I just bought a GS316EPP switch to replace an IntelliNet switch which worked well, except that the fan goes bad after 1 year, and after having one replaced under warranty I've given up with it.
I have three WAPs and the Guest network is hard wired to tag VLAN 1003. This is fine witth no VLAN settings on the switch. The Guest network transactions get passed to the router which allocates a sub net of 192.168.13.0/24, but the rest of the network is on the default domain, 192.168.1.0/24. I really want to break out my iot devices on to a different subnet, say VLAN 30, and change my other home network to VLAN 15. Then I can set about setting firewall rules to prevent cross VLAN traffic.
I have three WAPs and the Guest network is hard wired to tag VLAN 1003. This is fine witth no VLAN settings on the switch.
No, it's not fine at all. With your WAPs configured to use the Guest network tagged to VLAN ID 1003, you have to create the VLAN 1003 on your switch, and configure the switch port(s) connecting to act as a [T]agged port for the VLAN 1003.
The Guest network transactions get passed to the router which allocates a sub net of 192.168.13.0/24, but the rest of the network is on the default domain, 192.168.1.0/24.
Does the router support VLANs, or just dedicated ports for the two (or planned three) VLANs?
The default IP subnet 192.168.1.0/24 must be run on a different network, in this context in a different VLAN. This can be the default [U]ntagged VLAN 1 for example. The networks must be different, you can't [should not at least] operate multiple IP subnets on one network, certainly not on a flat untagged or undefined VLAN.
I really want to break out my iot devices on to a different subnet, say VLAN 30, and change my other home network to VLAN 15. Then I can set about setting firewall rules to prevent cross VLAN traffic.
Beyond of the VLAN 1003 for the Guest network as described above, you need to create the VLAN 15 and VLAN 30.
To connect the IoT devices, configure the connecting ports for that network as an access port. Make each port [U]ntagged VLAN 30, PVID 30, and remove [ ] the default VLAN 0 (and any other).
To connect the other home network devices, configure the connecting ports for that network as an access port. Make each port [U]ntagged VLAN 15, PVID 15, and remove [ ] the default VLAN 0 (and any other).
If your router does support VLANs, run a trunk, configure a port to carry all VLAN 15, 30, and 1003 as [T]agged between the router and the switch.
If there is no tagged VLAN support, and the router does allow dedicated ports for Guest, IoT, and home network, configure these like the access ports as shown above.
Now you have three networks, in three VLANs. And just your router does have to take care about the routing between the three networks, each carrying a dedicated IP subnetwork.
