Help with VLAN

I suppose non of my switched are managed they are both classed as smart semi managed tp-link gigabit 8-port switch tl-sg108e

Sent from my SM-A500FU using Computer Forums mobile app

At the moment only guest WIFI needs to be secured no need for guest ethernet at the moment and there is a switch in my server cabinet with a single cable in port one running to port 1 on crap router and from. There there is another cable connected to router port 2 connected to a second switch downstaris
 
OK, perhaps I should explain a little better.

what you are doing, having a logically separate network for guest traffic is good, but as your router doesn't understand that, then at some point you need a gateway between the two networks.

you could set the "trunk" port back to the switch in the "dumb" hub from your "smart" switch to have a Native VLAN of VLAN2.

note that by default VLAN1 is used in trunks, and VLAN1 is not tagged, (so any untagged traffic on a default trunk is determined to be on VLAN1.)

so what you can do it tell your switch to use VLAN2 as the native VLAN on the trunk, now it won't tag the VLAN 2 packets on the trunk and your "dumb" router will understand that (since there are no tags that need to be understood!)

(of course what that means is that all your VLAN2 traffic is untagged by the time it gets to your router, and all the untagged traffic from the router (including guest stuff) when traversing that trunk, all the untagged/native traffic will be tagged as VLAN 2 at the switch end...) - so you're removing all the segregation introduced by the different VLANs...


Basically either you need to have a firewall that supports different VLANS. - this means that you have a firewall that can setup "virtual interfaces" so whilst there is only one physical network port, on the inside you can create sub interfaces and say that one is for traffic tagged on VLAN2, that other is for traffic on VLAN1... or some other kind of device to act as a gateway on your "secure" VLAN, so that you can keep the segregation.


so... your choices are really...
Get a better router that does understand VLANs (that may be expensive)
Get a switch that is capable of acting as a gateway (A layer 3 switch)(again expensive)
Get an old cable modem/router (one with a network port on the LAN side and a network port on the LAN side) attach the "wan" side to your "dumb" router, and attach the "LAN" side to the network you want to secure.

Then you can have guest wireless on the "Dumb" hub.
you can have guest wired/DMZ servers etc setup on the network ports of the "dumb" ISP router.

your second router just provides a firewall (set the external address of that router) to be on the "guest network" and set a new range on the inside that is your secure network.

-this would also allow you to setup QOS on your ISP device (if available) to prefer the wired network (where all your secure devices are on the Wired network, and since you have your "secured wifi on either that second router or using the AP on the secured network by the time that gets to your ISP router, that looks like wired as well and is preferred over the wifi shared from the ISP device (guest).
 
You must log in or register to reply here.

Similar threads

U
Network problem at home in 5GH - on the computer
Replies
1
Views
851
tehnokraat
T
S
Home network dropping
Replies
0
Views
748
Spud5437
S
M
How to control Siemens LOGO PLC through mobile network (4G, 5G...)?
Replies
1
Views
936
Antonio Turner
A
M
How to couple Desktop Gaming PC to Laptop for Streaming?
Replies
0
Views
530
motaro38
M
Z
Second router as an Access Point can it be used as switch ?
Replies
3
Views
917
tommyboy123x
T
Back
Top Bottom