- This topic has 32 replies, 3 voices, and was last updated 2 years, 11 months ago by
.
Yeah, I also did my CCNA, CCDA and CCDP back in the day, fun
Looking at bigger picture now, Raspberry pi does seem to be the simplest option, shall I speak with ASUS to see if they are rolling out VLAN’s on LAN to the RT-AX86S / U ?
May help with decision making process and budget ?
Or flip the RT-AX86U to run on DD-WRT / Tomato / OpenWrt etc. if supported ?
In a completely sane world, madness is the only freedom (J.G.Ballard).
You need to login in order to vote
Hi, Sure if you don’t mind, can’t hurt to ask, at least will know if its a planned feature they will add or not.
If not, I’m guessing raspberry pi or similar maybe the way to go for simplicity but would be handy to utilise the VM i have if vlans are doable. Just got to hope they don’t get broken in updates etc :)
Kev
Liked by:You need to login in order to vote
FWIW: On AVM modems/routers you can set one LAN-port to guest-WiFi, but they miss VLAN support.
Liked by:You need to login in order to vote
FWIW: On AVM modems/routers you can set one LAN-port to guest-WiFi, but they miss VLAN support.
That is good to know
In a completely sane world, madness is the only freedom (J.G.Ballard).
You need to login in order to vote
Hi, Sure if you don’t mind, can’t hurt to ask, at least will know if its a planned feature they will add or not.
Ok, so ASUS have come back and said no plans for VLAN’s on LAN for RT-AX86U/S.
So Plan B (TBD)
In a completely sane world, madness is the only freedom (J.G.Ballard).
You need to login in order to vote
Plan B
My thoughts are that you can either:
Rasberry Pi and home assistant located in 2nd wifi network segment.
or
Put Main Network on 1st VLAN, create a second VLAN for 2nd Wifi and the create a third VLAN for the home assistant with a dedicated IP address and use a type of “permit any IP” to the IP address of home assistant.
or
Or like above but put home assistant IP in a DMZ (2 firewalls – “front-end” – “back-end”) , but a tad risky in my view.
VLAN 1 = Main Network
VLAN 2 = 2nd Wifi
VLAN 3 or DMZ
Note: Both Subnetting and VLAN’s used together create good security, VLAN’s in particular provide an additional layer of security by creating virtual networks within the same physical infrastructure.
In a completely sane world, madness is the only freedom (J.G.Ballard).
You need to login in order to vote
Thanks, shame not come in tot he RT-AX86U/S.
It is, I believe ASUS at keeping all the cool stuff like LAN side VLANs to there higher end GT and Pro models etc.
So out of the above options, which one are you considering, I assume 2nd option based on your questions ?
If so, I can draw a high end network diagram with key points but a tad concerned this maybe a tad difficult and hence raspberry pi maybe a simpler option
In a completely sane world, madness is the only freedom (J.G.Ballard).
You need to login in order to vote
2nd option is intriguing but not sure how involved and what possible cost would be to buy whatever is needed and I’m not too sure it is achievable?
Brave chap
I will try to draw a high end network diagram with key points over the next day or so, alas switches I am not familiar with cmds nowadays etc. but I am sure they can be researched online etc.
Also now thinking that maybe a multi NAT and DMZ type configuration using a couple of routers might work and be a little easier to configure, I will try to also produce a overview network diagram.
In a completely sane world, madness is the only freedom (J.G.Ballard).
You need to login in order to vote
Hopefully the below diagrams will be of use
Diagram 1
Diagram 2
Thoughts:
Diagram 1 is simple to setup and involves 2x wifi routers, wifi router 2 is in essence in double NAT, but should not cause any issues with kit on the main network gaining access to internet for updates etc, Remote dial in for main network would be tricky due to the double NAT, but as far as I am aware, this is not required for main network.
The main point here is that Home Assistant is placed in a DMZ from Wifi router 1 and thus enables both 2nd network and main network to access home assistant whilst still keeping main network separation form 2nd network.
Note: Alas, Putting Home Assistant in DMZ is not ideal and second network card maybe needed with dedicated IP and / or port forwarding rules applied to router, but minor points.
Diagram 2 is much more logical in architecture, but does require 3x VLANs to be configured and good switch cmd knowledge.
Good aspect of Diagram 2 is that if extra wifi device is required, they can be connected via VLAN assigned ports and easily adaptable.
VLAN 1 = Main Network
VLAN 2 = 2nd Network/Wifi
VLAN 3 = Home Assistant dedicated VLAN
As detailed previously, Main Network on 1st VLAN, second VLAN for 2nd Wifi and the create a third VLAN for the home assistant with a dedicated IP address and use a type of “permit any IP” to the IP address of home assistant
Attachments:
In a completely sane world, madness is the only freedom (J.G.Ballard).
You need to login in order to vote
So I’m not too far off from being able to do Diagram 2…. My HP1810-24G switch has a web GUI which I can assign ports to vlans (no command line required) so that’s easy to do.
Diagram 2 would be my design of choice preference also as its it has inbuilt scalability and just more logical etc.
However – how do i assign WIFI to a VLAN? as the router is doing the WIFI, I don’t have a AP plugged into a port on the switch doing the WIFI would be easy if wired by it’s WIFI.
If you look closely, Diagram 1 routers are named ‘wifi router’, Diagram 2Â router is just called ‘router 1’ (no wifi)
My thoughts were that ‘switch limitations permitting’ you could enable say port 24 to use VLAN 1 or 2 for example etc. and then plug in a wifi device (if needed) into that port (ethernet) and then automatically all data going via the wifi device through that port should be suitable for the assigned VLAN ID no.
Don’t take the design to literally, as some mods maybe needed to suit the kit you have or may need to get, and skillset.
.’. Had a quick look at your particular HP Switch and hopefully the below helps ?
https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-c02596180
In a completely sane world, madness is the only freedom (J.G.Ballard).
You need to login in order to vote
Why dont you keep it simple and use an ax-Repeater with LAN-Ports?
So you are connected with this subnet to specific WLAN and you can use wired or wireless devices behind in their own clowd.
You even need less devices to be managed seperately.Of course, that wont be that challenging …
Liked by:You need to login in order to vote
Why dont you keep it simple and use an ax-Repeater with LAN-Ports?
Yes good idea, lots of smaller options to consider
In a completely sane world, madness is the only freedom (J.G.Ballard).
You need to login in order to vote
- You must be logged in to reply to this topic.