Hey guys. Any advice is much appreciated. I would like to thank you in advance for reading this post.
I have a Nanopi R4s as my main router which is connected to an unmanaged switch ( not archer c7). I have 3 unifi access points throughout my house with the same wifi SSID connected to the unmanaged switch (not archer c7). I have about 5 wifi ip cameras which are connected to the access points.
How do I create a VLAN to separate the IOT traffic for these wifi devices ?
The devices can have outbound internet access but I do not want them to communicate with my laptop , etc.
I have a spare archer c7 that I can flash open wrt on and turn it into a switch.
I was reading this post and it may be possible but since I am a newb to VLANs , I would like to break the topic down a bit.
Also I am not sure if I need to buy a usg gateway from ubiquiti. ( I would prefer not to if possible)
@pavelgl when you have a moment , I would greatly appreciate your insight.
You need to have a managed switch if you want to use VLANs. The behavior of 802.1q tagged ethernet frames (i.e. VLANs) is not defined for unmanaged switches. In some cases unmanaged switches may work just fine, but in other cases it could cause problems. Therefore, to do it correctly, you should use managed switches anytime that VLANs are in use, and keep unmanaged switches purely for situations where there is only one network.
This can serve as a managed switch. Obviously it does not have PoE, so it's not going to power your AP. However, you can use a PoE injector between the C7 and the AP.
It's generally fairly straight forward, but it is useful to see your configuration to start.
Also, before we dig into details, can you provide a network topology diagram so we can see how you want this to look when you're done. Please include all infrastructure devices including switches and APs, along with the port numbers for the connections and the brand/model for each device.
You should not attempt to run VLANs until you replace your current switches with managed ones. While you're at it, you could consider a larger capactiy switch (say 16 ports) if your two switches are currently close to each other and/or you might want to get ones that support PoE.
That said, the process for creating VLANs on your NanoPi should be pretty straightforward.
If you look at the used markets, the ZyXEL gs1900 series is a good (and cheap) option, with models ranging from 8-52 ports (with- and without PoE). The OEM firmware isn't too bad - and OpenWrt support also exists for most of them.
Stay away from the entry level TP-Link and Netgear managed switches. The next level up for these brands are fine, but the cheap models have some poor management and configuration implementations.
When I talked about avoiding the entry level products, I was referring to the TP-Link smart/managed switches (which they for some reason call "unmanaged pro" or something like that). Specifically the TL-SG1xxE series (or the PE if you're looking at PoE switches) -- these are terrible. I regret having ever purchased them (except insofar as I know to tell people to stay away!). OTOH, I've been really happy with products like the T1600G-28PS from TP-Link, although it doesn't have the option to run OpenWrt.
The C7 you're talking about is an all-in-one wifi router... you can install OpenWrt on it and then use it as a managed switch + AP if you want, and it'll work just fine. The hardware is fine -- probably not entry level, but not amazing, either. But for the purposes of a switch (and/or dumb AP), it's totally adequate for the job (when running OpenWrt).