- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Re: Network Topology & Security Question
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Network Topology & Security Question
Ok I have a fairly complex topology question/issue. I have my Orbi Pro 6 SXK80 all set up with the VLANS configured as follows:
Port 1 - LAN 1 - VLAN 1 Admin
Port 2 - LAN 2 - VLAN 2 Employees
Port 3 - LAN 3 - VLAN 3 IOT
Port 4 - LAN 4 - VLAN 4 Guest
All VLANS have client and VLAN isolation.
I don't connect anything into port 1 unless router.
For VLAN 2/Port 2 - I need to setup an Insight switch to have every PC connected to be client isolated. How would I configure that or would it be easier to just use an unmanaged switch since client isolation is already set in router?
VLAN 3/Port 3 - I need to set up a Nest router to get the smart
devices to work. What issues/problems does putting a separate smart router on this port cause?
VLAN 4/Port 4 - I HATE the Orbi guest portal. It's not secured and many devices won't connect. Ideally I would setup a 2nd isolated Nest router to use for Guest wifi. Will this work?
Thanks!
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Network Topology & Security Question
Hello@MattyiceNG
And welcome to the NETGEAR Community! 🙂
For VLAN2/Port2
I guess what you can do is to access the switch GUI/settings and create VLAN 2 and have all the ports you wish to be under VLAN 2 be the member of VLAN 2 with PVID number 2 and connect it to your Orbri Pro 6 router. If that will not work try setting the port where the Orbi is connected as Tag port.
VLAN 3/Port 3
You can connect and setup an access point to port 3. You do not really need a router to make smart devices to work.
VLAN 4/Port 4
You can simply connect and setup an access point for guest wifi access.
You may choose your desired specific devices for switch or access point so I can point you to the right article for the procedure if I can find one.
Have a lovely day,
Erwin
Netgear Team
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Network Topology & Security Question
Thank you for time and thoughtful answers. Yes, I believe I can do that.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Network Topology & Security Question
- Thanks for the reply and thoughtful answer! I'm going to tweek this as best I can. Many thanks!
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Network Topology & Security Question
Erwin,
Thanks for the reply. It's a catch-22; even though the built in wifi on the Orbi Pro 6 SXK80 than on any Google router, a good number of the smart devices require a Google Nest router to work. Theoretically there shouldn't be any issues but even Google/Nest has posted some (most) of their smart products can only truly work well with a Google/Nest router.
I want the Google network/VLAN isolated from everything else completely. But since it's a router I'm plugging into Port 2, should that be a Trunk or Acess port on the Orbi setup?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Network Topology & Security Question
@MattyiceNG wrote:
It's a catch-22; even though the built in wifi on the Orbi Pro 6 SXK80 than on any Google router, a good number of the smart devices require a Google Nest router to work.
Such as which Smart Devices are that far off the industry standards that these requiring a Nest Router please?
@MattyiceNG wrote:
Theoretically there shouldn't be any issues but even Google/Nest has posted some (most) of their smart products can only truly work well with a Google/Nest router.
Reads like bad marketing, if not worse. What does practically not work?
@MattyiceNG wrote:
I want the Google network/VLAN isolated from everything else completely. But since it's a router I'm plugging into Port 2, should that be a Trunk or Acess port on the Orbi setup?
Completely isolated? STP and RSTP and similar protocols does always span the full network, regardless of the VLAN config on top. Last but not least, the Orbi Pro SXRnn is the router for all possible (five if I have it right) networks making up the default gateway, handling all NAT (many2one, port forwarding into [one] network, and DHCP for all these).
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Network Topology & Security Question
Yes. Correct. The Orbi Pro is the main router and the Google router is basically a sub router just to get the Nest products to connect. Google/Nest devices never work well with other manufacturers routers. They're a bit like Apple in a sense years ago.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Network Topology & Security Question
@MattyiceNG wrote:
Google/Nest devices never work well with other manufacturers routers. They're a bit like Apple in a sense years ago.
Which Nest devices? Any references for this claim?
Ok, I'm a little bit limited to what is deployed here: Nest Mini, Nest Audio, Nest Hub, Nest Hub Max, Chromecast HD, Chromecast 4K, Chromecast Audio, ... and a selection of Chromecast dongles back to the H202-42. And not Nest Router anywhere near.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Network Topology & Security Question
Hi@schumaku,
Do you mean when disabling the DHCP server function and the routing of the main router. It's possible to connect a new router to one of the network and supply VLAN to such network?
Regards,
Erwin
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Network Topology & Security Question
@ErwinL wrote:
Do you mean when disabling the DHCP server function and the routing of the main router. It's possible to connect a new router to one of the network and supply VLAN to such network?
Yes, this is what I understand the OP intends to do - what is easy in the sense of a single network covering multiple VLANs and flexible router deployments can proof to be challenging if not difficult when trying to combine multiple systems including another vendor. Last but not least, Google Nest does also have Mesh options what makes the project even more complex. Said this: I'm not to deep (or deep enough) in the Orbi Pro WiFi 6 systems -and- the Google Nest environment.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Network Topology & Security Question
Hi@schumaku,
Yes this is possible. A device should use the default gateway IP address only when they intent to go out the main router or out the internet.
Have a lovely day,
Erwin
Netgear Team
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Network Topology & Security Question
Hello@MattyiceNG
Was your problem resolved? If yes, in this case could you give us a feedback on the situation and accept the post as a solution to make it more visible to other users?
Thanks in advance! 🙂
Have a lovely day,
Erwin
Netgear Team