Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Adding VLANs to my home LAN

Discussion in 'Switches, NICs and cabling' started by unmesh, Nov 18, 2017.

  1. unmesh

    unmesh Occasional Visitor

    Joined:
    Apr 12, 2011
    Messages:
    28
    Hi,

    I'm running a wired Gigabit LAN at home which connects to wired devices such as servers and desktops and several wireless routers configured to serve as access points. (Is it correct to call these endpoints?) I'd like to add IoT devices but would like to keep them separated from the main LAN just in case they misbehave and have begun experimenting with VLANs.

    My gateway router runs TomatoUSB on which I created a bridge and a new VLAN and assigned to it an untagged physical port and a Virtual Wireless AP and confirmed that these are isolated from the main LAN by using ping. I'd like to distribute this VLAN over the existing wiring and could use some help. (I realize I could try and distribute the new VLAN wirelessly but there are too many intervening walls).

    Specifically, if I had two Cat5 cables running to the various rooms, I would use for each of the LANs but I don't. This means I would have to get the router to produce tagged frames, connect to a switch to send these to various rooms and use a managed switch at the far end to map the VLANs to access ports since my endpoints are not VLAN aware as best as I can tell.

    Do I need a managed switch at the gateway router to send tagged frames to the different rooms or will one of my existing consumer grade unmanaged switches do this?

    Any recommendations for easy-to-use 5-8 port managed switches to use in the other rooms will also be greatly appreciated.

    Thanks.
     
  2. st3v3n

    st3v3n Regular Contributor

    Joined:
    Feb 24, 2016
    Messages:
    160
    Location:
    Central US
    Yes, and a bottle of aspirin.
     
  3. unmesh

    unmesh Occasional Visitor

    Joined:
    Apr 12, 2011
    Messages:
    28
    Hmm.

    Maybe I should hang an Eero or equivalent off the isolated VLAN instead.
     
  4. st3v3n

    st3v3n Regular Contributor

    Joined:
    Feb 24, 2016
    Messages:
    160
    Location:
    Central US
    Sorry, I didn't intend to make light of your plight. With all of the infection and hacking spreading around the planet via the hundreds of billions of made in china IoT toys, I'm sure you'll find a bullet-proof way to keep yours from letting a big bear or infection into your house:) Nice system, Cheers.
     
  5. unmesh

    unmesh Occasional Visitor

    Joined:
    Apr 12, 2011
    Messages:
    28
    Point taken! I was thinking of starting with connected thermostats from the likes of Ecobee followed by a connected LG TV and work my way down to random infected IoT toys ;)
     
  6. st3v3n

    st3v3n Regular Contributor

    Joined:
    Feb 24, 2016
    Messages:
    160
    Location:
    Central US
    Yes, that's the spirit:). These things are an epidemic, without a doubt.
    Our Samsung 4K smart TV had a small bit of iOT in it, and acted just a tad too smart, and I investigated. There were some threads feeding in/out that I never was able to identify. Samsung claimed they were unrelated to their cloud-based hub-service, which we'd never agreed to nor enabled. We used the stock apps, like Netflix. I don't like chasing ghosts so the best thing to do was done and ended it's ability to reach out. Now it's a still a beautiful and quite dumb 4K TV. That may/may have not had anything to do with the CIA or other less than honorable actors.

    Everyone has likely heard something about the dangers of AI or IoT, but what fully focused our attention was when a friend's home nearly burned to the ground. The final report concluded (forensic examination of the hard drive salvaged) the computer was compromised via one or more of many IoT devices in the former 'smart' home. Whoever was responsible, failed to accomplish damage to any of the IoT gadgets themselves, including the equisite refridgerator. However, the 'smart' IoT thermostat had mysterisouly been accessed and ramped all the way up, without tripping the cell phone alert or the home alarm system. The manufacturer claimed that wasn't possible and supposedly had never previously occured. First time for everything, at least this time there was evidence. Some material was too close to the heat source, and that's all it took, after several hours of smoldering. The home fire/smoke alarm was bypassed, but neighbors saw smoke and called the fire department who saved the place. Before rebuilding, the friend decided to de-smartify the home. Another friend who is quadrapleigic has an automated home but has a 24-nurse to keep an eye peeled for any gadget that decides to act up.

    FWIW; the first URL echos part of Schneier's paper earlier this year, the second has other information
    .
    https://fortunascorner.com/2017/07/...y-26-27-2017-20th-year-of-annual-gathering-o/

    https://www.schneier.com/essays/archives/2017/01/click_here_to_kill_e.html

    I try to trust but verity, then when in doubt, pull the plug. Cheers, and good luck.
     
  7. Chumsacher

    Chumsacher New Around Here

    Joined:
    Nov 13, 2017
    Messages:
    4
    For me, I just got an unmanaged switch for home use because of its simple and easy configuration.

    IF you need 8-port switches, Netgear or TP-link are not bad choice, I used to use them at home. Hope it would be helpful.
     
  8. st3v3n

    st3v3n Regular Contributor

    Joined:
    Feb 24, 2016
    Messages:
    160
    Location:
    Central US
    Amazon has a couple of nice managed/unmanaged Netgear switches with their week-long black friday sale; full disclosure, I don't hold any financial interest or stock in, nor am I a fan-boy of or employed by any of these companies mentioned. I presently have a good unmanaged DLink gigabit 8-port wwitch, that's working well, but Imm going to snag one of the Netgear managed switches with VLAN capabilties/tagging to replace it. I want to get-granular so as to nail down and fine tune the behavior of streams to the video boxes; they have a mind of their own regardless of my work in the router. With the low seasonal prices now, it makes sense to pay a bit extra for Netgear's life-time, next business day replacement warranty, even if you don't currently need a managed switch now, they work just as automatically as their cheaper brethren until the time comes that you need to get deeper into the nittty gritty of it all. I'm adverse to having to pitch gear when it fails and isn't feasible to replace due to worthless warranties. Some of their 'life-time' warranties are similart to TPLink's; after endless wrangling, you'll have to pay full UPS or FedEx shipping to return the failed unit, only to get a refurbed or older unit with less capable stats or bios, as a replacement, which in any event exceeds the original cost paid for the unit, not to mention the time lost during the wrangling, shipping, etc.

    Someone else had posted a fine reference with illustrations how to use a managed switch for VLAN and sub-net management, and it beat all of my textbookx, how simple it made it look. I'll try to run it down and post it, if anyone is interested.

    I had a rather unhappy go around with TP-Link several years ago, when I tried to invoke the warranty on a brand-new defective router; they ran me around in circles in unprecise Chinglish until I finally told them in no uncertain terms, I expected them to quit stalling and grant my warranty/RMA request, or I'd never spend another dime on their product line, and would advise my clients accordingly. Every single one of their support people parroted the exact same scripted replies/instructions, over, over, over and yet endlessly, like a needle stuck in the groove. I went over the archive of emails they sent, and realized that no matter what 'agent' they transferred me to, or what 'name' they used, it was in fact the same CSR. If you've ever done that sort of work, no matter how many years/decades ago, you never forget the tricks some of them employ.

    There are lots of people who own and good luck with TPLink, at least until the unit breaks down, as with all cheaper switches, no matter who manufacturers them.

    The good thing about Netgear Pro-Safe/Business class/Next Business Day replacement line, is that their Life-time warranty really works. I've had fair luck with the less expensive Netgear switches holding up, but when they begin to fail, it's usually the day after the warranty ends, and then the unit makes a dandy paperweight. Cheers.
     

Share This Page