Networking. Setting up vlans

mj109 · Mar 25, 2018

I am attempting to set up Vlans. Here is a brief overview of vlan usage and requirements. Each vlan will also be on its own subnet. All IP’s will be static. DHCP will be used for vlan 40 (WiFi AP)
Vlan 20:
• Network cams
o WAN Restricted
o Access beyond LAN 20 restricted.
• Windows box running as a NVR
o Second NIC: Access to WAN via Vlan 40
o Primary NIC: Vlan 20 (receive camera feeds)
Vlan 30
• Streaming android box
o Access to WAN.
o Access to rest of the network restricted.
Vlan 40
• WiFi AP
o WAN Access
o Access to other Vlans Restricted.
Vlan 50
• All other wired devices
o WAN Access
o Access to other Vlans restricted

I understand the theory and config of VLAN, for the most part, but not much experience with new deployments, and deployments using only 1 switch.
I am using a
Router: Netgear Nighthalk R7000 router
Firmware: DD-WRT v3.0-r33675M k
Switch: Cisco business / Linksys SRW224P

I believe I am having a problem setting up trunking on the router side? I believe I am missing some options. Both devices use a web based gui, which can sometimes add to the confusion. I have attempted this a few times now so I hoping for some guidance. I have considered getting a L3 switch as this would much easier to set up, for me anyway.

I have uploaded screen shots of some of the gui options I have available.

Ralston18 · Mar 25, 2018

Not seeing the screen shots.

You should also post more of the work that you have done showing your initial configuration or some reiteration thereafter.

What, why, and how you configured your Vlans.

Seems to be sort of a homework project and we cannot do homework for you.

mj109 · Mar 25, 2018

Ralston18 :

Ralston18

if you dont want to help with homework then dont.
I dont see the problem with someone needing help with homework

in anycase. this is not a homework project. but thankyou for the insult.

as far as screen shots. It is asking me for a url and does not appear I can upload them directly to the post?

USAFRet · Mar 25, 2018

mj109 :

Detailed instructions on posting images on Tom's hardware.
http://www.tomshardware.com/faq/id-2580030/detailed-instructions-posting-images-tom-hardware.html

Ralston18 · Mar 25, 2018

No insult intended.

And not a issue regarding helping or not helping.

However, Forum rules do prevent "doing homework". Assistance can be and is given if the OP (Original Poster) provides some evidence of the work that he or she has done plus identified a specific issue or problem that various solutions have failed to solve.

Your is a design problem for the most part. Show your design and explain what is not working for you.

Grey area sometimes....

And you can add the screenshots of your work via Imgur.

Here is how to do that:

http://www.tomshardware.com/answers/id-2173703/post-images-tomshardware-guide.html

mj109 · Mar 25, 2018

I think it is insulting because you were implying that I want someone to do my home work.
I even said in my original post that I was considering buying a L3 switch. What would I buy that for? my school work?

I think my design is fine. I am not sure what your talking about, unless you can provide specific question or example.

I think I am running into a problem with Trunking and Vlan settings within dd-wrt. I also question if my switch is fully able to do what I want. It is considered a business class switch.

I will try to get thoes images uploaded using your method or the info the mod sent me.

mj109 · Mar 25, 2018

here is a screen shot of the config pages I have available. Keep in mind I had to factory reset everything so I could have everything working again untill i sort this out. These screenshots may be helpful when suggesting the correct config.

https://imgur.com/a/PiOqW

mj109 · Mar 25, 2018

https://imgur.com/a/PiOqW

bill001g · Mar 26, 2018

You must define network interfaces for all the different vlans on dd-wrt and setup the subnet and stuff. When you enable tagging there will be a option on the vlan menu. There are samples on the dd-wrt site. Its been a while since I used dd-wrt but the messy thing I remember about the trunk ports is how tags work in dd-wrt. What the vlan is called....ie vlan1-15 ...does not have to match the actual tag number. I forget how you set the actual tag value so you can use say "vlan 50".

You have to be some what careful not all routers fully support the vlan, again it has been a while since I looked at this so I am not sure the restrictions on the very new routers.

Like you I just gave up on this and used layer 3 switches to accomplish this. Even then the consumer models I find harder to configure than say HP or cisco....many more examples for commercial switches even though they are command line based config.

The only issue you may see with a layer3 switch solution is that the router still must know that all those subnets exist. You will have to put some static routes into the router so it knows to send data to the switch. You also must make sure it will include those subnets in the NAT. By default consumer routers only nat 1 subnet. I remember I did this stuff with the IPTABLES commands in dd-wrt but they may have added gui by now.

mj109 · Mar 26, 2018

I think your right. the problem I am having is in the router. I tried going the simple route and connected each port on the router to its own vlan on the switch. Then added each port on the router to its own vlan. I then gave WAN access to the vlans in the router that needed it. I stared having all kinds of problems being able to ping various devices that I should have been able to reach in the switch vlans. When i disconnected all but 1 route from the switch to the router, I was able to reach most of the devices with out any config changes. It seems the router was getting confused and did not know how or where to route.

I am assuming that I did not have something configured in the router, but as you pointed out, the gui is making it more challenging. I have been trying t o find examples of how others have done this, but came up empty handed.

Ralston18 · Mar 26, 2018

Curious about the topology involved with your project.

E.g. as a diagram example:

https://networkengineering.stackexchange.com/questions/40331/how-to-configure-vlan

You can find other diagrams/templates that may be closer fits.

My thought is that if you sketch out your concept plan and include all the devices, IP's, subnet masks, etc. then there is a good chance that the issue will become apparent.

Does not need to be an elegant diagram - just enough to convey the required/desired setup and help keep track of it all.

Use the topology to guide your configuration settings GUI or otherwise. Go VLAN by VLAN and once (if) something fails, go back and resolve before proceeding.

Another advantage of having the topology diagram is that you can post the diagram and experts such as billg001 can look at it and immediately spot some inherent issue.

Sometimes the proverbial trees get in the way of the forest.

mj109 · Mar 26, 2018

I can certainly do that. I don’t have all the details here, but I can give you a better idea

In the meantime, do you have any feedback on the equipment I am using?
If I need something different I would like to get that coming,

right now I am using:
Router: Netgear Nighthalk R7000 router
Firmware: DD-WRT v3.0-r33675M k
Switch: Cisco business / Linksys SRW224P

I originally thought that the switch was lacking some functions for my desired config? So I was thinking of getting a L3 switch?
As others have pointed out based on my experience, I m thinking the the router is being difficult?

now I am thinking of getting a router like the edgerouter lite. https://www.ubnt.com/edgemax/edgerouter-lite/ . Although I would probably need 5 port for my application.
Use the netgear r7000 as an AP

in anycase, I am open to changes in config, topology, and equipment. Everything is going to be moving physically and rewired. Of course, there a budget, but its more important that its set right and scalable. There will be future upgrades such as a 2nd AP that may be segregated, security appliance, VPN router?, 2nd switch (non poe).

here is a link to a brief topology (of sorts). There is not much to it since we are only dealing with 3 pieces of equipment. However, it may be easier to visualize what is going on.

https://imgur.com/a/jTNoz

Vlan 20 (Ip Cam)
10.0.1.2/24
No default gateway.

Vlan 30 (streaming)
10.0.2.2/24
g/w: 192.168.1.1

vlan 40 (AP)
10.0.3.2/24
g/w: 192.168.1.1

Vlan 50 (all other devices)
10.0.4.2/24
g/w 192.168.1.1

Server:
Nic 1: 10.0.1.128
g/w: 0.0.0.0
Nic 2: 10.0.4.128
g/w: 192.168.1.1

bill001g · Mar 26, 2018

The gateway ip must be within the subnet. That is what it means....it is the exit point to the subnet. The router needs a IP on each subnet to act as this gateway. It does not work to put a ip the is already outside the subnet as the gateway because the device does not know what mac address to send it.

The router itself may have a default gateway but that would be one learn on the lan port.

Routing between the vlans by default is enabled so you will need to put in traffic filter rules to block it.

mj109 · Mar 26, 2018

Ok. That is what I had thought. I had only done this with separate switches which made it easier.

But what I dont see is a way to assign a static IP to a switch port. I dont even see a way to set any IP for a subnet within the switch. I would think there would be a way to do this if subnetting is supported?

bill001g · Mar 26, 2018

That pretty much is what makes a layer 3 switch different from a layer 2. A layer 2 switch has no concept of IP other than the one it uses for configuration/management.

mj109 · Mar 26, 2018

I dont know why I did not make that connection.
So that is what the problem is. In the past I have had to assign a static IP, so they had layer 3 switches in deployment. at the time I was told they were all layer 2.

so if I provide a static route via the router to a vlan port on the router, should I just assign something from the same subnet as all the other devices on that vlan?

Ralston18 · Mar 26, 2018

Somewhat behind the postings now. However do some research, I found the following link:

https://www.dd-wrt.com/forum/viewtopic.php?t=312045&sid=195e8489de0f7636aebe02d716f32c80

https://www.dd-wrt.com/phpBB2/viewtopic.php?p=163&sid=598c3de4086ba02bd254247ad638a332

Google "ieee 802.1q dd-wrt" and all sorts of interesting things can be found.

Narrow to "Images" for some DD-WRT configuration screens that may prove helpful.

Search

Networking. Setting up vlans

mj109

Ralston18

Ralston18

Titan

mj109

USAFRet

Titan

Ralston18

Titan

mj109

mj109

mj109

bill001g

Titan

mj109

Ralston18

Titan

mj109

bill001g

Titan

mj109

bill001g

Titan

mj109

Ralston18

Titan

TRENDING THREADS

Latest posts

Moderators online

Share this page