Go Back   Computer Forums > General Computing > Networking | DNS
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 01-13-2017, 11:32 AM   #11
In Runtime
 
Join Date: Jun 2015
Location: England
Posts: 211
Default Re: Help with VLAN

I suppose non of my switched are managed they are both classed as smart semi managed tp-link gigabit 8-port switch tl-sg108e

Sent from my SM-A500FU using Computer Forums mobile app

At the moment only guest WIFI needs to be secured no need for guest ethernet at the moment and there is a switch in my server cabinet with a single cable in port one running to port 1 on crap router and from. There there is another cable connected to router port 2 connected to a second switch downstaris
__________________

Sharpy is offline   Reply With Quote
Old 01-18-2017, 06:27 AM   #12
Site Team
 
root's Avatar
 
Join Date: Mar 2004
Posts: 8,006
Default Re: Help with VLAN

OK, perhaps I should explain a little better.

what you are doing, having a logically separate network for guest traffic is good, but as your router doesn't understand that, then at some point you need a gateway between the two networks.

you could set the "trunk" port back to the switch in the "dumb" hub from your "smart" switch to have a Native VLAN of VLAN2.

note that by default VLAN1 is used in trunks, and VLAN1 is not tagged, (so any untagged traffic on a default trunk is determined to be on VLAN1.)

so what you can do it tell your switch to use VLAN2 as the native VLAN on the trunk, now it won't tag the VLAN 2 packets on the trunk and your "dumb" router will understand that (since there are no tags that need to be understood!)

(of course what that means is that all your VLAN2 traffic is untagged by the time it gets to your router, and all the untagged traffic from the router (including guest stuff) when traversing that trunk, all the untagged/native traffic will be tagged as VLAN 2 at the switch end...) - so you're removing all the segregation introduced by the different VLANs...


Basically either you need to have a firewall that supports different VLANS. - this means that you have a firewall that can setup "virtual interfaces" so whilst there is only one physical network port, on the inside you can create sub interfaces and say that one is for traffic tagged on VLAN2, that other is for traffic on VLAN1... or some other kind of device to act as a gateway on your "secure" VLAN, so that you can keep the segregation.


so... your choices are really...
Get a better router that does understand VLANs (that may be expensive)
Get a switch that is capable of acting as a gateway (A layer 3 switch)(again expensive)
Get an old cable modem/router (one with a network port on the LAN side and a network port on the LAN side) attach the "wan" side to your "dumb" router, and attach the "LAN" side to the network you want to secure.

Then you can have guest wireless on the "Dumb" hub.
you can have guest wired/DMZ servers etc setup on the network ports of the "dumb" ISP router.

your second router just provides a firewall (set the external address of that router) to be on the "guest network" and set a new range on the inside that is your secure network.

-this would also allow you to setup QOS on your ISP device (if available) to prefer the wired network (where all your secure devices are on the Wired network, and since you have your "secured wifi on either that second router or using the AP on the secured network by the time that gets to your ISP router, that looks like wired as well and is preferred over the wifi shared from the ISP device (guest).
__________________

__________________
I didn’t fight my way to the top of the food chain to be a vegetarian…
Im sick of people saying 'dont waste paper'. If trees wanted to live, they'd all carry guns.
"The inherent vice of capitalism is the unequal sharing of blessings; The inherent vice of socialism is the equal sharing of miseries."
root is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 11:10 AM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0