Advice for setting up network (separate home/guest/iot)

Hi!

My first post here, I seek your guidance on setting up my home network the best way (new home owner).

I'm fairly new to networking but don't mind spending time learning/tinkering, I love learning new things!

This time I've hit a barrier and there are many new things to learn at once (and have had to reset/reinstall OpenWrt making mistakes :)) so I thought I could ask for guidance from more experienced people.

What I want to achieve

• 3 separate networks (home, guest, iot), both wired and wireless devices
• Have the Netgear switch power the AC1200, cameras, and other future devices through PoE
• A good stable base to build upon before adding many more devices

Devices in use

• Ubiquiti EdgeRouter X (OpenWrt 21.02.2 r16495-bf0c965af0)
• 2 x Ubiquiti Unifi AC1200 (OpenWrt 21.02.1 r16325-88151b8303)
• Netgear GS116PP Switch (unmanaged)

Current setup

• EdgeRouter X connected to modem on eth0
  • Netgear GS116PP Switch connected to EdgeRouter X on eth1
    • Unifi AC1200 connected to Netgear GS116PP (first floor) with one 5GHz wireless network
    • Unifi AC1200 connected to Netgear GS116PP (second floor) with the same network as above
    • Other devices connected to the switch (cameras, RaspberryPi, thermostat gateway etc.)

What works

• Internet access through wired and wireless work great as it is, there's just no separation setup between home/guest/iot devices.

What I have tried (and failed)

• Followed setup from OneMarcFifty: VLANs in OpenWrt 21 (https://www.youtube.com/watch?v=qeuZqRqH-ug) for the EdgeRouter X. Couldn't get the guest and iot VLANs to have internet access. Got a bit frustrated, changed stuff I shouldn't have and managed to lock myself out (removed an untagged port that allowed wired access to router). Had to reinstall OpenWrt so I'm a bit more careful changing stuff right now (and not make changes when frustrated/tired :))

Things I've read/watched and questions/thoughts

• Multiple forum posts with the same setup I'm after, but I don't think I'm knowledgeable enough yet to discern what changes would make a difference for me.
• I bought the Netgear switch before learning about 801.2q and don't see support for it mentioned anywhere so I suspect that might be an issue?
• https://openwrt.org/docs/guide-user/network/dsa/dsa-mini-tutorial, could possibly work with 2. Multiple bridged networks but then I would probably have to buy another switch, e.g. https://www.tp-link.com/baltic/business-networking/omada-sdn-switch/tl-sg105pe/ and connect to eth2 for instance?
• OneMarcFifty: VLANs in OpenWrt 21 https://www.youtube.com/watch?v=qeuZqRqH-ug

Current router config

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option packet_steering '1'
        option ula_prefix 'fdac:59b2:10ee::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth1'
        list ports 'eth2'
        list ports 'eth3'
        list ports 'eth4'

config interface 'lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option device 'br-lan'

config interface 'wan'
        option device 'eth0'
        option proto 'dhcp'

config interface 'wan6'
        option device 'eth0'
        option proto 'dhcpv6'

How would you set this up in the best way?

I'm open for all kinds of suggestions. Links to reading material is also appreciated.

This could be a problem. You need a managed switch to do this properly. While some unmanaged switches will pass tagged VLANs without issue, others may choke on the tags or cause all sorts of network issues. Beyond that, you need a managed switch to set per-port vlan memberships.

Start by replacing your switch and then you can work on the test.

Also, I’d recommend avoiding the tp-link TL1xxE series devices - they have several implementation flaws that are really annoying. There are similar issues with some of the netgear entry level managed switches. Go with one that is one or two tiers up from entry level. Since you’re looking for vlan capability and poe, you could get a larger switch that does all of the above. I have a T1600G-28PS and it works really well.

Thanks @psherman! I've sent back the Netgear and ordered a TL-SG2428P instead. It seems to be the successor to the T1600G-28PS which is not available here in Sweden.

I'll try it out and report my findings here.

Hello @fatlock,

I'm just curious here if you succeeded with TP-LINK SG-2428P?

I am planning the similar configuration, please share your findings if any.
As I did not order the switch yet, could you please advise if port-based VLAN setting is available there?
I mean setting the VLAN tag requirements and embedding into packets directed to / emerged from a particular physical Gig-Ethernet port number.
I do not see this feature being listed in its datasheet (although it is documented explicitly for lower-end model, SG-1218MPE).

Thanks in advance!
Regards,
Viktor

Hey @viktor!

Sorry for the late reply. I had ordered, received and installed the TP Link but not really tinkered with it until recently. It's a very capable switch so I'm pretty sure what you're asking is possible. I'm still a beginner in networking though so it's probably best to double check somewhere else.

@psherman I got it working now! What made it click for me in the end was this YT playlist https://youtube.com/playlist?list=PLSNNzog5eydurp2zcB4xs6gdeeVW3cMOW

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.