VLAN Routing in home network

kemperkipie · Feb 8, 2015

Hello,

I'm moving to a new home this week and want to set up a solid network. My internetprovider doesn't make it easy for me. They deliver a crap router (Experiabox V9 ZTE H368N) which is the only device which can log onto their phone system. The internet comes into my house through fiber which is converted to a RJ-45 connector in my basement. The RJ-45 connection gives me 3 VLAN's to work with, VLAN 4, 6 and 7.

VLAN 4 = IPTV
VLAN 6 = Internet
VLAN 7 = Telephone

Now I currently have an entire network managed from my router (Asus RT-AC68U) and would like to keep it that way, which basicly means that I have to send VLAN 6 to my Router. (My router can not manage VLAN's itself, so the WAN on my Router has to be access.

Since the only device which can log onto their telephone service is the Experiabox, I'm forced to send VLAN 7 to the Experiabox, which is connected to my phone.

My main problem is IPTV, I want to watch IPTV on different floors, where only a single cable leads to, but where I also want to use regular internet (VLAN6).

So basicly, I want VLAN 6 to transform into network managed by my Asus-router (maybe it gets a new VLAN assigned when it returns to a switch, I don't know?
Then I want to send the VLAN from my Asus-router, as well as the VLAN 4 for IPTV over a single cable to different floors, where I would be able to use it.

To give you some visual, I've made a visio-drawing

So my question is, how can I realise this setup, without putting new cables through my walls and with only buying some new switches (managed or unmanaged).

Thanks for reading!

RaDiKaL_ · Feb 8, 2015

When using multiple VLANs over a single Ethernet cable, managed switches are required for it, so every single cable that will get several VLANs through it will have to be connected to a managed switch, each end device with its proper VLAN assigned, and the cable(s) that goes from switch to switch will have to be set in trunk mode.

My question is, will the devices connected to your ASUS router also get data from VLAN 4? For that you'll need InterVlan routing, since your asus router doesn't even have VLANs then that's something it won't be able to do, you won't be able to get your devices behind your asus router access VLAN 4 data until you replace it with a device that can manage intervlan routing, or until you eliminate the asus router from the topology.

One suggestion, you could set the asus router in AP mode modifying its DHCP settings so the devices are in the same subnetwork VLAN 6 is set in the experia router + having the experia router as their default gateway.

Since the experia handles multiple VLANs it should be able to do InterVlan routing, thus enabling what you want to achieve, to interconnect several VLANs between them.

noidea_77 · Feb 8, 2015

RaDiKaL_ :

But I don't think, you can put a switch between the provider port and you network. Typically the router handles the credentials and requests the ip address. Your setup requires two ip addresses - one per router - and i don't think you will get that.

Kewlx25 · Feb 8, 2015

More than likely, you're going to need to keep your IPTV and Internet VLANs completely separate. If you merge them into the same broadcast domain you'll effectively have two separate networks in the same network. Bad things will probably happen.

My ISP uses VLANs on the back end, but maps them to different ports on the ONT, instead of leaving them as VLANs and sending them all over the same port

kemperkipie · Feb 8, 2015

But I don't think, you can put a switch between the provider port and you network. Typically the router handles the credentials and requests the ip address. Your setup requires two ip addresses - one per router - and i don't think you will get that.

I know it's achievable with my provider because others did it before, however, their solution doens't completely help me, that's why I'm asking here. The logon credentials are available.

My question is, will the devices connected to your ASUS router also get data from VLAN 4?

I'm not entirely sure about that. It would be nice, but seems not to work. My main problem is de single cable going to other floors, which forces me to send multiple VLAN's over that cable. However, I'm not sure if I can do that with a single switch in my basement.
Is it possible to realise something like this:

So basicly a single switch that handles multiple inputs, even if they consist out of their own output.... Is this possible, or do I need an extra switch?

More than likely, you're going to need to keep your IPTV and Internet VLANs completely separate. If you merge them into the same broadcast domain you'll effectively have two separate networks in the same network. Bad things will probably happen.

So I need at least managed switch on ever floor that uses IPTV ánd regular internet. I guess that's possible.

One suggestion, you could set the asus router in AP mode modifying its DHCP settings so the devices are in the same subnetwork VLAN 6 is set in the experia router + having the experia router as their default gateway.

In my current home, the Experiabox is connected straight with the port to provider, managing all VLAN's. I have my Asus connected to Experia. All incoming traffic will have to pass the Experia router with port-forwarding, forcing me to double-port-forward to reach a destination. The Experiabox itself is a terrible router with a near completely locked webgui. Which is the main reason I want to split VM's before reaching the Experiabox.

Another option might be buying a Router that is able to manage VLAN's. However, I prefer to keep my Asus because I like the options, and well.... Those routers are pretty expensive.
If I were to buy a new router, it has to have Dual-band with a fast 5GHz mode, and I want to be able to set up guest-networks as well.

Thanks for the help so far !!

bill001g · Feb 8, 2015

First you must have managed switches. I really don't know what abilities your provider device has but I would guess it must be doing the nat on the multiple vlans.

The only way you are going to get this to work with your router is to put in the path. What you are going to have to do is use vlan 6 as a cable between the vendor router and your asus. You would then define a new vlan and plug the lan port of the asus into ...say called vlan 10. You would then define vlan 10 for all your end devices.

Pretty much the only way you get a consumer router to run vlans is to load third party firmare, you can load dd-wrt on most asus routers.

It is going to get expensive if you have to buy a lot of managed switches.

kemperkipie · Feb 8, 2015

The only way you are going to get this to work with your router is to put in the path. What you are going to have to do is use vlan 6 as a cable between the vendor router and your asus. You would then define a new vlan and plug the lan port of the asus into ...say called vlan 10. You would then define vlan 10 for all your end devices.

I don't exactly get what you mean. One thing I'm sure about, is that I want to avoid the Experiabox from any internet traffic, and only let it manage my telephone.

What I get from most answers is that it would be a problem because of my Asus router. Would it be easier if i'd bought a VLAN managable router, and what would the setup be?

The switches I want to buy:
TP-Link TL-SG3210 (L2 Managed Switch)

What router would you suggest? As I mentioned before: If I were to buy a new router, it has to have Dual-band with a fast 5GHz mode, and I want to be able to set up guest-networks as well.

My total budget (all switches and perhaps a router) is €500,- max.

bill001g · Feb 8, 2015

Vlan support on a router is a commercial feature just like switches. You are just lucky the price on switches has come down. Routers that support vlan are not as common and therefore cost more.

Your best solution is to load dd-wrt on your current router to get the feature

This is a very strange install, The more I look at this the more I suspect you are confusing concepts. If your "port to provider" is actually a DSL connection then all the concepts of vlan tags and such is not valid. It is highly unlikely they are running what is called L2TPv3. The port to provider could be what is called a ONT but you would know if you had a fiber.....but I don't know why they would use the expeira device there are better. Still even with ONT it is not a common thing to run vlan tags over it.

If you have a DSL connection I suspect you are out of luck trying to not run your traffic though the experia device. This device has a lot of feature that you do not see on most DSL routers like phone ports. Your largest issues is going to find a DSL router that supports vlan tags if that is what is really being done. DSL makes it impossible to get third part firmware for common routers. There are commerical routers that support this but you still are going to have to figure out how the ISP is doing that what they are doing.

I know some ISP make it impossible for you to replace their device.....ie att uverse.

kemperkipie · Feb 9, 2015

Thanks for your reply

This is a very strange install, The more I look at this the more I suspect you are confusing concepts. If your "port to provider" is actually a DSL connection then all the concepts of vlan tags and such is not valid. It is highly unlikely they are running what is called L2TPv3. The port to provider could be what is called a ONT but you would know if you had a fiber.....but I don't know why they would use the expeira device there are better. Still even with ONT it is not a common thing to run vlan tags over it.

If you have a DSL connection I suspect you are out of luck trying to not run your traffic though the experia device. This device has a lot of feature that you do not see on most DSL routers like phone ports. Your largest issues is going to find a DSL router that supports vlan tags if that is what is really being done. DSL makes it impossible to get third part firmware for common routers. There are commerical routers that support this but you still are going to have to figure out how the ISP is doing that what they are doing.

I know some ISP make it impossible for you to replace their device.....ie att uverse.

Well, I'm pretty sure about the connection my provider gives, because someone has an entire site devoted to this. I could give you the link here, but I don't think you'll get any wiser from my language

My provider has a fiber cable running towards my house, in my house it's connected to a box that somehow converts it to UTP (I do not know what they have inside, the only thing I know, Fiber comes in, RJ-45 comes out). As the site mentions, the RJ-45 port out will give me a trunk of VLAN's, and as far they tell these are VLAN 4 (IPTV), 6 (Internet) and 7 (Telephone).

This is most of the things this site and many others that have the same provider can tell me. So basicly the idea is to get certain VLANs to certain location the most efficient way.

Vlan support on a router is a commercial feature just like switches. You are just lucky the price on switches has come down. Routers that support vlan are not as common and therefore cost more.

Your best solution is to load dd-wrt on your current router to get the feature

I've recently looked into this. It seems to be supported on my router, but through the main site it only shows a beta from april 2014, while someone on a forum links to a FTP giving a beta from 2 weeks ago. I'm not sure what I should take, because I want a stable router with nearly all functions it had (Dual band, MAC Filtering, Guest networks, etc.). I'm also a bit cautious about throwing on a off-brand firmware and screwing up my router. I would want to be sure it is easy and always possible to revert to the stock firmware.

bill001g · Feb 9, 2015

Your best bet is to install it like they show in picture with vlan 100. You do not need any special router you just need to plug the wan into a port on vlan 6 and the lan port on vlan 100. All you ends devices would go on vlan 100.

It appears what makes it all work is they are using PPPoE on all the devices which would prevent you from say putting your router on the vlan used for the TV.

They must have some kind of traffic shapers at the far end...they must be able to give priority to the tv and voice signal even if you down load huge amounts of data.

They are lucky I don't have access I would be trying all kinds of bad things just to see what happens.

kemperkipie · Feb 9, 2015

Thanks for your reply

It appears what makes it all work is they are using PPPoE on all the devices which would prevent you from say putting your router on the vlan used for the TV.

Yes, I've read that, I have to have PPPoE on my router in order to connect to the network. I get a standard login
[MAC ADDRESS]@direct-adsl.nl with a standard password.

They must have some kind of traffic shapers at the far end...they must be able to give priority to the tv and voice signal even if you down load huge amounts of data.

I'm not entirely sure if a part of my provider handles that, or that I have to configure QoS on all switches to be sure.

Your best bet is to install it like they show in picture with vlan 100. You do not need any special router you just need to plug the wan into a port on vlan 6 and the lan port on vlan 100. All you ends devices would go on vlan 100.

I understand the idea, because my switch would recieve VLAN100 and then give it out to other switches or devices.

However, I'm curious to know, can a switch make a VLAN itself from an access port from a device? So let's say I don't have a managed router, so I just let my router send out access, the switch then turns it to VLAN100 and then give it out to other switches or devices. Or is this completely ridiculous. Could someone explain?

bill001g · Feb 9, 2015

That is exactly how it works. You need to think of vlans as physical switches. Trunk ports are really only used between switches and even then you are best thinking a a trunk port as a bunch of separate cables connecting to a bunch of different switches.

So you have a switch called vlan 7 on the wan side and a completely different switch called vlan 100 on the lan side. This switch can be connected to lots of other switches also running vlan 100. The design is exactly the same as if you had a DSL port on your router (instead of vlan 7) and then hooked up a bunch of dumb switches all over your house.

It just takes a while to not think it is weird to plug the wan port of a router into switch port 1 and the lan port into switch port 2. This never works with stupid switches but a vlan based switch it does because technically port 1 and port 2 are not on the same virtual switch.

kemperkipie · Feb 9, 2015

It just takes a while to not think it is weird to plug the wan port of a router into switch port 1 and the lan port into switch port 2. This never works with stupid switches but a vlan based switch it does because technically port 1 and port 2 are not on the same virtual switch.

Haha, indeed, I still need to process this...

I think I'm just going to order some managed switches, let's say 2, and see how far I can get. If it seems to work, I can alway order more switches to handle other floors in my house. Priority list is:
1. IPTV in living room (manageble with single switch after my fiber. Directly send VLAN 4 to the Set-top box)
2. Internet WLAN on Asus Router (Simply by sending VLAN 6 to the Asus router)
3. Internet on the second floor (Possible to just put a switch on the Asus, but will eliminate the possibility of VLAN 4 on second floor ---- Other way is to test some things out with VLAN100 idea, perhaps with DD-WRT)
4. IPTV on second floor (If the switch is connected right, I can send VLAN 4 to the second floor and give it to the Set-top box)
5. IPTV on first floor (is this possible to manage with a dumb switch? Just send VLAN 4 to a dumb switch which will connect 2 seperate Set-top boxes? If not, I'll have to get another managed switch, I guess)
6. Internet in living room (I guess this will require a managed switch to get both VLAN's there. However, this will only be a case when all other things work, so at that time this will be easy)

So when I buy 2 switches, I put one in the basement at the port to provider, and one on the second floor
The best suggestion as a managed switch I got so far is:
TP-Link TL-SG3210 (L2 Managed Switch)
Any other suggestions? I will be ordering them within 24 hours of this post, since internet will be transferred to the other house next thursday

bill001g · Feb 9, 2015

From a quick look at the manual they should work fine. I have my collection of used commercial cisco switches and have not bought a consumer switch in years.....they keep adding more and more features and the price keeps coming down.

kemperkipie · Feb 12, 2015

Quick update:
I've ordered two of the TP-Link TL-SG3210 (L2 Managed Switches). With the first two I will first confirm that I will get a function network when I split my providers VLANs. Setting one behind the port to provider and one on the second floor. Trying to get a self-made VLAN of Asus Router (which got the internet over VLAN6) together with VLAN4 over the single cable to the second floor.

I'll keep you updated on the results. Thanks for all the support!

kemperkipie · Feb 14, 2015

Configuring the VLANs was easier than expected. I was done in about half an hour setting the entire thing up. So far I've managed to get this fully working:

I have one other switch left, I'm going to set this one up on the second floor, as you can see in other drawings. There I need to get the router access and VLAN 4 over a single cable. I'll try to put an access port from my Asus into the switch as access and set to VLAN 100 (for example) and then trunk VLAN 100 and VLAN 4 upstairs.. I'll see what that brings me..

This will probably be somewhere next week, since my entire top floor isn't installed yet.

haegg78 · Dec 19, 2015

Just curious. Did you get it all running using The second switch?

kemperkipie · Dec 20, 2015

haegg78 :

Well, funny story, it worked for only a couple of days.
It seems that my Asus RT-AC68U has a bug in it that emmits UPnP over the WAN connection. My provider picked that up and did not approve. I was in a quarantine-network for a day, until I was forced to connect their Experiabox onto the network again. I haven't had time to try out some new possibilities, because I do not want to get thrown in quarantine again.

Nowadays I still have the VLANs split, I have VLAN4 connected directly to any IPTV and VLAN 6 and 7 connected to the Experiabox. Ethernet from the Experiabox goes to my Asus router which creates a network (VLAN 100 back on the switch) where all other devices are connected to.

To make this work, I have three managed switches, one on every floor, however, the one on the second floor does not have to be managed, because it only handles a single network. In the livingroom I currently only have one cable that connects to the IPTV, so I only need VLAN 4 (no switch). Only other device in the living room that requires internet at this moment is my TV, which has build-in 5Ghz WiFi, so I'm currently using that.

It's still fun to play around with this kind of networking, however, I'm a bit cautious with whatever I do with my WAN connection, since I don't want to lose my internet connection more than a few days.

VLAN Routing in home network

Distinguished

Splendid

Distinguished

Distinguished

Distinguished

Titan

Distinguished

Titan

Distinguished

Titan

Distinguished

Titan

Distinguished

Titan

Distinguished

Distinguished

Reputable

Distinguished

Share this page