how to create 2 vlans by connecting wireless router to a switch(layer 2 or layer3)

igrizz

Reputable
Jul 21, 2014
4
0
4,510
At home, I use a wireless ac750 router(dlink) to connect my computers to internet wirelessly.
I connect rj45 which comes with my broadband cable directly to my router.

Now I want to have 2 lans with seperate broadcast domain.
I don't need to share any data between these lans.

Should I connect my router to a layer2 wireless switch with vlan capability to achieve vlan.

Or should I replace my router with a wireless layer 3 switch and somehow put my router to a good use to increase security.

Or is there any better method, please help.

In short I want to have 2 vlans with seperate broadcast domain, no need for an option to share data among these vlans
 
Solution
In a very simple setting you can use the guest wireless network to keep you network separate. "Most" routers that have guest wireless only allow the guest machine to access the internet. So if you only have a single router that has a direct internet then this works ok.

The place you still have issues is when you have AP or other configuration restrictions where the main router is not directly in control of the guest users
Problem you have is you do not have a actual router you have what is referred to as a gateway. Most only support a single lan subnet. So lets say you have 192.168.0.x/24 and 192.168.1.x/24. With a layer 2 switch your router must support vlans so it can have the gateway for each of these subnets. Now if you went to a layer 3 switch. Lets say you waste another /24 192.168.2.x and assign the router .1 and the layer 3 switch .2 Now the router would have to have the ability to send 192.168.0.x/24 and 192.168.1.x/24 to 192.168.2.2. Some device do and some do not. Now on top of this the router must be able to NAT the addresses from 192.168.0.x and 192.168.1.x to the wan address. Many only support the main lan subnet. This is really why you need a real router it has support for many of these option. Unfortunately you can not just use a layer 3 switch. Even though a layer3 switch can do all the routing etc a router can one of the key function a layer3 switch can not do is NAT. They pretty much will not do anything that delays packets. like IPSEC or even traffic shaping.

Your best option is going to be to get a router that you can load dd-wrt on since it supports all the routing and vlans etc.
 

Urumiko

Distinguished
Dec 28, 2013
505
0
19,160
Firstly chaining home routers is a bad idea due to double nat. There is nat between the wan and lan ports and you dont want this twice.

2nd, if you connect 2 routers in a chain with different subnets on them, you would need either static routes or a routing protocol such as rip working between them.


The propper way to do what your asking is either

A:Get a small business router with 3+ interfaces eg cisco 800 series.

B: if you have a router that supports 802.1q trunking, (yours probably wont), set up "Router on a stick" (google this).

C: Use a layer 3 switch, this is effectively a managed switch and router all in one box, it will allow you to have different ports in different vlans and handle ip routing between them.

The main problem you have is home routers which normally have 1 wan port and several lan ports, are not proper routers. On a real router each interface is independently configurable as a separate broadcast domain. with a home router what you really have is a 2 interface router, one for wan, and 1 for LAN. The multiple lan interfaces you see are actually a switch hard wired to the router and therefore all on on the same broadcast domain. If your routers both support internet protocols and you can turn off nat on one of them you might be able to bodge it with what you have but again this is unlikely.
 

igrizz

Reputable
Jul 21, 2014
4
0
4,510
Thanks a lot guys. It was very very helpful and informative.
Sorry cold not respond earlier, had a really bad cold and after that my computer was out of order.

How do I know that my wireless router supports wireless layer 2 switch with vlan capability.
I have dlink dir810l router
 
I don't think there are any consumer routers that support those features with factory firmware. You care going to have to go see if you can load any of the third party firmwares like dd-wrt. The router uses a mediatek chip so that cuts the odds a lot. At the moment the dd-wrt site is being a pain so I can't even check it.

Using third party firmware is not a project to undertaken unless you are willing to spend quite a bit of time reading and digging around. You must first get the proper image files or you get a dead router. Then it will take some study of how to actually configure what you want. Many of the advanced features are configured by editing files in a unix like environment only the very simple stuff has GUI to help you.
 
Where do you want your 2 Vlans? What are you trying to accomplish? I am just trying to figure out what needs to be separated. Is it wireless traffic or wired traffic? It looks like your router supports a wireless guest zone. If you need to separate your wired LAN into two different VLAN's (broadcast domains) all you need is a layer2 switch (that supports a "General" port or allows a port to be in multiple VLAN's as an untagged port). I don't particularly like that method but it works in a small network. One subnet but two VLAN's. For example take a look at this (especially the last 3 pages of it): http://www.smallnetbuilder.com/lanwan/lanwan-howto/30071-vlan-how-to-segmenting-a-small-lan

 

igrizz

Reputable
Jul 21, 2014
4
0
4,510
Thanks to all of you for your valuable and informative replies.
I want to separate wireless traffic.Is wireless guest zone as secure as having 2 vlans.
 
In a very simple setting you can use the guest wireless network to keep you network separate. "Most" routers that have guest wireless only allow the guest machine to access the internet. So if you only have a single router that has a direct internet then this works ok.

The place you still have issues is when you have AP or other configuration restrictions where the main router is not directly in control of the guest users
 
Solution