This topic has been marked solved and closed to new posts due to inactivity. We hope you'll join the conversation by posting to an open topic or starting a new one.
Using a Netgear R8000 Nighthawk router, I would like to connect 2 GS108Tv2 switches to support 2 VLANs. I want to separate the computers, phones, tablets from the Arlo Cameras, Google Home, Chromecast Audio and other IoT devices for security purposes.I have been reading the documentation on these switches and want to know if I am on the correct path to making this work. I have the main router along with NAS device and HTPC upstairs while I have a desktop pc, print server and raspberry pi downstairs. There is a single network drop from the upstairs going to an unmaged switch. Upstairs there is another unmanaged switch connected to the main R8000 router. I am hoping I can use the R8000 router to provide the Internet Connection and use the two switches for network connectivity. I need the IoT network to have Internet Access only and not able to see the personal devices. So wondering how I would go about doing this with these three devices. I woud also like to take two additional routers and turn them into dedicated AP's configured on each VLAN. Since these are only L2 switches, I am to assume it will still only have one network IP scheme and not separate IP network? Also I am using Plex and it needs to port forwarding and wondering how I will need to accomplish that or would that stil be configured on the router?
Re: Update home network for IoT and private devices
You should set the default VLAN for an untagged port to the VLAN that you want untagged traffic received on that port to be mapped to. So that means the default VLAN for the ports connected to the HTPC, PC, NAS and RPi3 should be set to the private VLAN. And the ports for your IoT devices should have their default VLAN set to the IoT VLAN.
Re: Update home network for IoT and private devices
There are a few discrepancies in your post and your diagram. The post talks about unmanaged switches but the GS108Tv2 is a managed switch. The diagram shows the RN104 on a trunk link, but it's labeled as Private VLAN, so the link color should probably be maroon.
Anyway, the general layout of the diagram looks ok. The problem is that the R8000 doesn't really support VLANs. This means that not only can you not use a trunk link from it to the GS108T, but the VLAN isolation in the rest of the network is going to be undone by the R8000.
You really need a VLAN capable router to pull this off. You can load third-party firmware, like DD-WRT or Tomato, onto the R8000. Or get a SOHO/business class router. Netgear has their line of UTM and VPN firewalls, although you should look at other brands.
Re: Update home network for IoT and private devices
So, if I obtain an Ubiquiti EdgeRouter Lite, I could possibly do this? Thinking of devices that are not VLAN aware, perhaps it would be best to set the default vlan to the new IoT (vlan50) vlan on untagged ports?
I sent an different layout. I don't think I will have funds to purchase the netgear AP and will need to repurpose netgear routers.I have 1 R8000 and 2 R7000 routers I could use as APs for their respected vlan I would think.
So, if I obtain an Ubiquiti EdgeRouter Lite, I could possibly do this?
Yes, an Edgerouter Lite would work. I have one and it's great.
Thinking of devices that are not VLAN aware, perhaps it would be best to set the default vlan to the new IoT (vlan50) vlan on untagged ports?
What are you trying to accomplish with this?
I sent an different layout. I don't think I will have funds to purchase the netgear AP and will need to repurpose netgear routers.I have 1 R8000 and 2 R7000 routers I could use as APs for their respected vlan I would think.
Looks like your new layout just has the R8000 swapped out with an Edgerouter, but it still shows the WAC730. Anyway, you can certainly use the R8000 and R7000 as APs and place each one in a different VLAN.
Re: Update home network for IoT and private devices
I forgot to remove the WAC730 AP from the diagram. My goal for this is to separate private network traffic from IoT traffic while repurposing some existing hardware. I am trying to keep it somewhat simple while keeping a secure environment.
Re: Update home network for IoT and private devices
My thinking (if I'm correct) was to use the untagged ports to connect the Arlo camera base stations to since they do not support vlans. Keeping the IoT vlan as default vlan for untagged ports would work best I believe to keep that traffic separate from the private network.
Re: Update home network for IoT and private devices
But don't you also want to put other devices, like your PC and NAS in the private VLAN? The procedure would be similar. You would mark the port as untagged but you would, instead, set the default VLAN to the private VLAN.
The way you phrased it made it sound like you were going to put all untagged ports into the IoT VLAN, regardless of the device.
Re: Update home network for IoT and private devices
I do want to put the htpc, PC, nas and rpi3 on private vlan but for the other devices that cannot be configured to connect to a vlan, I was thinking of making that the IoT vlan (guest) network so that it could also communicate with the Google home on the IoT vlan wifi. So it is recommended that I do not set the IoT vlan as default vlan for untagged ports?
Re: Update home network for IoT and private devices
You should set the default VLAN for an untagged port to the VLAN that you want untagged traffic received on that port to be mapped to. So that means the default VLAN for the ports connected to the HTPC, PC, NAS and RPi3 should be set to the private VLAN. And the ports for your IoT devices should have their default VLAN set to the IoT VLAN.
