NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

wimvpoel's avatar
wimvpoel
Aspirant
Jan 23, 2021

Internet Lost when activating VLAN/Bridge - By VLAN Tag Group

Hi,   I have a WIFI6 Nightwak RAX120 Router. I want to create some VLANS on my private network and activated the VLAN/Brige option. I created an extra VLAN 30 under "By VLAN Tag Group" and pushed A...
schumaku's avatar
schumaku
Guru - Experienced User
Jan 23, 2021
wimvpoel wrote:

I have a WIFI6 Nightwak RAX120 Router. I want to create some VLANS on my private network and activated the VLAN/Brige option. I created an extra VLAN 30 under "By VLAN Tag Group" and pushed APPLY.

Wim,

 

These are two completely different features. the VLAN/Bridge on the WAN port allows to bridge a VLAN on the WAN/Internet interface eg. to a defined switch port and/or to wireless radio. This is to bring a dedicated ISP side VLAN operating IPTV (typically) to a defined port, where a dedicated network (this could be a port based VLAN on the lAN side of course) to operate IPTV media players on the ISP IPTV network.

 

On the LAN side, there is no support for VLANs on these consumer switches at all.

  • wimvpoel's avatar
    wimvpoel
    Aspirant
    Jan 23, 2021

    Hi Schumaku,

     

    Thanks for your time to answer me back on this!

    I must admit I'm a bit a rookie, but here's what I have as setup and what I try to establish:

    1. I have an ISP cable mode

    2. behind that I've ma Netgear RAX120 where I use PPPoE to connect to my IP internet

    3. One of the LAN PORTS is connected to a smart-managed switch (port 1). And one other RAX120 LAN port I do connect to the same switcfh on port 13

    4. On this switch I have on 2 POE ports a Netwgear WAS610 AP

    5. On this same switch I also want to attach my ISP IPTV Decoders

    6. On the Switch I created VLAN10 (for internet) and VLAN30 (for IPTV). 

    7. I also would like on my WAX610 WAPs create SSIS's in seperate VLANs: SSID1 for INTERNET (so VLAN10), SSIDGUEST for Guests (on VLAN15) and SSID2 for IoT devices (on VLAN 20).

    8. My two challenges are the following:

    - I believe I should create on my RAX120 2 VLANs named 10 (INTERNET) and 30 (IPTV), right? Bit as soon as I activate this on the RAX120 , my internet connection drops.... :-(

    - I then need to create the VLANs 10 and 30 also on my managed switch.

    - On the switch I use port 1 as the link to my RAX120, so I configre this SWITCH port as a TAGGED port on VLAN10. The orts from 2 to 12 I do configure as Untagged ports on VLAN10.

    - For IPTV I configure port 12 (connected to my RAX120)  as TAGGED port on VLAN30 and port 13 to 16 as untagged on VLAN30. Ports 13, 14,15 and 16 are for my 4 decoders.

     

    But as soon as I activate all this, nothing seems to work anymore and main issue is clearly the LOST internet connection on my ROUTER.

     

     

    I you would have any advice on I would be able to make my hime setup work, that would be very much appreciated!

     

    Attached a diagram of my setup.

     

     

     

    • schumaku's avatar
      schumaku
      Guru - Experienced User
      Jan 24, 2021

      Dear Wim,

       

      Basic wiring concept looks very good to me, leaving the VLANs alone*. But then, I would like to bring up some questions - because I think that's to much to start and to learn. 

       

      *Two things hit my eye:

      • Two links between the RAX120 (port 3 & 4) and the switch ... what is the intention here? Aggregation (if properly configured on the router and the switch) would be on Port 1 & 2
      • Never understand why people are making thier own life that hard and create a different VLAN (10 here) for the primary network, just because some decades ago a big blue switch vendor had a problem with a switch and the "default" VLAN...?

      A little bit short on time this Sunday morning (four dogs waiting for a hike and the sun is calling outside), so for the moment very brief on the RAX120 (or any Netgear consumer router).

       

      1. These routers are not VLAN capable at all.
      2. The VLAN bridge config is really ONLY to configure the ISPs VLAN (for Internet and for IPTV typically).
      3. The Internet part of this VLAN/bridge config does go to the router/NAT, the IPTV VLAN can be bridged to a designated LAN port (untagged), and  little bit intrusive on a complete wireless radio (untagged, no multi-SSID). 
      4. the VLAN IDs are strictly for the WAN/Internet port only - there is no association to your in-house network VLAN IDs. 

      Carefully revviw the finr documentation FMI. This is everything you can configure. This does create one port you can link to the switch on a port in the IPTV VLAN (untagged), and all others where one (or two of aggregated in case you have Internet bandwidth >> 1GB) port or LAG (untagged) in the "Internet" or normal working VLAN. 

       

      I hope that's enough work for trial and error for the next few hours - then you should enjoy the Sunday with the family, too.

       

      For your further intentions, the RAX120 (or any other Netgear consumer router) isn't the right product. I would look into the SOHO/SMB market for a small router supporting multiple LANs (like eg. the BR200), and add another wireless AP.

       

      Regards,

      -Kurt

      • wimvpoel's avatar
        wimvpoel
        Aspirant
        Jan 24, 2021

        Hi kurt,

         

        Thanks for your time spent on a Sunday!  I hope you spent enough time to your four dog! They diserve it!  :-)

         

        Quick reply and some extra clarifications from my side:

        1. Splitting IPTV from network is EXACTLY what I want to do as well.

        2. But the issue I haveis that as soon as I create VLAN Tagged Group with name IPTV (VLAN30), next to the default VLAN10 (Internet), my internet connection drops on my RAX120.

        3. I create the VLAN30 on Port 3 and then I go from this port 3 to a VLAN30 tagged port onnmy managed swith, where I also configure 4 VLAN30 untagged ports where my decoders are connected.

        4. The reson why I do not use 1 and 2 is becasue I indeed have those already in aggregtion towards my QNAP NAS where I have two NICs also in aggregation. Works fine by the way.

         

        So far on the RAX120 - Switch VLAN questions.

         

        The second challenge is then the sepertion of my wireless SSID's:

        1. I just today also installed a second WAX610 in my network. On my two WAPs I created three SSID's. Each with another VLAN ID. One for my normlinternat, onefor  guest internet and one for IoT devices.

        2. I want those different SSID seperated so that devices connected to one SSID can NOT communicate with the other SSD's. 

        3. But unfortunately this also doesn't work. 

         

        YEsterday I resetted my whole switch again and tried VLAN by PORT instead of 802.1Q VLAN

        I aslo disabled the VLAN/Bridge on RAX120 and I just assigned ports for INTERNET (VLAN ID 1) and PORTS for IPTIV (VLAN 30).

        Not sure if this is the best way forward...

        Anyway, with this setting my SSID seperation is also NOT working....

         

        I'm getting desperate. I belie for  gutu like you this is a children game, but I simply can't get it to work.

        My setup is hoeve rnot tht much rocket science IT think:

        1. Cable Modem (ADSL)

        2. RAX120 Router

        3. 16-port Managed swith (TP Link) with IGMP Snooping enabled

        4. 2 WAX610 (connected to to POE ports of the sitch)

         

        best regards,

        Wim