× NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Orbi WiFi 7 RBE973
Reply

Re: Redesign home LAN for IoT

gdlgiii
Tutor

Redesign home LAN for IoT

I am looking to redesign my current network for my home to accommodate these new IoT devices and want to maintain a secure way in isolating that traffic from my private LAN. Some of the IoT devices will have ethernet plugged in while others will use WiFi. My private LAN consists of a NAS (RN104) and a dedicated Windows 10 Plex Media Server.  I currently have one set of IP cameras on the Guest Wifi to keep that traffic separate but thinking ahead if I decide to connect a home automation HUB to my network.

My current network consists of a Netgear R7000 with 2 WiFi networks one for private and one for guest/IoT wireless devices. That hardware is on the second floor of my home. I ran one network drop from the upstairs media room to downstais office where there is a Netgear GS105A gigabit switch that connects the upstairs to down. On the downstairs switch, I have one hard wired PC with a Ethernet to USB print server and a Raspberry Pi3. From that downstairs switch, there is another cable run that goes to the living room where there is another GS105A switch that has an Arlo base station and a Roku 4 plugged into it. 

What i would like to do is to separate the Arlo Camera base station and the Rokus's (that are hardwired) on a separate VLAN network while using just the one network drop from upstairs. In the upstairs, I thought about taking the NightHawk router as the VLAN private network and aquire another cheaper router or wireless AP to use for the IoT VLAN network.  

I am looking at purchasing an Ubiquiti EdgeRouter Lite 3 Port router to create the 2 new VLANS. 

Then purchasing a GS108E smart switch for the upstairs to have both VLANS connected and connect each Wireless AP to their respected port. My question is, is it possible on the GS108E switch to configure one port with both VLAN ID's and have that port connect to the network drop leading downstairs. If that is possible, then I would believe I could just connect a GS105E switch and from that switch. plug the print server and desktop PC to the private VLAN and the network run to the living room to the IoT VLAN and still utiilize the existing 5 port GS105A switch there so that both those devices are on the IoT VLAN and not on my private network?

Am I on the right track with this or is something like this possible? I really do not want to go the route of the "3 dumb routers" option becuase then my Plex Media server will not be accessible to the Internet for me to stream from remote locations due to Double NAT limitation.

 

Model: GS105Ev2|ProSAFE Plus 5-port Switch, GS108E|8-port ProSAFE Plus Switch
Message 1 of 11

Accepted Solutions
DaneA
NETGEAR Employee Retired

Re: Redesign home LAN for IoT

@gdlgiii,

 

For the AP, I would recommend the WAC730.  The WAC730 supports VLAN wherein you could assign a wireless network for the loT network as well as for the Private network that are broadcast at the same time.  Also, the WAC730 supports PoE.  Kindly check its data sheet here.  

 

Here below is a network diagram that I recommend:  

 

 

From the network diagram above, the ports connecting the Ubiquiti EdgeRouter Lite and the GS110TP on the 2nd floor will be configured as tagged ports so that it will become a trunk link.  The same goes to the ports connecting the GS110TP on the 1st floor and the GS110TP at the 2nd floor.  Tagging the ports is needed in order to identify which VLAN the packet belongs to. 

 

The ports connecting the GS110TP on the 2nd floor to the RN104 and the WAC730 will be configured as tagged ports as well because both RN104 and WAC730 are VLAN-aware devices.  However, the rest of the ports on the GS110TP (both on the 1st and 2nd floor) connected to the desktops and Arlo Base Stations will be set as untagged ports because the desktops and the Arlo Base Stations are not VLAN-aware devices. 

 

 

Regards,

 

DaneA

NETGEAR Community Team

View solution in original post

Message 10 of 11

All Replies
DaneA
NETGEAR Employee Retired

Re: Redesign home LAN for IoT

Hi gdlgiii,

 

On the GS108E switch, you need to use 802.1Q VLAN in order to configure one port to be a member of 2 or more VLANs.  As I understand your initial post, you will be connecting the Arlo Camera base station and the Roku to the GS108E switch, am I right?  The ports where the Arlo Camera base station and the Roku will be set as access ports because as far as I know, the Arlo Camera base station and the Roku are not VLAN-aware devices.

 

 

Regards,

 

DaneA

NETGEAR Community Team

Message 2 of 11
gdlgiii
Tutor

Re: Redesign home LAN for IoT

Is there a setting on the other ports for the 1st floor GS108 switch to allow only specific vlan for each port so that it's respected device can connect w/o VLAN ID? I have included a basic drawing of what I am trying to accomplish. From what I gather, segmenting the upstairs traffic looks pretty easy, but since I only have one network drop downstairs and have a mixture of PC, printer and IoT devices, it gets a little fuzzy to me on how to accomplish this.

The firewall/router will be repalced with an Ubiquiti ERLite3 device where the VLANs will be created and managed from. I just need the switches to deliver the correct traffic to the correct devices. Will devices on Private network (VLAN1) first floor, be able to communicate with devices upstairs on VLAN1 (private)?

 

HomenetworkJPG.jpg

Message 3 of 11
DaneA
NETGEAR Employee Retired

Re: Redesign home LAN for IoT

@gdlgiii,

 

The GS108 is an unmanaged switch.  I believe you are referring to the GS108E switch.  Based from the network diagram you posted, you will need to configure 802.1Q VLAN.  For example, configure VLAN10 for the private network then configure VLAN20 for the loT devices.  Also, the devices on VLAN10 on the first floor will be able to communicate with the devices on VLAN 10 upstairs because they are on the same VLAN and the same goes for VLAN20.  

 

I pointed out using 802.1Q VLAN because from the network diagram, there are access points within the Private and loT networks.  I believe your access points supports VLAN so that it can be tagged to the corresponding VLAN it should belong.  Also, I believe your NAS supports VLAN as well.

 

You might want to check on the GS110TP switch.  I suggested this switch because the GS108E switch only supports static LAG.  You might be interested to configure LACP (dynamic LAG) to your NAS.  Also, the GS110TP supports PoE (Power over Ethernet).  I believe your access points supports PoE so that they could get power through the PoE port of the switch instead of using individual power adapters. 

 

For more information about the GS108Ev3 and GS110TP switches, kindly check their respective data sheets below:

 

GS108Ev3 data sheet

 

GS110TP data sheet

 

 

Regards,

 

DaneA

NETGEAR Community Team

Message 4 of 11
gdlgiii
Tutor

Re: Redesign home LAN for IoT

Since I have a Netgear EX7300 extender, I thought it would be a little easier to use this device to handle IoT devices that are wired to use the IoT network. Using the single Gb port, I hooked that to a GS105 Prosafe unmanaged switch then plugged the Roku 4 and Arlo base station into that. Then I configured the EX7300 to be in extender mode and connected that to my Guest WiFi solving the delimna of running multiple wires from the second floor to first floor since only on network drop exists. But then it got me to thinking a little more. Instead of using two WiFi APs, could I just use one and configure two VLANs on the 2.4 and 5.0Ghz wireless networks on a L2 smart switch that has one port configured for 2 VLANs on the second floor? 

Granted, this updated diagram shows two separate networks and I may still go this route, but if I want to save just a little more $$ purchasing an additional AP, going back the way of VLANs would be the best way to go and just look at purchaing ONE 8 port L2 smart switch upstairs and connect the first  floor to an existing unmanaged GS105 Prosafe switch. As you can see in the diagram, I included the EX7300 in a red'ish color to point out that it will be connected to a Wifi AP on the IoT network. 

 

 

HomeNetworkV2.pdf

Message 5 of 11
gdlgiii
Tutor

Re: Redesign home LAN for IoT

I have an existing R1900 router that I wanted to turn into an AP. Does that support PoE? Also usng that same R1900, configure 2 VLANS for separate WiFi network access if that is supported. I do not think I will need the GS110T as most devices I have do not support PoE but could consider that for future implementations possibly. So far, I think the best fit for me would be the GS108E-300NAS device. I tested the RN104 with LACP and did not see a boost in performance since only a couple of devices access it. I use it mainly for streaming my media library and music to a dedicated media server that are on the same switch. Since both can be confgured for VLAN support, I believe I can just configure the ports for VLAN (private) network and keep it separated from the IoT network?

 

Message 6 of 11
DaneA
NETGEAR Employee Retired

Re: Redesign home LAN for IoT

@gdlgiii,

 

For example, you have a GS108Ev3 (or GS110TP).  You will configure two VLANs namely: VLAN10 for the private network and VLAN 20 for the loT network.  Let say the access point is connected to port 5 of the switch.  Port 5 of the switch should be configured as a tagged port with a PVID of 1.  VLAN Tagging is a method to help identify packets travelling through trunk links.  Then, on the access point, a 2.4GHz wireless network should be configured for each VLAN and a 5GHz wireless network should be configured for each VLAN as well.  

 

What is the brand and model of the access point you have? 

 

I believe you are referring to the R7000 Nighthawk AC1900 Smart WiFi Router.  This router does not support PoE and VLAN.

 

You mentioned that you configured LACP on the RN104.  Based on the network diagram you posted, the RN104 is connected to an unmanaged switch.  LACP will not work because the RN104 is just connected to an unmanaged switch.  The two ethernet ports of the RN104 should be connected to two ethernet ports of a smart switch (like the GS110TP) then properly configure LACP on both RN104 and the smart switch for LACP to work.  

 

Be reminded that the GS108Ev3 is a web-managed plus switch and it does not support LACP.  The GS110TP is a smart switch and it supports LACP.

 

 

Regards,

 

DaneA

NETGEAR Community Team

Message 7 of 11
DaneA
NETGEAR Employee Retired

Re: Redesign home LAN for IoT

@gdlgiii,

 

I just want to follow-up on this.

 

If ever your concern has been addressed / resolved, I encourage you to mark the appropriate reply as the “Accepted Solution” so others can be confident in benefiting from the solution. The NETGEAR Community looks forward to hearing from you and being a helpful resource in the future!

 

 

Regards,

 

DaneA

NETGEAR Community Team

Message 8 of 11
gdlgiii
Tutor

Re: Redesign home LAN for IoT

If the r7000 does not support vlan, then what AP would? Or how can I set the switch port to possibly make the r7000 (when in AP mode) think it is connected to a standard port and connect with a static IP? Or would this need to be configured on the main router?

Message 9 of 11
DaneA
NETGEAR Employee Retired

Re: Redesign home LAN for IoT

@gdlgiii,

 

For the AP, I would recommend the WAC730.  The WAC730 supports VLAN wherein you could assign a wireless network for the loT network as well as for the Private network that are broadcast at the same time.  Also, the WAC730 supports PoE.  Kindly check its data sheet here.  

 

Here below is a network diagram that I recommend:  

 

 

From the network diagram above, the ports connecting the Ubiquiti EdgeRouter Lite and the GS110TP on the 2nd floor will be configured as tagged ports so that it will become a trunk link.  The same goes to the ports connecting the GS110TP on the 1st floor and the GS110TP at the 2nd floor.  Tagging the ports is needed in order to identify which VLAN the packet belongs to. 

 

The ports connecting the GS110TP on the 2nd floor to the RN104 and the WAC730 will be configured as tagged ports as well because both RN104 and WAC730 are VLAN-aware devices.  However, the rest of the ports on the GS110TP (both on the 1st and 2nd floor) connected to the desktops and Arlo Base Stations will be set as untagged ports because the desktops and the Arlo Base Stations are not VLAN-aware devices. 

 

 

Regards,

 

DaneA

NETGEAR Community Team

Message 10 of 11
gdlgiii
Tutor

Re: Redesign home LAN for IoT

This is very very good information here. As long as devices on both network are not "aware" of each other, then I think this is the perfect solution. Thank you for the product suggestion on the WAC730 AP that can handle multiple VLANS for wireless devices.

 

Message 11 of 11
Top Contributors
Discussion stats
  • 10 replies
  • 12617 views
  • 1 kudo
  • 2 in conversation
Announcements