Nanopi r4s, archer c7, and unifi access point - need vlan for IOT wifi devices

Hey guys. Any advice is much appreciated. I would like to thank you in advance for reading this post.

I have a Nanopi R4s as my main router which is connected to an unmanaged switch ( not archer c7). I have 3 unifi access points throughout my house with the same wifi SSID connected to the unmanaged switch (not archer c7). I have about 5 wifi ip cameras which are connected to the access points.

How do I create a VLAN to separate the IOT traffic for these wifi devices ?

The devices can have outbound internet access but I do not want them to communicate with my laptop , etc.

I have a spare archer c7 that I can flash open wrt on and turn it into a switch.

I was reading this post and it may be possible but since I am a newb to VLANs , I would like to break the topic down a bit.

Also I am not sure if I need to buy a usg gateway from ubiquiti. ( I would prefer not to if possible)

@pavelgl when you have a moment , I would greatly appreciate your insight.

No, it is not necessary for you to use a USG.

You need to have a managed switch if you want to use VLANs. The behavior of 802.1q tagged ethernet frames (i.e. VLANs) is not defined for unmanaged switches. In some cases unmanaged switches may work just fine, but in other cases it could cause problems. Therefore, to do it correctly, you should use managed switches anytime that VLANs are in use, and keep unmanaged switches purely for situations where there is only one network.

This can serve as a managed switch. Obviously it does not have PoE, so it's not going to power your AP. However, you can use a PoE injector between the C7 and the AP.

It's generally fairly straight forward, but it is useful to see your configuration to start.

Also, before we dig into details, can you provide a network topology diagram so we can see how you want this to look when you're done. Please include all infrastructure devices including switches and APs, along with the port numbers for the connections and the brand/model for each device.

1 Like

I have attached a network topology diagram of my current setup.

Note that AP3 (Access Point 3) is connected to Switch 2 in the diagram.

NanoPi R4S has OpenWRT 21.02 installed [https://github.com/anaelorlinski/OpenWrt-NanoPi-R2S-R4S-Builds/releases/tag/OpenWrtAO-21.02-20220501](https://OpenWrt 21.02 2022.05.01)

I am not sure what port the NVR uses, maybe 9000 (Same as the wifi cameras)

I have included some of the wifi devices in the diagram but not all of them.

All the wifi devices connect to the main wifi network. There is no seperate wifi for the IOT devices.

I am currently not using the TP-Link AC1750 Archer C7.

However, I just flashed OpenWRT 22.03.5 on TP-Link AC1750 Archer C7.

The 2 wifi-ip camera's usually connect to AP3 as that is the nearest access point.

I have a ring doorbell that usually connects to AP1.

You should not attempt to run VLANs until you replace your current switches with managed ones. While you're at it, you could consider a larger capactiy switch (say 16 ports) if your two switches are currently close to each other and/or you might want to get ones that support PoE.

That said, the process for creating VLANs on your NanoPi should be pretty straightforward.

What brand and model managed switches would you recommend that are reasonably priced?

However, I do have 2 TP-Link AC1750 Archer C7 with both OpenWRT 22.03.5. Might be able to use these as switches.

I do not want roaming from my wifi devices via the Unifi AP's to be affected. (Not sure if this will happen)

If you look at the used markets, the ZyXEL gs1900 series is a good (and cheap) option, with models ranging from 8-52 ports (with- and without PoE). The OEM firmware isn't too bad - and OpenWrt support also exists for most of them.

1 Like

Stay away from the entry level TP-Link and Netgear managed switches. The next level up for these brands are fine, but the cheap models have some poor management and configuration implementations.

@slh suggested some good products, too.

Yes, you can.

Roaming will not be affected (as long as everything is properly configured).

1 Like

@slh Thank you for the recommendation.

@psherman Thank you for the thorough explanation.

Would you consider the TP-Link AC1750 Archer C7 as an entry level product?

When I talked about avoiding the entry level products, I was referring to the TP-Link smart/managed switches (which they for some reason call "unmanaged pro" or something like that). Specifically the TL-SG1xxE series (or the PE if you're looking at PoE switches) -- these are terrible. I regret having ever purchased them (except insofar as I know to tell people to stay away!). OTOH, I've been really happy with products like the T1600G-28PS from TP-Link, although it doesn't have the option to run OpenWrt.

The C7 you're talking about is an all-in-one wifi router... you can install OpenWrt on it and then use it as a managed switch + AP if you want, and it'll work just fine. The hardware is fine -- probably not entry level, but not amazing, either. But for the purposes of a switch (and/or dumb AP), it's totally adequate for the job (when running OpenWrt).

1 Like