Rpi4 + VLAN tagging

Hey guys,

Trying to help my parents out with some network solutions to make it a bit smoother for them.

Currently running a RPI4 with wulfys community build into a switch and out to three EAP245 placed in their house.

Internet works great, there's a problem though. They are using IPTV boxes from their ISP. Apparently the feed only works on VLAN ID 44.

I can work around this and just plug the cable from the IPTV box straight into their fiber box and bypass the network completely. But I want to use SQM because they have been complaining about slow net whenever the TV is on.

Current setup:
Fiber box ->
Into RPI4 dongle ->
Out from network port of RPI4 ->
Dumb switch ->
3 EAP245

I am completely lost with wlan IDs have never set it up or anything, I tried setting up igmp but it didn't sort it out.

I guess first step is buying a managed switch, but is it possible to configure the rpi4 to send VLAN id to different ports on the managed switch?

Like I said complete newbie with these things. Let me know if I need to provide anything more.

You can configure the rpi4 to use multiple VLANs over its interface(s) (plural if you use a second ethernel port otherwise singular), and on a managed switch you can then pipe packets to different ports based on the VLAN tags, but that needs to be configured inside the switch

How would that configuration look like?

I'll go and grab a managed switch tomorrow.

Use eth0.X or eth1.X where X is the VLAN number you want to tag. It works best to not mix tagged and untagged packets, so there should not be a plain eth0 in the config-- tag all the VLANs you're using.

Good idea to start up a wifi AP on the router for logging in so you don't get disconnected while you're configuring Ethernet.

Thanks for the input guys.

I made a topology chart, very quick in paint.


Looking at this how many managed switches do I need? Change both of them to managed?

The AP -> PC is ethernet, EAP245 has a bridged output.

Is GS108E an okay choice? Also read that I could "trunk" it?

If you need to keep your current topology (as in only one physical cable between both switches possible and too difficult to install a second), you would need two managed switches, replacing both existing unmanaged ones (assuming that only your two IPTV systems need this dedicated VLAN, and not all devices connected to the right hand switch).

If you can pull a dedicated ethernet cable between your right hand side IPTV and the left hand switch, you could get sorted with a single managed switch.

Edit:
From a purely hypothetical/ technical point of view, you'd only need a single (smart-)managed switch, taking two tagged VLANs from your RPi and distributing them untagged among its switch ports, e.g.:

  • LAN1, incoming trunk port from your AP
    • VID x (tagged) for the normal LAN
    • VID y (tagged) for your IPTV services)
  • LAN2-5, your normal LAN, untagged
    • you can directly connect your devices or further unmanaged switches here
  • LAN6-7, your IPTV network, untagged
    • you could connect an unmanaged switch to these, if all devices connected there are fine to use the IPTV network (so basically are IPTVs)
  • LAN8, outgoing trunk port (tagged VIDs x and y passed through, to a second managed switch) <-- optional
    • two VLANs on one port, you can only connect a VLAN aware device here (so basically, a managed switch)
    • VID x (tagged) for the normal LAN
    • VID y (tagged) for your IPTV services)

The problems start if your second IPTV is too far away to make a direct connection to LAN7 of your managed switch viable, as in you must re-use the single existing cable between both switches for both VLANs (because your IPTV needs the network on VID y, but NAS/ PLEX need the network on VID x), that would push you into the same problem as with the RPi itself - only one physical ethernet port, but two VLANs to transport (and the only answer to that are managed switches, again).

A 1:1 representation of your current network topology (without pulling a second ethernet cable between both switches) would mean:

  • managed switch (left hand side)
    • LAN1, incoming trunk port from your RPi
      • VID x (tagged) for the normal LAN
      • VID y (tagged) for your IPTV services
    • LAN2-6, your normal LAN, untagged
      • you can directly connect your devices or further unmanaged switches here
    • LAN7, your left hand IPTV, untagged
      • you could connect an unmanaged switch to these, if all devices connected there are fine to use the IPTV network (so basically are IPTVs)
    • LAN8, outgoing trunk port (tagged VIDs x and y passed through, to a second managed switch)
      • two VLANs on one port, you can only connect a VLAN aware device here (so basically, a managed switch)
  • managed switch (right hand side)
    • LAN1, incoming trunk port from your right hand side switch (tagged)
      • VID x (tagged) for the normal LAN
      • VID y (tagged) for your IPTV services
    • LAN2, your right hand IPTV, untagged
    • LAN3-8, your normal LAN, untagged
      • left hand AP
      • NAS
      • plex

Thanks for the input, unfortunately I can't change the cables. So I bought two managed switches. I am quite lost how I would configure the Rpi in LuCi though to make it work.

Do I need two WAN interfaces?

That depends on the requirements of your ISP.

AFAIK (never used IPTV myself), it usually works via a second VLAN - so you have to bridge (e.g.) wan.8 with the switch ports of your IPTV receiver (let the traffic pass through router, switches to the devices using it), but there are different implementations and ISPs are slowly moving away from different VLANs for voice, internet and IPTV.