One broadband, two LANs ...

Greetings!

I want to use one broadband with two LANs without each LAN knowing about the other. Looks like VLAN is the ticket? I found this thread http://forum.notebookreview.com/networking-wireless/556532-subdividing-network-while-sharing-internet-connection.html & have a little more specific questions.

I found this managed switch Amazon.com: Cisco SG 300-10 (SRW2008-K9-NA) 10-Port Gigabit Managed Switch: Electronics and am wondering if this configured with 2 x VLAN ports & placed downstream from broadband modem will do the trick? Also can I just put another router that has SPI firewall between the modem & this managed switch? If so then which device handles DHCP to make sure resources on both VLAN can get out yet not know each other's existence?

FYI, just want to share broadband from home & SOHO side but keep it logically separated.

Thank you for your input
Rob

 

Your understanding in VLAN concept is correct. The switch that you are looking can use VLAN, but you need either router or multilayer switch that can route between the VLAN. I don't know what consumer switch has capability to do that. Enterprise switch is kind of pricey, but I will do what you are asking for.

 

A managed Smart Switch can do what your trying to do. But you will still need something (router) to handle the DHCP function. With that said look at Business Class routers that support dual 2 ISP connections, like the Netgear FVS 336G . This is a WIRED only GigE router with VPN endpoint support. This can allow users to login to the network remotely and have full access to every thing on the network. They offer load balancing, rollover or as backup. Now this does not segregate the end users if this is one of your task. That can still be done with vlans since the router supports VLANS too.

I have an older (10+yrs) FVS338 that keeps on trucking no matter how hard I hammer it. Solid as a rock. The only thing I do is keep current on firmware updates. That is the only time it is rebooted.

 

Thank you Merlin & Blue.

Okay, I'm an id1ot - so this is not a layer 3 switch - just a managed layer 2? I thought I finally found an affordable stuff

I'll look into the FVS336G tonight - thank you for the tip.

I'm also thinking if I'm making this too difficult by trying to do it right by laying the right foundation. Since my goal for this is to keep my home & SOHO separate, I'm wondering if I should go the route of a wireless router that has a vlan-like ability to assign a "guest" SSID & also the ability to assign an ethernet port to the same "guest" vlan? If I can get one port & wifi for "guest" then I can do the same and hang another dumb gigabit switch for the SOHO side (SOHO side is only wired device anyways).

Well first thing first - going to check the FVS336G tonight

Thank you!
Rob

 

Yes, that Cisco switch is layer 2 manage switch. I don't know about FVS336G, so blue should be able to answer your question. VLAN is practically just subnet.

From what I understand, the wireless router that you are talking about will assign different SSIDs, but they will be on the same subnet (VLAN).

 

If your set on keeping the networks totally independent you are going to have seperate networks to make it easy. Now if you need to mix between the 2 you can have the routers exchange info using RIP. The Netgear router supports vlan plus a lot of features not on residential routers. I have/use vlan to keep my sons hardware total isolated from mine.

 

@Merlin: Thank you Yes, I was misunderstanding how the 'guest' networks are implemented. Just today I saw it work on E4200 @ my friend's house.

@Blue: Yes, I believe you are right - I will go for separating the two to lay the foundation of separation. I looked at FVS336G specs on the Netgear site & read reviews on newegg. Since it does RIP(?) & has uplink to broadband (the 2nd uplink can be for future load-bal or failover) I can just get this one box, set vlans tags on ports (home, office), and that is it? Or am I missing another layer? Thank you for your input.

Rob

 

You got it. The business class routers have a lot of features. I use reserve IP a lot. This keeps me away from static IP but keep all of my network printers and serves on their same IP just like static.

Another thing I do is setup groups. The def group does not have internet access. So if someone just connects they have no internet access. I separate my hardware from pc's. This is handy if your working on a infected pc, it's isolated from your hardware.

fyi. If the firmware def is like the FVS338 model the FW blocks all access.

 

Thank you Blue! I d/l all the support documents fvs336G & will go through them this weekend. About $200 for a device that I can do what I set out to do, share one broadband with two vlans, is awesome ... and with firewall to boot.

Rob

 

Blue,

If I can pick your brains a little more as I got a head start reading the manuals of FVS336G.

Is the VLAN functionality of FVS336G what they call "LAN Groups"? Or is it what they call "LAN multihoming"? The latter seems (I may be wrong) to be able to assign a different subnet and/or a different non-routable IP scheme (eg. 192.168.1.x for home on port 1 while 10.0.0.x for SOHO port 2).

Thank you for your advice!

Rob

 

Vlans are the Lan multihome. Lan groupes are great. I use it all the time with reserved IP's, tied to MAC address of the hardware. The way I use it is the def groups is guest. This group has a FW setting that restrict internet access. I disable it when needed. I have a group for all my hardware which also have no outside contact with the world. Then I have my pc w/access, Servers w/ftp .... The firewall is probably a little more advanced than you have worked with before. This being a SMB class router it has a lot of advanced features, very powerful.

 

Blue,

Hope you had a good weekend - sorry for the late reply. Birthday parties to attend and didn't get much done for myself. Thank you for sharing how you use the lan multihome & def groups.

Of the little time I had over the weekend I flirted with the idea of Cisco's RV series. I remembered about the smallnetbuilder forum that is ref'd a lot here and the prices are not bad comparatively. Although it doesn't have the dual WAN this seems like a nice pricepoint: Newegg.com - Cisco Small Business RV180-K9-NA RV180 VPN Router 1 x 10/100/1000Mbps WAN Ports 4 x 10/100/1000Mbps LAN Ports.

Looks like I have homework to do as I still need to read the docs I d/l from netgear and cisco. One thing I don't want is analysis-paralysis so hopefully I can move on something this week.

Thank you.
Rob