What's new

Home Network Design help with L3 Switch

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

trpltongue

Regular Contributor
Hey all,

As a followup to my recent post in the wireless forum around designing a network for my house (thanks @coxhaus and @Trip , I'm hoping to get some help from the experts on designing, installing, and setting up the equipment I purchased:

ATT Fiber Gateway (provided by ATT)
Cisco RV340 Router
Cisco SG350-28P Switch
Cisco WAP581 AP (qty 2)

In particular, I'm hoping to get some help on thinking through VLAN's and then of course general setup of the equipment.

Below is the equipment that I've got in the house currently (with the exception of the network cameras). I'm assuming I'll want to setup at least 3 VLANs (Home, Guest, and IoT) but not sure what devices would go where. I've never had any security vulnerabilities, so I may not need a separate IoT VLAN, but I figure if I'm going to have to set one up for the guest wifi, I might as well separate the IoT devices.

Network Diagram.jpg


The trick of course is that Chromecasts, receivers, TVs, etc. all need to be able to talk to one another so that they can cast audio/video. Likewise, I'll need to be able to control my wifi light switches and outlets from my phones.

I'm brand new to this, so appreciate your help and patience :)

The equipment should get to me next weekend so I've got some time to plan out the setup and would love your help!

Thanks!
 
I will tell you Apple devices will need to be grouped into 1 VLAN. Apple equipment is not routable with equipment we can afford for home. What has happen to me over time is all my Apple devices have ended in my guest network which has become my IoT VLAN which includes my large screen TV, Echoes , firestick, so on including audio/video. So 3 VLANs sound reasonable. Maybe even 4 VLANs if you want to separate security cameras. It becomes real easy to add VLANs once the structure is in place.

I just saw you have VOIP phones. Are you planning on that at home? How many? Will you need QoS? I am just working on that with my daughter's network. I have never done it before. She has 19 IP phones so they will need QoS. I believe the Cisco L3 switches will handle this fairly easily.
 
Last edited:
That’s weird about the Apple devices and could cause me some serious trouble. I use the iphones to control my HTPC’s which get their media from the server, so they would need to be on the same network. Similarly we often cast from the phone to the Vizio TV and to the google home devices.

I only have one IP phone. No worries about QOS. We very rarely use that phone.
 
If you are using web it will not matter. I have an AppleTV(4K) with HomeKit and it has to be in the same network as my iPhones and iPads or it will not work. But I can turn off and on lights from anywhere using my iPhone. If I want to mirror to my Vizio TV from my iPhone using my AppleTV the AppleTV and the iPhone need to be in the same network. The TV can be in any network as I flow through the AppleTV using HDMI to my Vizio TV.
 
In our case the vizio TV has airplay and chrome cast built in so no Apple TV in our system.

I’ll see if I can put together a diagram of what devices have to talk to one another.
 
Last edited:
Attached is a diagram of the data flow within the network as I *think* it needs to happen.

The blue lines indicate one way data flow.
Items in red outline do not need internet access.

Network Connections.jpg
 
Last edited:
I will tell you Apple devices will need to be grouped into 1 VLAN. Apple equipment is not routable with equipment we can afford for home. What has happen to me over time is all my Apple devices have ended in my guest network which has become my IoT VLAN which includes my large screen TV, Echoes , firestick, so on including audio/video. So 3 VLANs sound reasonable. Maybe even 4 VLANs if you want to separate security cameras. It becomes real easy to add VLANs once the structure is in place.

I just saw you have VOIP phones. Are you planning on that at home? How many? Will you need QoS? I am just working on that with my daughter's network. I have never done it before. She has 19 IP phones so they will need QoS. I believe the Cisco L3 switches will handle this fairly easily.
Actually you can route Airplay between without extra gear. https://community.ui.com/questions/0362cb7f-f38c-43ba-b10e-c2e5cc9dbe16

The RV340 is not a power house same as the switch the OP wants to use, but will work to get them going in bette understanding how to work with VLAN’s. The OP will also have to setup a Linux server acting as the Bonjour Gateway, which the Raspberry Pi can do. All of this can be done with everything that is available to the average end user.
 
Last edited:
I guess you know the RV340 is not going to route any VLANs. VLANs will be routed by the L3 switch.

I don't see the easy routing. Please explain.
Already knew that. The RV340 is going to get them understanding how to do VLAN's without sinking a bunch of money into a decent Router that is very capable of doing things that the RV300 series sucks at doing. I had the RV320 and ditched it when it failed miserably on a network that I was doing testing with for a client.
 
Already knew that. The RV340 is going to get them understanding how to do VLAN's without sinking a bunch of money into a decent Router that is very capable of doing things that the RV300 series sucks at doing. I had the RV320 and ditched it when it failed miserably on a network that I was doing testing with for a client.

My daughter is using my old RV320 router with 19 people. It seems to run fine on a 200/10 connection. I have no issues. I am using a Cisco SG500X-24 L3 switch. The switch is real nice but a little noisy for me at home. The 2 fans are quiet not like Cisco's PRO gear but still to much noise for my closet.
 
The router and switch arrived today, both new in box. I was unpleasantly surprised to see that the switch is an EU version. The ad on eBay listed it as NA version. What issues can I expect with the EU version? I’m assuming it will be unsupported by Cisco but what about warranty?
 
The router and switch arrived today, both new in box. I was unpleasantly surprised to see that the switch is an EU version. The ad on eBay listed it as NA version. What issues can I expect with the EU version? I’m assuming it will be unsupported by Cisco but what about warranty?

I don't think your EU switch will be warrantied in the US. I would send it back. Make sure your Cisco WAP581 are North America models.
 
Okay, so I got things sorted out with the switch.

now it’s time to set things up piece by piece :)

My understanding is that I’ll need to set the att gateway to an alternate ip address range so that I can use the Cisco default of 192.168.1.1 (I prefer to use that range in the Cisco).

Then I’ll need to set my att gateway to put the Cisco router on DMZ mode.

Then disable WiFi on the att gateway.

All that is pretty straightforward, but I could use some help in configuring the Cisco. I just want to make sure that I don’t end up in an unprotected state by missing something in the Cisco setup. I would need to make sure that all the same internet protections from the att gateway are in place on the Cisco router as well.

Thanks!

Russell
 
I am not sure what you are talking about with the DMZ mode?

I think if you cannot get the ATT router in bridge mode then you need to setup double NAT. IF you want to use 192.168.1.1 for your default gateway for clients then you need to use that network on the Cisco L3 switch as the L3 switch will be your default gateway for all clients on your local LAN. So VLAN1 on the L3 switch will be 192.168.1.1. If you add VLAN2 then the local clients on VLAN2 will use 192.168.2.1 for their default gateway, so on and so forth as you add VLANs. I hope this makes sense. You need to look up my old thread from several years ago which has me setting up a Cisco L3 switch. If I were you I would follow my setup as it works.

I use 192.168.10.1 for my Cisco RV340 router. The RV340 router will have the L3 switch pointing to the RV340 router for default gateway for the switch only. None of your local clients will use the router for their default gateway. The L3 switch will do all the local routing.

I use 192.168.1.254 for my L3 switch IP which is the default gateway for all VLAN1 clients. I started with the RV340 router using 192.168.1.1 and only the L3 switch pointing to the Rv340 router for it's default gateway. All clients pointed to the L3 switch 192.168.1.254 VLAN1 and then the L3 switch pointed to the router. I then later figured out I could put the RV340 router in a VLAN by itself so I created VLAN10. I used an access port on the L3 switch in VLAN10 to where the RV240 router had 192.168.10.1/30 and the L3 switch had on VLAN10 192.168.10.2/30. And the default gateway for the L3 switch only is 192.168.10.1. This forces the L3 switch to route. If you use a trunk port between the RV340 router and the L3 switch the router will end up routing instead of the L3 switch.

I hope this helps. Ask more questions.

PS
To get this show running I would make the RV340 router 192.168.1.1 and connect to VLAN1 as an access port on the L3 switch. Make VLAN1 on the L3 switch 192.168.1.254. This will start the L3 switch routing for clients. Once you have this running then we can add more VLANs later. The next step will be to configure DHCP on the L3 switch using 192.168.1.254 as the default gateway in DHCP. Next turn off DHCP on the RV340 router. Get this running and we will then add another VLAN and test routing.
Remember all local clients will use the L3 switch as their default gateway. The RV340 router does not know where the VLANs are so it can not route them. The rv340 just knows that it needs to send all the networks to the L3 switch. So you will need routing statements for each network VLAN we setup. The RV340 router knows about VLAN1 because it is a member of VLAN1 but all other VLANs need to be setup on the RV340 router pointing to the L3 switch.
 
Last edited:
Thanks for the awesome write up!

I’ll definitely search back for your switch setup thread to understand a bit better.

You are correct that there is no way for the ATT gateway to be placed in bridge mode.

With that in mind, I’m wondering what use there is for the Cisco router if all the security will be done by the ATT gateway, and the routing will be done by the L3 switch? Or is it the case that the L3 switch will route traffic only between my LAN machines, and that internet traffic will be routed by the router? If so, couldn’t the ATT gateway do the same thing?

You can tell I’m a network noob....
 
No, it does not support VLans. Good catch. I still don’t understand that bit fully yet, so definitely missed that aspect of it.
 
I don't think the AT&T router needs to support VLANs as the L3 switch is handling all the VLANs. What the AT&T router needs to be able to do is route all network traffic to the L3 switch. Normally with the RV340 router there are routing statements for all the different networks. I don't know if the AT&T router can handle routing statements. If there is a way to do that then yes you don't need the RV340 router. I would assume the RV340 router would have a better firewall then the AT&T router but if you can get the AT&T router to route all the traffic then it will work.

You can try the AT&T router if you want. The worst that can happen is you will only have internet on VLAN1.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top