1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Home Network Design help with L3 Switch

Discussion in 'Other LAN and WAN' started by trpltongue, Oct 18, 2019.

  1. trpltongue

    trpltongue Regular Contributor

    Joined:
    Oct 13, 2019
    Messages:
    89
    Hey all,

    As a followup to my recent post in the wireless forum around designing a network for my house (thanks @coxhaus and @Trip , I'm hoping to get some help from the experts on designing, installing, and setting up the equipment I purchased:

    ATT Fiber Gateway (provided by ATT)
    Cisco RV340 Router
    Cisco SG350-28P Switch
    Cisco WAP581 AP (qty 2)

    In particular, I'm hoping to get some help on thinking through VLAN's and then of course general setup of the equipment.

    Below is the equipment that I've got in the house currently (with the exception of the network cameras). I'm assuming I'll want to setup at least 3 VLANs (Home, Guest, and IoT) but not sure what devices would go where. I've never had any security vulnerabilities, so I may not need a separate IoT VLAN, but I figure if I'm going to have to set one up for the guest wifi, I might as well separate the IoT devices.

    Network Diagram.jpg

    The trick of course is that Chromecasts, receivers, TVs, etc. all need to be able to talk to one another so that they can cast audio/video. Likewise, I'll need to be able to control my wifi light switches and outlets from my phones.

    I'm brand new to this, so appreciate your help and patience :)

    The equipment should get to me next weekend so I've got some time to plan out the setup and would love your help!

    Thanks!
     
  2. coxhaus

    coxhaus Part of the Furniture

    Joined:
    Oct 7, 2010
    Messages:
    3,113
    Location:
    texas
    I will tell you Apple devices will need to be grouped into 1 VLAN. Apple equipment is not routable with equipment we can afford for home. What has happen to me over time is all my Apple devices have ended in my guest network which has become my IoT VLAN which includes my large screen TV, Echoes , firestick, so on including audio/video. So 3 VLANs sound reasonable. Maybe even 4 VLANs if you want to separate security cameras. It becomes real easy to add VLANs once the structure is in place.

    I just saw you have VOIP phones. Are you planning on that at home? How many? Will you need QoS? I am just working on that with my daughter's network. I have never done it before. She has 19 IP phones so they will need QoS. I believe the Cisco L3 switches will handle this fairly easily.
     
    Last edited: Oct 18, 2019
  3. trpltongue

    trpltongue Regular Contributor

    Joined:
    Oct 13, 2019
    Messages:
    89
    That’s weird about the Apple devices and could cause me some serious trouble. I use the iphones to control my HTPC’s which get their media from the server, so they would need to be on the same network. Similarly we often cast from the phone to the Vizio TV and to the google home devices.

    I only have one IP phone. No worries about QOS. We very rarely use that phone.
     
  4. coxhaus

    coxhaus Part of the Furniture

    Joined:
    Oct 7, 2010
    Messages:
    3,113
    Location:
    texas
    If you are using web it will not matter. I have an AppleTV(4K) with HomeKit and it has to be in the same network as my iPhones and iPads or it will not work. But I can turn off and on lights from anywhere using my iPhone. If I want to mirror to my Vizio TV from my iPhone using my AppleTV the AppleTV and the iPhone need to be in the same network. The TV can be in any network as I flow through the AppleTV using HDMI to my Vizio TV.
     
  5. trpltongue

    trpltongue Regular Contributor

    Joined:
    Oct 13, 2019
    Messages:
    89
    In our case the vizio TV has airplay and chrome cast built in so no Apple TV in our system.

    I’ll see if I can put together a diagram of what devices have to talk to one another.
     
    Last edited: Oct 19, 2019
  6. trpltongue

    trpltongue Regular Contributor

    Joined:
    Oct 13, 2019
    Messages:
    89
    Attached is a diagram of the data flow within the network as I *think* it needs to happen.

    The blue lines indicate one way data flow.
    Items in red outline do not need internet access.

    Network Connections.jpg
     
    Last edited: Oct 19, 2019
  7. Greg72

    Greg72 Regular Contributor

    Joined:
    Sep 24, 2019
    Messages:
    137
    Location:
    Central Illinois
    Actually you can route Airplay between without extra gear. https://community.ui.com/questions/0362cb7f-f38c-43ba-b10e-c2e5cc9dbe16

    The RV340 is not a power house same as the switch the OP wants to use, but will work to get them going in bette understanding how to work with VLAN’s. The OP will also have to setup a Linux server acting as the Bonjour Gateway, which the Raspberry Pi can do. All of this can be done with everything that is available to the average end user.
     
    Last edited: Oct 20, 2019
  8. coxhaus

    coxhaus Part of the Furniture

    Joined:
    Oct 7, 2010
    Messages:
    3,113
    Location:
    texas
    I guess you know the RV340 is not going to route any VLANs. VLANs will be routed by the L3 switch.

    I don't see the easy routing. Please explain.
     
  9. Greg72

    Greg72 Regular Contributor

    Joined:
    Sep 24, 2019
    Messages:
    137
    Location:
    Central Illinois
    Already knew that. The RV340 is going to get them understanding how to do VLAN's without sinking a bunch of money into a decent Router that is very capable of doing things that the RV300 series sucks at doing. I had the RV320 and ditched it when it failed miserably on a network that I was doing testing with for a client.
     
  10. coxhaus

    coxhaus Part of the Furniture

    Joined:
    Oct 7, 2010
    Messages:
    3,113
    Location:
    texas
    My daughter is using my old RV320 router with 19 people. It seems to run fine on a 200/10 connection. I have no issues. I am using a Cisco SG500X-24 L3 switch. The switch is real nice but a little noisy for me at home. The 2 fans are quiet not like Cisco's PRO gear but still to much noise for my closet.
     
  11. trpltongue

    trpltongue Regular Contributor

    Joined:
    Oct 13, 2019
    Messages:
    89
    The router and switch arrived today, both new in box. I was unpleasantly surprised to see that the switch is an EU version. The ad on eBay listed it as NA version. What issues can I expect with the EU version? I’m assuming it will be unsupported by Cisco but what about warranty?
     
  12. Greg72

    Greg72 Regular Contributor

    Joined:
    Sep 24, 2019
    Messages:
    137
    Location:
    Central Illinois
    It is a “Gray Market” area.
     
  13. coxhaus

    coxhaus Part of the Furniture

    Joined:
    Oct 7, 2010
    Messages:
    3,113
    Location:
    texas
    I don't think your EU switch will be warrantied in the US. I would send it back. Make sure your Cisco WAP581 are North America models.
     
  14. trpltongue

    trpltongue Regular Contributor

    Joined:
    Oct 13, 2019
    Messages:
    89
    Okay, so I got things sorted out with the switch.

    now it’s time to set things up piece by piece :)

    My understanding is that I’ll need to set the att gateway to an alternate ip address range so that I can use the Cisco default of 192.168.1.1 (I prefer to use that range in the Cisco).

    Then I’ll need to set my att gateway to put the Cisco router on DMZ mode.

    Then disable WiFi on the att gateway.

    All that is pretty straightforward, but I could use some help in configuring the Cisco. I just want to make sure that I don’t end up in an unprotected state by missing something in the Cisco setup. I would need to make sure that all the same internet protections from the att gateway are in place on the Cisco router as well.

    Thanks!

    Russell
     
  15. coxhaus

    coxhaus Part of the Furniture

    Joined:
    Oct 7, 2010
    Messages:
    3,113
    Location:
    texas
    I am not sure what you are talking about with the DMZ mode?

    I think if you cannot get the ATT router in bridge mode then you need to setup double NAT. IF you want to use 192.168.1.1 for your default gateway for clients then you need to use that network on the Cisco L3 switch as the L3 switch will be your default gateway for all clients on your local LAN. So VLAN1 on the L3 switch will be 192.168.1.1. If you add VLAN2 then the local clients on VLAN2 will use 192.168.2.1 for their default gateway, so on and so forth as you add VLANs. I hope this makes sense. You need to look up my old thread from several years ago which has me setting up a Cisco L3 switch. If I were you I would follow my setup as it works.

    I use 192.168.10.1 for my Cisco RV340 router. The RV340 router will have the L3 switch pointing to the RV340 router for default gateway for the switch only. None of your local clients will use the router for their default gateway. The L3 switch will do all the local routing.

    I use 192.168.1.254 for my L3 switch IP which is the default gateway for all VLAN1 clients. I started with the RV340 router using 192.168.1.1 and only the L3 switch pointing to the Rv340 router for it's default gateway. All clients pointed to the L3 switch 192.168.1.254 VLAN1 and then the L3 switch pointed to the router. I then later figured out I could put the RV340 router in a VLAN by itself so I created VLAN10. I used an access port on the L3 switch in VLAN10 to where the RV240 router had 192.168.10.1/30 and the L3 switch had on VLAN10 192.168.10.2/30. And the default gateway for the L3 switch only is 192.168.10.1. This forces the L3 switch to route. If you use a trunk port between the RV340 router and the L3 switch the router will end up routing instead of the L3 switch.

    I hope this helps. Ask more questions.

    PS
    To get this show running I would make the RV340 router 192.168.1.1 and connect to VLAN1 as an access port on the L3 switch. Make VLAN1 on the L3 switch 192.168.1.254. This will start the L3 switch routing for clients. Once you have this running then we can add more VLANs later. The next step will be to configure DHCP on the L3 switch using 192.168.1.254 as the default gateway in DHCP. Next turn off DHCP on the RV340 router. Get this running and we will then add another VLAN and test routing.
    Remember all local clients will use the L3 switch as their default gateway. The RV340 router does not know where the VLANs are so it can not route them. The rv340 just knows that it needs to send all the networks to the L3 switch. So you will need routing statements for each network VLAN we setup. The RV340 router knows about VLAN1 because it is a member of VLAN1 but all other VLANs need to be setup on the RV340 router pointing to the L3 switch.
     
    Last edited: Oct 25, 2019
  16. trpltongue

    trpltongue Regular Contributor

    Joined:
    Oct 13, 2019
    Messages:
    89
    Thanks for the awesome write up!

    I’ll definitely search back for your switch setup thread to understand a bit better.

    You are correct that there is no way for the ATT gateway to be placed in bridge mode.

    With that in mind, I’m wondering what use there is for the Cisco router if all the security will be done by the ATT gateway, and the routing will be done by the L3 switch? Or is it the case that the L3 switch will route traffic only between my LAN machines, and that internet traffic will be routed by the router? If so, couldn’t the ATT gateway do the same thing?

    You can tell I’m a network noob....
     
  17. degrub

    degrub Very Senior Member

    Joined:
    Dec 21, 2015
    Messages:
    910
    Does the ATT device support VLANs ?
     
  18. trpltongue

    trpltongue Regular Contributor

    Joined:
    Oct 13, 2019
    Messages:
    89
    No, it does not support VLans. Good catch. I still don’t understand that bit fully yet, so definitely missed that aspect of it.
     
  19. coxhaus

    coxhaus Part of the Furniture

    Joined:
    Oct 7, 2010
    Messages:
    3,113
    Location:
    texas
    I don't think the AT&T router needs to support VLANs as the L3 switch is handling all the VLANs. What the AT&T router needs to be able to do is route all network traffic to the L3 switch. Normally with the RV340 router there are routing statements for all the different networks. I don't know if the AT&T router can handle routing statements. If there is a way to do that then yes you don't need the RV340 router. I would assume the RV340 router would have a better firewall then the AT&T router but if you can get the AT&T router to route all the traffic then it will work.

    You can try the AT&T router if you want. The worst that can happen is you will only have internet on VLAN1.
     
  20. Greg72

    Greg72 Regular Contributor

    Joined:
    Sep 24, 2019
    Messages:
    137
    Location:
    Central Illinois