| View previous topic :: View next topic |
| Author |
Message |
pjp
Administrator
Joined: 16 Apr 2002
Posts: 20380
|
 Posted: Thu Sep 19, 2024 4:31 am Post subject: New hardware VLAN questions |
 |
|
I need to replace my wifi switch / router.
What I'd like to do is use another downstream switch with two VLANs. 1 general use, and 1 for tftp booting or similar.
I've never used a "plug-and-play network extender" switch, but I presume they would only be able to do what the upstream wifi router told that specific port to do. I'm also guessing 1 port can handle only one VLAN?
To clarify RTR1 (wifi) provides a VLAN on port 1 to which RTR2 (PNP net extender) is connected.
What kind of switch would RTR2 need to be to handle at least 2 VLANs. I presume it could not be one of the "network extender" varieties, but I don't know what to look for.
The TP-Link BE3600 lists "Tag VLAN", but I'm anticipating that it is RTR2 which should handle the VLANs.
On the wifi side, how useful are the 6 & 5GHz bands? The BE9300 has both, and there seems to be a natural emphasis on "total" bandwidth, but it believe I've read of at least 5GHz not being that reliable.
The BE series probably aren't worth it as I have no immediate need for 2.5Gbps ports, but they're on the upper end of what I'd consider for low-end broadband internet. Aside from a One-Device-To-Rule-Them-All solution that wasn't enterprise priced.
_________________
Quis separabit? Quo animo? |
|
| Back to top |
|
 |
Ralphred
Guru
Joined: 31 Dec 2013
Posts: 570
|
| Posted: Thu Sep 19, 2024 1:17 pm Post subject: Re: New hardware VLAN questions |
|
|
| pjp wrote: | What I'd like to do is use another downstream switch with two VLANs. 1 general use, and 1 for tftp booting or similar.
I've never used a "plug-and-play network extender" switch, but I presume they would only be able to do what the upstream wifi router told that specific port to do. I'm also guessing 1 port can handle only one VLAN |
When you get into the realm of VLAN aware switches it's not "what the upstream wifi router told that specific port to do" but what you configured that port to do.
| pjp wrote: | | What kind of switch would RTR2 need to be to handle at least 2 VLANs. I presume it could not be one of the "network extender" varieties, but I don't know what to look for. |
Just a "managed" switch, sometimes referred to as "layer 3", but not necessarily.
| pjp wrote: | | The TP-Link BE3600 lists "Tag VLAN", but I'm anticipating that it is RTR2 which should handle the VLANs. |
In this use case, possibly, it depends how many LAN ports you need, if it's more than 4 in total then you are better off just getting a managed switch downstream of your router.
The problem is that it's become ubiquitous amongst the average user to think of a router as something that is a modem-router-WAP-switch all rolled into one, and the use of VLAN's is generally an SME level solution, meaning you are buying SME level equipment for all 4 components when you go "all in one", in your case you'd only justify the use of an SME level switch. When it comes to specifying switches I use d-link for cheap domestic, draytek for decent domestic, HP for cheap commercial, Cisco for decent commercial, but if you anticipate wanting a 2.5G switch within 2 years then TP-link will do, 4 years and you'll get away with netgear.
NAT type routing ("masquerading" or "overload") and firewalling happens in software, so personally I've always just stuck a second nic* in my "server" and done it there - seems a waste of time, energy, space and cash to have a little box do what can be done by pppd the kernel and iptables. This also leaves you free to buy a PoE powered WAP and stick it somewhere sensible with a single cable, or get a normally powered one and still not drag your switch/modem and it's associated cabling with it.
If I were you, I'd get a second hand one gig managed ProCurve or Cisco switch with enough ports to serve your whole network, and consider it the the first step in unrolling the modem-router-WAP-switch bundle.
*though, with a managed Gbit switch you could do it virtually on one nic for most "broadband" set-ups. |
|
| Back to top |
|
|
Hu
Administrator
Joined: 06 Mar 2007
Posts: 22417
|
| Posted: Thu Sep 19, 2024 3:06 pm Post subject: |
|
|
| VLANs are a software construct, so how much or little you can do with them depends heavily on the quality of the software involved. A quality switch can allow multiple VLANs on the same port, and restrict which VLANs that port is allowed to send on. |
|
| Back to top |
|
|
GDH-gentoo
Veteran
Joined: 20 Jul 2019
Posts: 1646
Location: South America
|
| Posted: Thu Sep 19, 2024 4:19 pm Post subject: Re: New hardware VLAN questions |
|
|
| Ralphred wrote: | | pjp wrote: | | What kind of switch would RTR2 need to be to handle at least 2 VLANs. I presume it could not be one of the "network extender" varieties, but I don't know what to look for. |
Just a "managed" switch, sometimes referred to as "layer 3", but not necessarily. |
To clarify, you'd need a "VLAN-aware switch", that is, one that supports IEEE standard 802.1Q. I believe most "managed switches" —i. e. those that provide a user interface for configuring the switch— sold these days should be VLAN-aware.
VLAN-aware switches can be just "layer 2 switches" (only capable of "bridging", i. e. MAC layer forwarding), or "layer 3 switches" (capable of both bridging and IP forwarding). Depending on how you plan to "handle 2 VLANs", you might not need the "layer 3" functionality.
| pjp wrote: | | I'm also guessing 1 port can handle only one VLAN? |
A single port can handle multiple VLANs, as Hu said, provided the device supports transmission and reception of VLAN-tagged Ethernet frames, which any VLAN-aware switch should do.
_________________
| NeddySeagoon wrote: | I'm not a witch, I'm a retired electronics engineer  |
| Ionen wrote: | | As a packager I just don't want things to get messier with weird build systems and multiple toolchains requirements though |
|
|
| Back to top |
|
|
pjp
Administrator
Joined: 16 Apr 2002
Posts: 20380
|
| Posted: Thu Sep 19, 2024 8:43 pm Post subject: Re: New hardware VLAN questions |
|
|
| Ralphred wrote: | | When you get into the realm of VLAN aware switches it's not "what the upstream wifi router told that specific port to do" but what you configured that port to do. |
Thanks for clarifying, but that is what I meant. I have sufficient experience to know I should ask questions (my CCNA was from the mid 00s, and I never held a role where it was my primary responsibility). I also thought a port could handle more than one VLAN, but doubted my vague recollection.
Part of the issue is that I've read of some Netgear hardware not handling VLANs well, and these being those labeled for business use. As well, some models being labeled with a "E" and/or "Ev3" may support VLANs. So it isn't at all clear to me at the consumer level that any of this stuff works.
| Ralphred wrote: | | Just a "managed" switch, sometimes referred to as "layer 3", but not necessarily. |
I'll have to revisit what I've seen available, given what I've read about what Netgear hardware supports.
| Ralphred wrote: | | In this use case, possibly, it depends how many LAN ports you need, if it's more than 4 in total then you are better off just getting a managed switch downstream of your router. |
That's what I'm leaning towards. 4 probably isn't sufficient.
| Ralphred wrote: | | The problem is that it's become ubiquitous amongst the average user to think of a router as something that is a modem-router-WAP-switch all rolled into one, and the use of VLAN's is generally an SME level solution, meaning you are buying SME level equipment for all 4 components when you go "all in one", in your case you'd only justify the use of an SME level switch. |
I've tried to identify the distinct components, but it seems impractical. I'd still have to identify the switch (which I should have called SW1 instead of RTR2... I hastily tried to be more clear using fewer words). Then I need a WAP. The modem-router is currently provided by the ISP.
I was trying to avoid Ubiquiti because they seem to have tried making their product line as complicated as possible, with a push toward cloud and other special devices to manage their equipment. Cloud Key / Gateway and I forget what else.
| Ralphred wrote: | | When it comes to specifying switches I use d-link for cheap domestic, draytek for decent domestic, HP for cheap commercial, Cisco for decent commercial, but if you anticipate wanting a 2.5G switch within 2 years then TP-link will do, 4 years and you'll get away with netgear. |
I probably don't need 2.5G, but it is available without too much additional cost. Residential fibre is supposedly on it's way, but no specific schedule. I've seen ISP related vehicles in the area and have heard it's close by, so who knows. As a hedge, the port could be used to connect to SW1, and eithe rof those TP-Link BE models I think should be able to replace my ISP's modem/router device, though I'd have to verify.
My dying all-in-one is a D-Link, but they seem to have abandoned physical retail, at least locally. I've never heard of Draytek. My only interest in TP-Link is they seem to get decent reviews, and I can get them locally. I would have preferred Netgear, but having read of questionable performance vs. claims, I'm leery of them. My original thought was a decent Netgear switch and WAP. That seemed easy until I tried to identify capabilities.
| Ralphred wrote: | | NAT type routing ("masquerading" or "overload") and firewalling happens in software, so personally I've always just stuck a second nic* in my "server" and done it there - seems a waste of time, energy, space and cash to have a little box do what can be done by pppd the kernel and iptables. This also leaves you free to buy a PoE powered WAP and stick it somewhere sensible with a single cable, or get a normally powered one and still not drag your switch/modem and it's associated cabling with it. |
Well, the device seems much more convenient with less power draw. I'd like to use WoL to shut most of the hardware down when not in use. I've looked for low power devices to take on that role, but few have enough ports or capacity to do much of anything else. On the plus side, the first result for a 4 port NIC was only ~$70.
| Ralphred wrote: | | If I were you, I'd get a second hand one gig managed ProCurve or Cisco switch with enough ports to serve your whole network, and consider it the the first step in unrolling the modem-router-WAP-switch bundle. |
I'm not familiar with HP, but Cisco tend to be very loud due to the small screaming fans. Then there's availability and cost. I don't use e-bay, and most companies idea of support is to not provide it. In particular I'm thinking of getting used hardware that has problems.
| Ralphred wrote: | | *though, with a managed Gbit switch you could do it virtually on one nic for most "broadband" set-ups. |
In theory a good switch should make it easier. I once configured a PC to act as a router, and also used TUN/TAP for VMs on a system. But for 8 or 16 ports, the dedicated solution seems easier. Except for the lack of ssh acccess. All web interfaces are heinous and only exis to make life difficult (in my experience).
I'll try looking again. Maybe I'll see something I overlooked. Thanks!
_________________
Quis separabit? Quo animo? |
|
| Back to top |
|
|
pjp
Administrator
Joined: 16 Apr 2002
Posts: 20380
|
| Posted: Thu Sep 19, 2024 8:50 pm Post subject: Re: New hardware VLAN questions |
|
|
| Hu wrote: | | VLANs are a software construct, so how much or little you can do with them depends heavily on the quality of the software involved. A quality switch can allow multiple VLANs on the same port, and restrict which VLANs that port is allowed to send on. |
I didn't realize how bad consumer grade equipment was, even when target at business use. I doubted my memory on the multiple VLANs/port thing. If I recall, it may have been (then) recommended against for performance considerations.
| GDH-gentoo wrote: | To clarify, you'd need a "VLAN-aware switch", that is, one that supports IEEE standard 802.1Q. I believe most "managed switches" —i. e. those that provide a user interface for configuring the switch— sold these days should be VLAN-aware.
VLAN-aware switches can be just "layer 2 switches" (only capable of "bridging", i. e. MAC layer forwarding), or "layer 3 switches" (capable of both bridging and IP forwarding). Depending on how you plan to "handle 2 VLANs", you might not need the "layer 3" functionality. |
Managed seems to be the minimum, which I presumed to be the case. The more difficult challenge finding one of sufficient quality to claims made ratio.
And I naturally remember why I didn't do this any of the previous times I looked into it.
I'll try to see what I can find as there isn't much can left to kick.
Thanks everyone!
_________________
Quis separabit? Quo animo? |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
