiFi only - on the very same IP subnet - no VLAN at all.
And when complex IoT like media players, IPTV, VoIP, and much more will be added - the complexity will grow massively because of IGMP Multicast and QoS comes into the play - you don't want the live TV video stream flow out all LAN ports and WLAN SSIDs.
Said that: You need much more than "just" a simple L2 VLAN capable switch for your project. Reality will bring you quickly back to have different device "classes" into your "main" VLAN.
Even if you are very experienced in networking (I'd say "hardcore networking") and willing to spend a lot of time and effort ... your results will vary.
Good luck with your project!Wow, schumaku . Thanks for the very deep coverage. I think I'm following, but I'm also NOT very well versed in networking. I'm a pretty intelligent and capable guy, but honestly don't entirely understand the difference between subnetting and VLANs (other than the basic idea that the former is more "concrete" of a separation).
What about something like this person's configuration: https://community.netgear.com/t5/Smart-Plus-and-Smart-Pro-Managed/How-do-I-configure-VLAN-with-Netgear-GS308E-and-Edge-RouterX/td-p/1948574
Getting an EdgeRouter for the "top-level" connection to the ISP, and using my Nighthawk as an access point for one "leg" of the network? Specifically, I'm looking at their [Local Network.jpg], and using the Nighthawk as AP1, and my Linksys as AP2. From what I've read, the EdgeRouter will do all of the "heavy lifting" of routing and as a DHCP server for each VLAN. And from what you've written, I'm thinking that the GS308E would be necessary instead of a dumb switch, to properly navigate "up" to the printer (and NAS) connected to the EdgeRouter on eth2?
In addition to the Nighthawk X4S and Linksys EA4500, I also have a Netgear ProSafe GS108E, and two TP-Link SG105's. The GS108E is just being used as a dumb switch, because I recently got it from a friend, and upgraded one of my TP-Links to it for 8 ports vs 5 ports. I see from this page that it might be capable of more, but it's not capable of L3 routing or anything... Unfortunately, I'm an accountant and web dev (frontend only) by trade, and while I'm very eager to learn more, I don't know what I don't know.
- Nevermind. I'm just going with a different brand, as Netgear keeps bricking their devices with firmware updates.
https://community.netgear.com/t5/Nighthawk-WiFi-Routers/R7800-Ethernet-doesn-t-work-after-updating-to-Firmware-Version-1/m-p/2160293#M203757
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
