Best way to implement Vlan

[Woodymakespizza]

Hey all, I need some help. I have two Asus GT-AXE11000s, not pro models set up with ethernet backhaul as Router and AP, and a growing homelab with a plex server, DNS/PiHole (firewall to come). I am working on isolating my IOT and outdoor cameras and its my understanding that these dont handle Vlan tagging easily or maybe at all. I have a Trendnet TEG-3182WS managed switch that can create the vlans. This is my first real foray into this kind of networking and Im wondering if there is a firmware I could use to manage tagging, or if there is not, what if them both as mesh or APs under a newer model that does support Vlan tagging, or would it be better to look to replace them both with newer hardware. I'd of course prefer not to replace them both if I dont have to.

Open to suggestions, thoughts or ideas I havent thought of. Thanks.

 

[bennor]

If you don't need VLAN's you can likely accomplish some of what you seek by using Asus-Merlin firmware coupled with the Asus-Merlin YazFi addon script followed by some IPtables scripting if YazFi's One-Way or Two-Way to Guest doesn't work for your setup.

Or one can try the following with the Asus-Merlin 388.x firmware:

Tutorial - How to use VLANs on your non-pro Asus router with 386 or 388 code (no scripting required)

You didn't answer whether the satellite routers are in Mesh or AP mode. Aimesh parent is in AP mode, satellite routers are in Aimesh node mode off the parent.

www.snbforums.com

 

[Woodymakespizza]

Ill poke through these. My long term goal is to separate for both security and convenience somewhat like this:
Primary network - Laptops, business and gaming computers, and homelab
Roku's - vlan 10
Cameras and MyQ - vlan 20
Guest Network - House is a double and I have tenants - Also VLAN?

You'll have to forgive me Im still learning VLANs and some of this deeper network config stuff

 

[Tech9]

Hey all, I need some help. I have two Asus GT-AXE11000s, not pro models set up with ethernet backhaul as Router and AP, and a growing homelab with a plex server, DNS/PiHole (firewall to come).

YazFi won't help you. It's not VLAN based, doesn't work in AP Mode and doesn't work network-wide with Router and AP Mode or AiMesh Node. You can explore potential solutions on the link below or use it as an example for custom scripting of the VLANs you need. In a long term VLAN capable gateway/firewall is best to pair with VLAN capable APs. Run the firewall on bare metal, not virtualized with other services. Your entire network will be hanging on s single device. It fails - everything goes down at once.

MerVLAN v0.52.91 Simple and Powerful VLAN Management **BETA**

MerVLAN VLAN Manager – Simple and Powerful VLAN Management LATEST CHANGELOG (often condensed, full log: main | dev mervlan v0.52.91 - Hotfix mervlan_boot.sh: Fixed a critical bug where template injection silently deleted subsequent blocks in services-start. Re-injecting the addon...

www.snbforums.com

 

[Tech9]

House is a double and I have tenants - Also VLAN?

VLANs won't help here. This type of account sharing is not allowed with most ISPs (read your service contract) and presents potential issues with authorities (illegal activities online). The ISP account is in your name and you are personally responsible for all online activities. Make sure you weight carefully the pros and cons.

 

[Woodymakespizza]

YazFi won't help you. It's not VLAN based, doesn't work in AP Mode and doesn't work network-wide with Router and AP Mode or AiMesh Node. You can explore potential solutions on the link below or use it as an example for custom scripting of the VLANs you need. In a long term VLAN capable gateway/firewall is best to pair with VLAN capable APs. Run the firewall on bare metal, not virtualized with other services. Your entire network will be hanging on s single device. It fails - everything goes down at once.

MerVLAN v0.52.91 Simple and Powerful VLAN Management **BETA**

MerVLAN VLAN Manager – Simple and Powerful VLAN Management LATEST CHANGELOG (often condensed, full log: main | dev mervlan v0.52.91 - Hotfix mervlan_boot.sh: Fixed a critical bug where template injection silently deleted subsequent blocks in services-start. Re-injecting the addon...

www.snbforums.com

You're saying buy a specific device for firewall instead of running virtual off the minipc that is running pi-hole/NPM? Looking at the Mervlan and the experimental warnings are a little concerning as both wife and I have our own businesses and need stability.

Also - Does anyone know if I were to buy a BE model as the primary and ran one or both of the AXE11000s as APs or AImesh without a flashed firmware would that work or would I be better off buying two new ones? I could sell these and recoup at least half the cost.

 

[bennor]

Ill poke through these. My long term goal is to separate for both security and convenience somewhat like this:
Primary network - Laptops, business and gaming computers, and homelab
Roku's - vlan 10
Cameras and MyQ - vlan 20
Guest Network - House is a double and I have tenants - Also VLAN?

YazFi is main router only. Won't help, or work, with AP or AiMesh nodes if you go that route.