You haven't mentioned your WAN speed (nor if QoS/ SQM is needed), which is an essential figure for giving advice. But from that list (and beyond), the r7800 would be in the lead by far - top wlan, no problems with VLANs (although you probably want a managed switch in addition), good for up to 450-550 WAN speed (topping out around 600-650 MBit/s), less if SQM is a requirement.
The WAN speed is currently 300Mbps, but my ISP provides an extra option that gives me 1Gbps which I might consider buying in the future.
QoS isn't that important for me, but SQM might be worth checking out once I have set up the new router.
Is the r7800 significantly different from the WNDR3800 in regards to speed/stability?
I currently use the WNDR3800 as my main router, but it's getting old hence my search for a replacement router.
I went for the R7800 and it arrived yesterday.
Now I want to configure the VLANs similar to how I configured them on my WNDR3800, however this r7800 has an extra CPU and WAN port and it's unclear to me how I should configure the switch in this case.
I understand the R7800 is a dual-core router, which explains the extra cpu, but I have no idea how it fits in the VLAN design. Can/should it be tagged, untagged or off because I already tag cpu0 (cfr screenshot of vlan design on WNDR3800)?
And what about the WAN port? What is this port for (as it was not available on the WNDR3800) and how should I configure it for the VLANs? Tag, untag or off?
The design is like this (4 separate VLANs):
LAN: 192.168.1.1/24
OFFICE1: 192.168.2.1/24
OFFICE2: 192.168.3.1/24
GUEST: 192.168.5.1/24
Each VLAN should have access to LAN as well as the internet, but OFFICE1, OFFICE2 and GUEST should not be accessible from other VLANs (which is achieved by configuring the necessary firewall zones)
So any advice regarding the cpu1 and WAN port configuration is greatly appreciated.
I added 2 screenshots: 1 of the old WNDR3800 with correctly configured VLANs and one of the new R7800 with default VLANs.
Ignore CPU (eth1) and WAN (unless you actually want to change the mappings for WAN).
LAN1-4 are wired up to CPU (eth0) and you can follow your WNDR3800 examples.
--
Yes, technically eth0 and eth1 could be assigned freely, but this doesn't really help you here and would complicate the situation (there are also implicit assumptions, like early boot leakage).
First of all, your WAN VLAN configuration is still broken (both VID 1 and VID 2); I think you'd be well advised to do a factory reset (firstboot) to get back to functional defaults and start over from there.
Correct.
I don't understand how you come to that conclusion, it's incorrect.
Well, I haven't committed the changes yet, so no need to do a factory reset I guess.
The below screenshot shows the original configuration of the VLANs + extra VLANs added for the setup I need. But as you can see, this causes conflicts with the untagging for VID 1
By default, VID 2 connects eth0 (tagged) and WAN (untagged), unless you need VLANs (or VLAN tagging) over the WAN port (beyond the default), it's best to leave them alone. In other words, eth0.2 should only be used for WAN.
eth1 and LAN 1-4 are free to use, by keeping eth1 tagged and tagging/ untagging the LAN ports are necessary.
Right, so if I remove VID1 alltogether, then I have the correct setup?
VID 2 for WAN and VID 3-6 for the internal VLANs. Is that correct?
If not, then what do I have to change in the last screenshot to get a working WAN with the 4 VLANs I need?
Yeah sure, I'll need firewall rules and zone forwarding and such, as I mentioned in my initial post.
But my main concern is currently regarding the configuration of the switch because I never worked with a multi-core router before.
If you approach it in a simple way, eth0 and WAN are married together (that isn't strictly true, but see caveats above), completely ignore (leave them as they are) them from your configuration. What you end up with are eth1 and lan1-4, you can configure them just like you did before on your previous router (only caveat, VIDs mustn't overlap between eth0/ WAN (so VID 2 is taken) and eth1/ LAN1-4).
