NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

b1ggjoe's avatar
b1ggjoe
Apprentice
May 03, 2018

Question on creating multiple Wireless VLANs for Security (IoT devices, Family WiFi, Guest WiFi)

Hey Everyone,   I'm in the process of re-doing (re-designing) my entire Home Network. I've decided to go the VLAN route for both Wired and Wireless devices. From a security standpoint, I would li...
Installation
RBR50
vlan
Wireless VLAN
b1ggjoe's avatar
b1ggjoe
Apprentice
May 04, 2018

Wow, I can't thank you enough for all of your help. This is freakin awesome!

 

At the moment, I have CAT6 running from the ONT to the CenturyLink C1100T Modem. I get pretty awesome speeds:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

A few months back, I was hoping to eliminate the modem altogether and just use the Orbi as my main gateway. Since CenturyLink uses VLAN Tagging, I had to configure the Orbi with VLAN Tagging set to 201 along with the PPPoE credentials.

 

Oddly enough and I need to create a separate post asking Netgear about this, but I noticed that I would never even get close to the speeds in the picture above, when I used the Orbi as my main gateway. I would get probably no more than 500-650mbps up/down.

 

I had thought for sure, with the great hardware specs on the Orbi, that it would do a way better job of handling the routing demands with Fiber speeds. So not sure what's up with that.

 

I know that with the little EdgeRouterX, it had the same issue when it was first launched. Then it was addressed by enabling 'Hardware Offloading', which would then allow it to route at those speeds, but at the sacrifice of being able to utilize QoS. 

 

I hope to use the SG-3100 then, as my main gateway. I'm pretty sure that it will have no problem being able to handle the Fiber connection.

 

I'm going to have to take your various responses and create some sort of diagram to figure this out LOL.

 

On the EdgeRouterX...if it's not needed to protect the NAS, then your suggestion would be perfect and I could purchase a few PoE APs for another Wireless VLAN.

 

I'll be spending this weekend watching all of those Pfsense videos LOL

 

BJ

netadmn's avatar
netadmn
Apprentice
May 05, 2018
b1ggjoe wrote:

  

A few months back, I was hoping to eliminate the modem altogether and just use the Orbi as my main gateway. Since CenturyLink uses VLAN Tagging, I had to configure the Orbi with VLAN Tagging set to 201 along with the PPPoE credentials.

 

Oddly enough and I need to create a separate post asking Netgear about this, but I noticed that I would never even get close to the speeds in the picture above, when I used the Orbi as my main gateway. I would get probably no more than 500-650mbps up/down.

 

I had thought for sure, with the great hardware specs on the Orbi, that it would do a way better job of handling the routing demands with Fiber speeds. So not sure what's up with that.

 

I know that with the little EdgeRouterX, it had the same issue when it was first launched. Then it was addressed by enabling 'Hardware Offloading', which would then allow it to route at those speeds, but at the sacrifice of being able to utilize QoS. 

 

I hope to use the SG-3100 then, as my main gateway. I'm pretty sure that it will have no problem being able to handle the Fiber connection.

 

I'm going to have to take your various responses and create some sort of diagram to figure this out LOL.

 

On the EdgeRouterX...if it's not needed to protect the NAS, then your suggestion would be perfect and I could purchase a few PoE APs for another Wireless VLAN.

 

I'll be spending this weekend watching all of those Pfsense videos LOL

 

BJ

From what I've read, the Orbi doesn't have the specs to run at gig to the WAN. The sg-3100 will definitely do gig but but not over VPN. Encrytion adds a lot of overhead to the CPU and slows things down. You'll love it for your use case. If you configured Orbi with VLAN/PPoE, then sg-3100 will need the same config. If you use the switch to uplink pfsense to cl, then you will configure two access ports on VLAN 201. There are benefits to running everything through the switch (like sniffing and sending traffic flows).

 

the sg-3100 will give you great speeds (doing speed tests) until you decide enable QoS. With your connection you should never need it as you'll never saturate your link.QoS will slow down your speed test results due to queuing. This is NOT a bad thing. I use it to prioritize my traffic. It is moving traffic to queues to ensure I have a good experience with the real time services I care about and slowing down my email or web pages in the background that I care less about. The slow down is so minimal you'll never notice it. Most people will never ever hit their subscribed speeds. A 4K stream is 25Mbps. I have a 150/150 fiber line and with 4 people (2 adults, 2 kids) all who stream (wife works remote), we rarely ever utilize >50Mbps. essentially we've been told by our ISP that we NEED BLAZING FAST SPEED when you'll never use it. That is how they increase profits and over subscribe bandwidth.

 

I suggest you create an account on the pfsense forum site and also join the reddit /r/pfsense sub. Lots of helpful people in those places to help you when you get stuck. Your purchage will give you the gold sub which includes a huge book that will easly teach you advanced networking... highly recommend you do lots of reading before you jump in. Your experience will be much better if you understand what you are getting into before you try. Or, at minimum get a base config and then start adding. Don't do it all at once. Your family will thank you for less downtime too... ;)

  • b1ggjoe's avatar
    b1ggjoe
    Apprentice
    May 06, 2018

    Great feedback from everyone!! I guess my issue now, is that I need to diagram out what I currently have as far as cabling and ports.

     

    In a perfect world, I could configue Pfsense so that each LAN port would be dedicated to a different VLAN and go downwards from there.

     

    Unfortunately, I'm thinking that I may have to go another option and create a VLAN Trunk since I may have to have multiple VLANs on the same port, due to the limitations of how my cable and ports are currently layed out.

     

    I'm going to try to throw something together, perhaps a simple sketch or Visio, so that you guys can see what I'm dealing with.

     

    OBTW, Right now...since I'm still waiting on both my Pfsense Firewall and EdgeRouterX to arrive...and since I haven't installed my 24-port ZyXEL Managed Switch just yet, here's what I have layed out:

     

    1 Gbps CenturyLink Modem C1100T  >>> Orbi Router (Router Mode) + Satellites >>> Ethernet ports

     

    (I haven't fully setup the ZyXEL Switches just yet)

     

    Is there any advantage if I do this:

     

    1 Gbps CenturyLink Modem C1100T  >>> Netgate SG+3100 >>> Orbi Router (AP Mode) + Satellites >>> Ethernet ports

     

    instead of this...

     

    ONT  >>> Netgate SG+3100 >>> Orbi Router (AP Mode) + Satellites >>> Ethernet ports

     

    So basically, is there any advantage in keeping the CenturyLink Modem C1100T as the primary Gateway as it stands now, then adding the Netgate SG-3100 behind it?

     

    Thanks!

     

    BJ

     

     

     

     

     

  • netadmn's avatar
    netadmn
    Apprentice
    May 06, 2018
    b1ggjoe wrote:

    Great feedback from everyone!! I guess my issue now, is that I need to diagram out what I currently have as far as cabling and ports.

     

    In a perfect world, I could configue Pfsense so that each LAN port would be dedicated to a different VLAN and go downwards from there.

     

    Is there any advantage if I do this:

     

    1 Gbps CenturyLink Modem C1100T  >>> Netgate SG+3100 >>> Orbi Router (AP Mode) + Satellites >>> Ethernet ports

     

    instead of this...

     

    ONT  >>> Netgate SG+3100 >>> Orbi Router (AP Mode) + Satellites >>> Ethernet ports

     

    So basically, is there any advantage in keeping the CenturyLink Modem C1100T as the primary Gateway as it stands now, then adding the Netgate SG-3100 behind it?

     

    Thanks!

     

    BJ

     

    Case850 has a great point which is why I previously asked your interest level... I still think your overall experience will be better with pfsense once you learn it. Just the level of flexability/options on such a system you won't get from EdgeRouterX. If you want a set it and forget it option... do that. If you want to play with traffic and have a lot more options, you were right in the sg3100 option. The EdgeRouterX may not have been a waste of $ if you could use it to extend PoE and also provide ethernet uplink elsewhere. I may purchase a couple of those.. they have great benefit if they fit in the overall design.

     

    I'm assuming (based on previous posts) you have an ethernet hand off and already tried ONT -> ORBI? Why did you go back to the CL modem? Do you rent it or own it?

     

    I helped a buddy do an install recently where we briged the ISP modem (xfinity) because they needed the cable modem for MoCA and wasn't preparend to pay $ for a new modem.. Since you are ethernet, I don't know how that could help you. It just adds an extra hop for no reason. The only thing I can really think of is support. Your ISP may not spend as much time with you troubleshooting your own equipment than they would if you are using theirs.... If this is important to you, it may be worth it to keep it around in case you need to revert back to prove to the ISP the problems are on their side. If you don't use ISP standard equipment... it's easier for them to blame your equipment.