NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
[SXR80] Need some clarification on VLANs and IGMP snooping
I know that the SXR80 doesn't support IGMP snooping with VLANs but I'm not sure what that means (I'm not a network engineer and reading the docs for both my smart switches and the Orbi, as well as searching the web has made my head spin).
Before I go further, the router is in AP mode as I use a commercial firewall/router (not my ISP's) for the router function. The Orbi is just there for WiFi. It connects to a smart switch which connects to said firewall/router. All Orbi satellites connect directly to the Orbi router via ethernet backhaul.
Here's how I use my 3 VLANs with my SXR80:
1: Default, unchanged, used for limited devices that I need to allow access to my main subnet (i.e. my phone and tablet). This is a pretty limited list. This is tied to SSID #1. Anything untagged (I think that's the proper term?) whether connected via the Orbi or ethernet into any of my smart switches is set to this. Again, this is a limited set of "trusted" devices, aka my PC. Subnet 192.168.1.0/24 and is allowed via firewall rules to not only talk to other devices on same subnet, but can also talk to other subnets (I have things not related to the Orbi that are on other subnets such as my NAS and media streaming computer and game consoles).
10: my iOT VLAN (which is tied to SSID #2). I have this assigned to the subnet 192.168.10.0/24. I use my firewall mentioned above to keep anything on this VLAN from being able to see any other device on not just its own subnet (client isolation), but also other subnets. In short, VLAN 10 restricts a device to only being able to talk to the internet and the router.
20: My guest VLAN. Subnet 192.168.20.0/24. Firewall configured to allow devices to see each other on this subnet, but devices are blocked from being able to talk to any other subnet.
As you can see, with regards to any VLAN but the default of 1, I have zero desire for VLANs to be able to talk to one another. I purely use them to isolate devices into related groups.
Therefore, my question is: Can I enable IGMP snooping? I think the whole point of "no you can't use IGMP snooping with VLANs" is the issue of allowing VLANs to talk to one another, which again isn't something I want or even do (excepting the default). As to why do I want to, I'm noticing a lot of multicast traffic and I'm trying to diagnose the issue. I may have a loop in my network set up, but after flowcharting a diagram of my topology, I can't see how it's possible that there's a loop (yet I've seen log messages about them when I enabled L2 loop detection).
If I have completely confused the subject, I apologize. As I said, I'm not a network engineer (I am a programmer), and know enough to get things done, but also enough to get myself into trouble. Much appreciated for any help! Also, if it's easier to see a simplified image of my topology (that is, with just the switches/routers connected, no devices such as PC/game consoles/etc) I can post it.
3 Replies
Hello Architekt,
The Orbi Pro doesn't natively support IGMP Snooping (as you found out) , but I think you can safely activate it on your other devices. IGMP Snooping is by default contained to one broadcast domain (VLAN) and would typically be set up per individual VLAN. The multicast traffic can be routed between VLANs as well, but it involves setting up L3 PIM (Protocol Independent Multicasting) and it becomes a lot more complex.
You mention having a Smart switch on the network as well. I am not sure if is a Netgear switch but I'll add a quick kb in case it is:
https://kb.netgear.com/29999/How-do-I-enable-Internet-Group-Management-Protocol-IGMP-querier-using-the-web-interface-on-my-ProSAFE-Smart-SwitchHave a great rest of the day,
Erik O
Thanks, that sheds some light on things, and that KB link is a much simpler explanation than the other internet related answers I found!
My switches are all Netgear all the way: these things are rock solid (I've had some for 10 years and they don't quit even in the least friendly conditions). The two main switches I use are the Netgear MS510TXM: I use one in my office and one in the garage which is that central switch that everything in the house connects to (and this central switch is what connects to the commercial firewall/router via the SFP+ 10Gbps port). Love the things, as I have my important devices using anywhere from 2.5-10Gbps NICs connected to them (one is in my office and connected to my computers) on the > 1Gbps ports.
The other two managed switches I use are also Netgear but not smart: they're the plus model, GS108Ev3. These are in my living room/media room for things like my gaming consoles and other ethernet devices that are <= 1Gbps. Regardless, everything connects to the one central MS510TXM central switch.
I'm not looking to route multicast traffic between subnets/VLANs, that should be confined to the subnet it's on, so I'm hoping that makes it easier. I'm looking to find the underlying cause of why there's sometimes tons of multicast traffic on the network, to the point where it has caused some issues with certain devices necessitating some switch resets to fix the problem temporarily.
I'll give that KB link a go, and see what happens when I enable it on the Orbi's port. Thanks for taking the time!
Lack of IGMP snooping support means all this IGMP Muticast traffic (like live IPTV) will flow out to all devices, including wired and wireless - not where you want it. Just like a non-managed switch.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
