AP/router from ISP + own router + managed switch

[Martin - SNBuser]

Hi all,

I'm wondering: I have (1) Netgear 6250 router from my ISP (I can turn on/off "router mode") that transforms the internet signal from incoming coax cables to RJ45. Normally I've then connected my router to this and this gives my wireless+wired access. My router is (2) Asus RT-AC87U. Now, last thing that happened is that I bought a managed switch: TP-Link TL-SG2210P 8-port managed switch. I've never had a managed switch before, so now I want to play with VLAN and setting up higher security etc. Anyway, here's what I'm wondering about:

Situation A:
(1) Netgear cable modem from ISP with router mode turned on. This is connected with two RJ45 cables:

• To my router (2) Asus RT-AC87U (which was in AP mode). This gives access to wireless clients.
• To my new switch (3) TL-Link TL-SG2210P. This gives access to wired clients.

I thought this was ideal... The logic with wireless clients to one RJ45 port and the logic with wired clients to the other RJ45 port of the incoming cable modem (1)... However I found out that internet connection from my wired pc was really strange. Sometimes the connection was ok. Other times I had to wait like 30-40 seconds, before I could access webpages, just waiting... So I went over to situation B:

Situation B:
(1) Netgear cable modem from ISP with router mode turned off. This is connected with one RJ45 cable to my router (2) Asus RT-AC87U (which was in router mode). This router is then also connected with one RJ45 cable to my new switch (3) TL-Link TL-SG2210P (this has 4 ports). All wired clients are connected to the switch (3) so I only use one out of 4 LAN-ports on the router. My idea is to manage the cabled connections through the managed switch..

Situation B works much more stable/better. I just don't understand why situation B is/was better than situation A...??? Anyone has any explanations/ideas for why situation B is better than situation A (my experience)?

Thanks..

 

[System Error Message]

Regardless of whether you use the router or bridge mode on the modem, for effective use of vlans the router must support it too. This is for the total segmentation of vlans according to the IEEE style. Port based vlans however are loose in that they work with routers that dont support vlans but every switch could implement them differently.

Use of vlans can be for 2 things, to segment your LAN, and/or for use with internet and some ISP features like IPTV. By having the switch handle vlans it can take a bit of CPU load from the router if used correctly on the switch but is not the best practice to have the switch connected to the internet as that layer 1 and 2 separation from internet is important

 

[Martin - SNBuser]

Regardless of whether you use the router or bridge mode on the modem, for effective use of vlans the router must support it too. This is for the total segmentation of vlans according to the IEEE style. Port based vlans however are loose in that they work with routers that dont support vlans but every switch could implement them differently.

Use of vlans can be for 2 things, to segment your LAN, and/or for use with internet and some ISP features like IPTV. By having the switch handle vlans it can take a bit of CPU load from the router if used correctly on the switch but is not the best practice to have the switch connected to the internet as that layer 1 and 2 separation from internet is important

Hi S.E.M,

I didn't enable/disable any VLAN-settings. I've never used VLANs (but I would like to do, with the new managed router). Does this change your answer?

I do not understand this sentence: "is not the best practice to have the switch connected to the internet as that layer 1 and 2 separation from internet is important" - please elaborate, I would really like to understand, thanks!

 

[System Error Message]

VLANs can be used in many ways, im just saying its best not to connect internet to switch.

The choices you gave are irrelevant. For VLANs to work your router must support it, otherwise you will have to use port based vlans.

 

[Martin - SNBuser]

VLANs can be used in many ways, im just saying its best not to connect internet to switch.

The choices you gave are irrelevant. For VLANs to work your router must support it, otherwise you will have to use port based vlans.

I didn't configure VLAN. I suppose it's just using VLAN 1 or whatever is the default VLAN for all connected devices. Sorry, but I still don't understand why its best not to connect "internet" to switch (in my case, situation A is a situation where the cable modem works as a router, hence the switch is never connected directly to the internet)?

Situation A: internet --> one cable: ISP modem works as router --> one cable to each of these:

• router, RT-AC87U in AP mode
• managed switch, TP-LINK

I believe this should work, but in my experience it works very bad... Very slow. Sometimes 20-30 seconds waiting time before accessing webpages.

Situation B: internet --> one cable: ISP modem (router mode off) --> one cable: RT-AC87U works as router --> one cable to managed switch, TP-LINK.

This works very good, but I thought situation A was better (maybe the ISP modem is not very good?)...

Please clarify...

 

[System Error Message]

I know you're not connecting switch to internet, rather i am trying to teach you how to do it.

Your situations A and B are irrelevant to the use of VLANs. VLAN is a layer 2 feature. Routing is a layer 3 feature. So to use vlans effectively your router must support it otherwise you will be restricted to port based vlans which means your network will only be segmented by layer 2 (i.e. no DLNA or multicast) but layer 3 will still work within LAN so you could still communicate between devices (you can ping or browse them via IP).

Essentially effective network segmentation happens on layer 2 and 3. If you have only IP segmentation than DLNA will still work despite the different subnets. For effective segmentation the router must support VLANs, this means the router must be able to tag and untag vlan packets and the router will give each vlan its own IP segment. Almost all consumer routers do not support LAN based VLANs but many consumer routers support internet VLANs for use with ISPs and IPTV.

VLANs have 2 modes, tagged and untagged. I suggest you search the forum because there are extensively good tutorials and articles on vlans here.

VLAN has nothing to do with wiring, it is a virtual circuit imposed on a physical one so that a single physical circuit can have many virtual ones that act like as if they were many physical circuits. Hence your situations are irrelevant because who does routing and how you wire doesnt matter. What matters is the layer 2 component of it.

 

[Martin - SNBuser]

... VLAN has nothing to do with wiring, it is a virtual circuit imposed on a physical one so that a single physical circuit can have many virtual ones that act like as if they were many physical circuits. Hence your situations are irrelevant because who does routing and how you wire doesnt matter. What matters is the layer 2 component of it.

Ok, thank you very much. I'll read up on tagged and untagged modes of VLAN, thank you. I also thought that my situations should be irrelevant, but practice tells me there's a difference but I don't understand why (one method works much better than the other). The router is AC-RT87U, I believe it supports VLAN although I need to read up on this and search for tutorials (and currently it runs the Merlin-ROM, not the Asus stock ROM which improves the capabilities). I'm guessing that when I setup VLAN on the router, I should also setup VLAN on the switch? Or? I'll also google and search for some tutorials on this, thanks for your time.

 

[Mokers]

Who is your ISP? I have seen some really strange setups built-in ISP gear. I always prefer to use my own router and then just setup the ISP into bridge mode. A lot of these modems are also needed for voice and video services and it's not like they do firmware updates very often, so you often get buggy software.

Edit: also, a relatively new router is probably faster than your ISPs, so I would actually say scenario b is the ideal.

 

[Martin - SNBuser]

Who is your ISP? I have seen some really strange setups built-in ISP gear. I always prefer to use my own router and then just setup the ISP into bridge mode. A lot of these modems are also needed for voice and video services and it's not like they do firmware updates very often, so you often get buggy software.

Edit: also, a relatively new router is probably faster than your ISPs, so I would actually say scenario b is the ideal.

Yes, I've thought about the same ideas you had. But the Netgear 6250 from my ISP is not that old, I think... Of course Asus RT-AC87U is newer and more expensive, but I still didn't expect waiting times - sometimes 30 seconds before accessing a webpage... My ISP is http://yousee.dk/ - I bet chances that you know them, are low. In this small-populated country, they're one of the big ISP's. I wanted to run entware on the router and do some logging but the router keeps losing connection to the USB (periodic hardware problem? I suspect it is...) and I cannot make it connect to CIFS/SAMBA share. So I cannot install entware, otherwise I would try to do some experiments with logging the network traffic and try to load it into wireshark (I'm not too experienced with this, but it would be a good/interesting exercise for me, I think - maybe I could learn something)... Anyway, thanks for your input...

 

[Mokers]

sometimes a lot of delays are caused by DNS lookups. you can try setting public DNS servers on your devices (google or opendns) to see if that fixes things.

 

[Martin - SNBuser]

sometimes a lot of delays are caused by DNS lookups. you can try setting public DNS servers on your devices (google or opendns) to see if that fixes things.

Oh, maybe that is the problem. Thank you very much... I'm not sure if I'll go back and try the other alternative again, am currenctly a bit busy with other things... But I think you're right, maybe that - for some reason - could be the explanation... Thanks a lot, friend.