NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

gdlgiii's avatar
gdlgiii
Tutor
Apr 09, 2017
Solved

Redesign home LAN for IoT

I am looking to redesign my current network for my home to accommodate these new IoT devices and want to maintain a secure way in isolating that traffic from my private LAN. Some of the IoT devices will have ethernet plugged in while others will use WiFi. My private LAN consists of a NAS (RN104) and a dedicated Windows 10 Plex Media Server.  I currently have one set of IP cameras on the Guest Wifi to keep that traffic separate but thinking ahead if I decide to connect a home automation HUB to my network.

My current network consists of a Netgear R7000 with 2 WiFi networks one for private and one for guest/IoT wireless devices. That hardware is on the second floor of my home. I ran one network drop from the upstairs media room to downstais office where there is a Netgear GS105A gigabit switch that connects the upstairs to down. On the downstairs switch, I have one hard wired PC with a Ethernet to USB print server and a Raspberry Pi3. From that downstairs switch, there is another cable run that goes to the living room where there is another GS105A switch that has an Arlo base station and a Roku 4 plugged into it. 

What i would like to do is to separate the Arlo Camera base station and the Rokus's (that are hardwired) on a separate VLAN network while using just the one network drop from upstairs. In the upstairs, I thought about taking the NightHawk router as the VLAN private network and aquire another cheaper router or wireless AP to use for the IoT VLAN network.  

I am looking at purchasing an Ubiquiti EdgeRouter Lite 3 Port router to create the 2 new VLANS. 

Then purchasing a GS108E smart switch for the upstairs to have both VLANS connected and connect each Wireless AP to their respected port. My question is, is it possible on the GS108E switch to configure one port with both VLAN ID's and have that port connect to the network drop leading downstairs. If that is possible, then I would believe I could just connect a GS105E switch and from that switch. plug the print server and desktop PC to the private VLAN and the network run to the living room to the IoT VLAN and still utiilize the existing 5 port GS105A switch there so that both those devices are on the IoT VLAN and not on my private network?

Am I on the right track with this or is something like this possible? I really do not want to go the route of the "3 dumb routers" option becuase then my Plex Media server will not be accessible to the Internet for me to stream from remote locations due to Double NAT limitation.

 

Hardware
Solutions
  • DaneA's avatar
    DaneA
    Apr 24, 2017

    @gdlgiii,

     

    For the AP, I would recommend the WAC730.  The WAC730 supports VLAN wherein you could assign a wireless network for the loT network as well as for the Private network that are broadcast at the same time.  Also, the WAC730 supports PoE.  Kindly check its data sheet here.  

     

    Here below is a network diagram that I recommend:  

     

     

    From the network diagram above, the ports connecting the Ubiquiti EdgeRouter Lite and the GS110TP on the 2nd floor will be configured as tagged ports so that it will become a trunk link.  The same goes to the ports connecting the GS110TP on the 1st floor and the GS110TP at the 2nd floor.  Tagging the ports is needed in order to identify which VLAN the packet belongs to. 

     

    The ports connecting the GS110TP on the 2nd floor to the RN104 and the WAC730 will be configured as tagged ports as well because both RN104 and WAC730 are VLAN-aware devices.  However, the rest of the ports on the GS110TP (both on the 1st and 2nd floor) connected to the desktops and Arlo Base Stations will be set as untagged ports because the desktops and the Arlo Base Stations are not VLAN-aware devices. 

     

     

    Regards,

     

    DaneA

    NETGEAR Community Team

10 Replies

  • DaneA's avatar
    DaneA
    NETGEAR Employee Retired
    Apr 13, 2017

    Hi gdlgiii,

     

    On the GS108E switch, you need to use 802.1Q VLAN in order to configure one port to be a member of 2 or more VLANs.  As I understand your initial post, you will be connecting the Arlo Camera base station and the Roku to the GS108E switch, am I right?  The ports where the Arlo Camera base station and the Roku will be set as access ports because as far as I know, the Arlo Camera base station and the Roku are not VLAN-aware devices.

     

     

    Regards,

     

    DaneA

    NETGEAR Community Team

    • gdlgiii's avatar
      gdlgiii
      Tutor
      Apr 13, 2017

      Is there a setting on the other ports for the 1st floor GS108 switch to allow only specific vlan for each port so that it's respected device can connect w/o VLAN ID? I have included a basic drawing of what I am trying to accomplish. From what I gather, segmenting the upstairs traffic looks pretty easy, but since I only have one network drop downstairs and have a mixture of PC, printer and IoT devices, it gets a little fuzzy to me on how to accomplish this.

      The firewall/router will be repalced with an Ubiquiti ERLite3 device where the VLANs will be created and managed from. I just need the switches to deliver the correct traffic to the correct devices. Will devices on Private network (VLAN1) first floor, be able to communicate with devices upstairs on VLAN1 (private)?

       

      HomenetworkJPG.jpg

      • DaneA's avatar
        DaneA
        NETGEAR Employee Retired
        Apr 17, 2017

        gdlgiii,

         

        The GS108 is an unmanaged switch.  I believe you are referring to the GS108E switch.  Based from the network diagram you posted, you will need to configure 802.1Q VLAN.  For example, configure VLAN10 for the private network then configure VLAN20 for the loT devices.  Also, the devices on VLAN10 on the first floor will be able to communicate with the devices on VLAN 10 upstairs because they are on the same VLAN and the same goes for VLAN20.  

         

        I pointed out using 802.1Q VLAN because from the network diagram, there are access points within the Private and loT networks.  I believe your access points supports VLAN so that it can be tagged to the corresponding VLAN it should belong.  Also, I believe your NAS supports VLAN as well.

         

        You might want to check on the GS110TP switch.  I suggested this switch because the GS108E switch only supports static LAG.  You might be interested to configure LACP (dynamic LAG) to your NAS.  Also, the GS110TP supports PoE (Power over Ethernet).  I believe your access points supports PoE so that they could get power through the PoE port of the switch instead of using individual power adapters. 

         

        For more information about the GS108Ev3 and GS110TP switches, kindly check their respective data sheets below:

         

        GS108Ev3 data sheet

         

        GS110TP data sheet

         

         

        Regards,

         

        DaneA

        NETGEAR Community Team

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More