Home VLAN setup

Hardware Hub Networking
1

So I am trying to redo my home network and I want to isolate IOT devices from the rest of my network. I would really appreciate some help with this. I watched a bunch of videos on Vlans but still cannot configure this how I want.

image
image931×823 44.7 KB

This is what I am trying to achieve, but it’s just doesn’t seem to work. (Ignore Second wifi AP for now)

My main router is Synology MR2200AC.
It has two VLANs configured. One is Vlan 1 and Another is VLAN 30 for IOT. When I connect to that router’s IOT wifi all works fine. VLAN 30 has 10.0.0.0/24 ip range. Problems start when I try to configure my Netgear GS108T.

image
image1553×965 62.6 KB

(Guest network = IOT = VLAN30, Primary = VLAN 1) This is Synology Router configuration.

My managed switch has 8 ports. Port 1 is uplink to Synology MR2200AC, Port 2 is a port that I want to set to VLAN 1 and VLAN30. (trunk port) I want to passthrough the VLAN 1 and 30 down to my 2nd router(Wifi AP in the diagram).

image
Vlans on Managed Switch.

image
image2468×484 73.4 KB

Port 1 set to “tagged” port 2 set to “untagged”

I want wifi AP to separate vlan 1 to main network, VLAN 30 to IOT wifi hotspot on that AP. (Ignore Second wifi AP for now)

image
image1391×412 25 KB

Wifi AP is running FreshTomato. Vlan 30 physical “wan” port is set to “tagged”, but everything is just bridged so there is no NAT situation here.

What am I doing wrong here?

2

From the screenshot you’ve got port 2 untagged on 1 and 30, so it’s not going to work unless you change the PVID on port 2 to 30. I suggest removing port 2 from VLAN1 completely and make sure the PVID is set to 30.

Hope that helps.

2 Likes
3

Removing port 2 from VLAN1 wouldn’t it mean I will not get 192.168.0.0/24 on my Wifi AP then ? I would like to have Vlan 1 and Vlan 30 accessible at all routing devices so that I can then have main Wifi and Isolated Wifi.

I am still not 100% sure about what PVID does.

4

Port 2 and 3 (the ones connected to your APs) need to be untagged VLAn1 and their PVID set to 1, otherwise your access points will not be able to use VLAN 1 at all, as they will probably support additional tagged VLANs but need their main interface to be configured using an untagged VLAN.
PVID sets the default VLAN id for a switch port when the client devices do not use tagging when sending traffic over …

You set VLAN 1 to untagged, this means the switch expects the WLAN APS to send tagged traffic on VLAN1, and they probably are not doing that … hence VLAN30 works and 1 does not …

2 Likes
5

Ok I think I figured it out.

All I changed was:

image
image1087×371 47.3 KB

So now both port 1 and port 2 are set to “Tagged” for Vlan 10 (old vlan 30)

My Vlan 30 is now purely for Guest network that is in full isolation but has internet access. And my IOT network has internet access but doesn’t have isolation.

I might post a full step by step on how to reproduce my setup, but no promises.

Thank you for your help guys.

2 Likes