Advice Please: Simple Guest LAN Using ER-X

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › Advice Please: Simple Guest LAN Using ER-X

Apteryxc6

5 posts

Wannabe Geek
+1 received by user: 1

#280263 4-Dec-2020 19:58

Many hours of reading leaves me more confused..!

We’re in a rural area, no fibre for ages, using VF VDSL, but it’s OK – Ping 37, Down 44, Up15. Have a separate small rental studio that shares the VDSL connection that needs to be isolated with a Guest LAN.

The studio is connected using a TP-Link AV500 Powerline Add on Extender that works fine.

Currently just using the VF Ultra hub, basic TP-Link 8 port switch that connects to the in-house Powerline adapter plus a workstation, AppleTV and a TP-Link Omada EAP 225 that I’m just fiddling with prior to replacing the VF Ultra Hub.

As a preparatory move for the Guest LAN I’ve managed to set up an ER-X (many thanks to michaelmurfy tutorial!) bridged to a Vigor V130 and it tests OK insofar as can get a working internet connection.

Question: Do I have to get a ‘managed’ switch to set up a VLAN properly or is there a simpler way?

Directions/pointers gratefully received.

mentalinc

3384 posts

Uber Geek
+1 received by user: 1023

Trusted

#2616474 4-Dec-2020 21:01

Put them on different interfaces and subnets and then make sure your home and guest networks are firewalled from each other, or most basic but not ideal is not routable.

CPU: AMD 5900x | RAM: GSKILL Trident Z Neo RGB F4-3600C16D-32GTZNC-32-GB | MB: Asus X570-E | GFX: EVGA FTW3 Ultra RTX 3080Ti| Monitor: LG 27GL850-B 2560x1440

Quic: https://account.quic.nz/refer/473833 R473833EQKIBX

fe31nz

1294 posts

Uber Geek
+1 received by user: 423

#2616509 5-Dec-2020 01:25

An ER-X has a managed switch which runs its eth1-3 ports. The ER-X CPU and routing hardware has only two Ethernet ports. Eth0 is one of them, and should always be used as the WAN port. The other CPU Ethernet port is connected to the managed switch alongside the eth1-3 external Ethernet ports. You use the VLAN settings of the managed switch to set up the ports so that they can be on the same or different VLANs for whatever network you are designing. So if you are not already using all the ER-X switch ports, you just need to set up one of them for the rental studio connection that is on a separate VLAN from the CPU switch port and is firewalled so that it can not access any of the other ports except the WAN port. And your network connected to the other ethx port(s) should be firewalled so that it has no access to the rental studio connection.

So a suggested setup would be:

eth0 = WAN

eth1 = your home network, VLAN 100 - connected to your switch

eth2 = unused?, your home network, VLAN 100 - could be used to connect something directly to the ER-X instead of to your switch

eth3 = VLAN 101 - connected to the rental studio

In your firewall, VLAN 100 and VLAN 101 should not be able to talk to each other, but both should talk to WAN.

The ER-X switch setup would have:

CPU switch port: VLAN 100 and VLAN 101 both passing through unchanged (no VLAN tags added or deleted).

eth1 switch port: VLAN 100, VLAN tag removed

eth2 switch port: VLAN 100, VLAN tag removed

eth3 switch port: VLAN 101, VLAN tag removed

Apteryxc6

5 posts

Wannabe Geek
+1 received by user: 1

#2616675 5-Dec-2020 14:30

mentalinc

fe31nz

Exactly what I was seeking, thank you for the way-forward pointers.Learning cap back on!