NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Update home network for IoT and private devices
Using a Netgear R8000 Nighthawk router, I would like to connect 2 GS108Tv2 switches to support 2 VLANs. I want to separate the computers, phones, tablets from the Arlo Cameras, Google Home, Chromecast Audio and other IoT devices for security purposes.I have been reading the documentation on these switches and want to know if I am on the correct path to making this work. I have the main router along with NAS device and HTPC upstairs while I have a desktop pc, print server and raspberry pi downstairs. There is a single network drop from the upstairs going to an unmaged switch. Upstairs there is another unmanaged switch connected to the main R8000 router. I am hoping I can use the R8000 router to provide the Internet Connection and use the two switches for network connectivity. I need the IoT network to have Internet Access only and not able to see the personal devices. So wondering how I would go about doing this with these three devices. I woud also like to take two additional routers and turn them into dedicated AP's configured on each VLAN. Since these are only L2 switches, I am to assume it will still only have one network IP scheme and not separate IP network? Also I am using Plex and it needs to port forwarding and wondering how I will need to accomplish that or would that stil be configured on the router?
- You should set the default VLAN for an untagged port to the VLAN that you want untagged traffic received on that port to be mapped to. So that means the default VLAN for the ports connected to the HTPC, PC, NAS and RPi3 should be set to the private VLAN. And the ports for your IoT devices should have their default VLAN set to the IoT VLAN.
9 Replies
There are a few discrepancies in your post and your diagram. The post talks about unmanaged switches but the GS108Tv2 is a managed switch. The diagram shows the RN104 on a trunk link, but it's labeled as Private VLAN, so the link color should probably be maroon.
Anyway, the general layout of the diagram looks ok. The problem is that the R8000 doesn't really support VLANs. This means that not only can you not use a trunk link from it to the GS108T, but the VLAN isolation in the rest of the network is going to be undone by the R8000.
You really need a VLAN capable router to pull this off. You can load third-party firmware, like DD-WRT or Tomato, onto the R8000. Or get a SOHO/business class router. Netgear has their line of UTM and VPN firewalls, although you should look at other brands.
Port forwarding will still be done by the router.
So, if I obtain an Ubiquiti EdgeRouter Lite, I could possibly do this? Thinking of devices that are not VLAN aware, perhaps it would be best to set the default vlan to the new IoT (vlan50) vlan on untagged ports?
I sent an different layout. I don't think I will have funds to purchase the netgear AP and will need to repurpose netgear routers.I have 1 R8000 and 2 R7000 routers I could use as APs for their respected vlan I would think.
gdlgiii wrote:
So, if I obtain an Ubiquiti EdgeRouter Lite, I could possibly do this?
Yes, an Edgerouter Lite would work. I have one and it's great.
Thinking of devices that are not VLAN aware, perhaps it would be best to set the default vlan to the new IoT (vlan50) vlan on untagged ports?
What are you trying to accomplish with this?
I sent an different layout. I don't think I will have funds to purchase the netgear AP and will need to repurpose netgear routers.I have 1 R8000 and 2 R7000 routers I could use as APs for their respected vlan I would think.
Looks like your new layout just has the R8000 swapped out with an Edgerouter, but it still shows the WAC730. Anyway, you can certainly use the R8000 and R7000 as APs and place each one in a different VLAN.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
