Simple VLAN setup - help please

[simpleuser6]

I had a Q&A with the IT department for better clarification. I'll keep it as informed as possibility because I don't understand half the lingo they were saying.

Universities are a pain in the butt, it's a new pilot program for "Work at Home". Being that it's a pilot program I believe they are IT students/interns doing the work .

What they preferred was not to use a router such as the Asus RT3100. ( I didn't read that part of the memo but they also didn't specify any type of equipment for use. My fault, I should've read thoroughly). Per memo, "wired connections is a must" so I assumed a router with LAN ports.

Now, they finally spoke and gave me a list. They assumed I can figure it out and go shopping for specific devices. Well, I'm in construction development lol. I can manage your construction needs that's it!

Preferred equipment:

Modem - Done!
Router - Edgerouter X
Switch - going to the office ( one LAN port )
WAP- Can I still use the ASUS RT3100 or something else?

They will configure the edgerouter and ETC., then I plug in the rest for the house.

I've was reading about the edgerouter and that makes more sense it can allocate LAN ports, VLANs and eliminate communication through firewall.

They are using a VPN. The explanation was to use VLAN's to segregate connections from home network and isolating the university equipment. No clue about VPN's.

The good, all equipment are reimbursed along with ISP monthly charges. The bad, learning new skills .

 

[martinr]

.....
The good, all equipment are reimbursed along with ISP monthly charges. The bad, learning new skills .

Then wouldn’t the ideal solution be a separate phone line to a new router to which only the wirk device(s) are attached. Complete physical seaparation from your home network. I was thinking of this at the start but it seemed you were having to foot the bill.

I do think it unfair that they expect people to become instant IT experts, unless this is really a surreptitious pilot course in IT Networking and you get a diploma when you have it up and running?

 

[simpleuser6]

Initially that was my first thought however, Comcast doesn’t allow 2 modems in residential according to their sales rep. Unless I have a business listed in a residential home then I could have residential and business accounts. Or two electrical meters signifying two separate addresses in the property.

I didn’t mind doing the work myself but I didn’t realize I dug myself deeper in the networking world. Then again, I found it interesting and gave me a hobby

 

[martinr]

I didn’t mind doing the work myself but I didn’t realize I dug myself deeper in the networking world. Then again, I found it interesting and gave me a hobby

And you never know where it’ll lead. At the end of it you’ll certainly know far more about IT Networking than anyone in IT will know about construction.

Keep us up to date with developments: you’ve started a very interesting topic.

 

[L&LD]

simpleuser6, reading over your post 21 again, I don't see why my suggestion in post 12 won't work.

If these students/advisers knew their stuff, they would have been able to use the RT-AC3100 to have you up and running already.

Without the additional (expensive) router or switch(es) required. Even if you do get reimbursed for it, and they set it up for you, they will essentially have your home network at their mercy. Not something that sits well with me at all.

What device(s) will you actually use to connect to their network? Do you have that hardware already? What software (if any) is to be used to ensure a secure connection?

All you really need is the actual connection details and software required on those devices to connect. The rest can be done with help from the helpful members here.

They're making this much too complicated for you (and us!).

Having done this a few times for 'work at home' individuals, I know that a 5-minute installation from someone familiar with computers can be easily turned into a week's worth of wasted nights trying to get the bit and pieces in the right spots to make a secure connection as required.

I'm not trying to bypass any requirements here. I'm just all too familiar with students/interns making sure to follow 'the fine print, in a step-by-step fashion' for fear of messing up (and being responsible!) but with the end result of looking like they don't know what they're doing and offering little towards resolving anything except following what they've been told.

I'm assuming that a desktop computer will be used. I'm also assuming a printer/scanner too, directly connected to the computer. What we need now is the method (software) that is used to connect. To test it, you can just connect the cheap router directly to the modem (yes, your network will be down for a bit) to see if that part of it works.

If it does, try again by plugging it directly to a LAN port on your RT-AC3100. If it works? Great! If not? This is where we may be of further assistance.

 

[ColinTaylor]

@simpleuser6 Just a point of clarification - If you were to get an EdgeRouter X as they suggested would they configure it for you? If the answer is Yes then that is probably the way to go.

The setup would then be similar to that @L&LD suggested but using the EdgeRouter instead of an RT-N12D. The EdgeRouter is small, inexpensive and suited for this kind of role.

The EdgeRouter would be configured so that one port is your "home" VLAN and another port is the "office" VLAN. The EdgeRouter only has 5 ports, 3 of which are now in use. The other 2 could be used for the office VLAN but that's probably not enough (or in an inconvenient location), hence the need for another switch.

Your existing home network would be left "as is" with the only difference being that it is now "double-NATed".

 

[L&LD]

@simpleuser6 Just a point of clarification - If you were to get an EdgeRouter X as they suggested would they configure it for you? If the answer is Yes then that is probably the way to go.

The setup would then be similar to that @L&LD suggested but using the EdgeRouter instead of an RT-N12D. The EdgeRouter is small, inexpensive and suited for this kind of role.

The EdgeRouter would be configured so that one port is your "home" VLAN and another port is the "office" VLAN. The EdgeRouter only has 5 ports, 3 of which are now in use. The other 2 could be used for the office VLAN but that's probably not enough (or in an inconvenient location), hence the need for another switch.

Your existing home network would be left "as is" with the only difference being that it is now "double-NATed".

I would say not only double-NATed but also be at the mercy of the setup they did and told you about and the setup they may not have told you about.

I would not let anyone's equipment inside my network. Not anyone. Unless I had full and complete control over it. And could buy it myself (not provided).

 

[ColinTaylor]

I would say not only double-NATed but also be at the mercy of the setup they did and told you about and the setup they may not have told you about.

Well that's for him to examine and check what they've done. It should be a fairly straight forward setup. Or are you suggesting that they're going to deliberately hide malicious code?

I would not let anyone's equipment inside my network. Not anyone. Unless I had full and complete control over it. And could buy it myself (not provided).

I believe the proposal is that he buy the equipment himself. So it is his equipment and he does have full and complete control over it.

 

[L&LD]

Well that's for him to examine and check what they've done. It should be a fairly straight forward setup. Or are you suggesting that they're going to deliberately hide malicious code?

I believe the proposal is that he buy the equipment himself. So it is his equipment and he does have full and complete control over it.

Having paid for it doesn't automatically mean having control. I'm not suggesting anything deliberate or malicious. I don't know anyone involved at all.

But I would be remiss to not suggest to be wary to member simpleuser6, who is here asking for our help.

 

[simpleuser6]

L&LD, ColinTaylor

I appreciate the suggestions and concerns regarding our home network. It's been a week since I last posted and that week was spent researching and making sure that the network was properly setup "to my knowledge".

1. I kept the Asus Router, I purchased it for $150 at Best Buy during a promo they had so at it's purchase price it was a keeper.
2. I purchased the edgerouter X and configured it myself. By using the firewall, I was able to entirely segregate one port for "office" and a managed switch. Leaving me with 1 port for "home office" LAN with a switch and 2 ports as a 2nd LAN.
3. I'm using the RT3100 as an access point for now with the 2nd LAN for WiFi and wired xbox and PS4 in the RT3100 ports.
4. All have their own subnets.

IT setup. I directed them to use the "office" port just with it's subnet "192.168.10.100. From there, I created a vlan to use with the managed switch which they then connected desktop, phone, printer, a small box (which they named storage) I looked into it and it was just work files. VPN connection which I log into for work (I'm not sure if VPN is the proper term but its similar to what I log into at the office.)

A week later, I lot of research and what not. It's finally resolved "To my knowledge". I'm sure there's more to do to fine my initial setup, more tinkering around.

Network seems to be stable with edgerouter X and RT3100. I'm still getting close to 1 gig wired connections and 550-600 WiFi.

Lesson Learned: ALOT!! I felt like I took a networking class worth 5 credits. All of your suggestions were used for google searches to reference what I'm doing. This experience is something I will write a memo about regarding our "Work at Home" program. It needs to be simplified or have an experience IT with an intern. In construction, it's referred to as an apprentice with a journeyman.

Again, thank you for all your help and suggestions. Can I assume a lot of the guys here work as a professional IT or very knowledgeable individuals with a passion for networking?

 

[simpleuser6]

Just to add, I've never used CLI before except the old school DOS which I hardly remember to use. That was a whole new world to get into, quite addicting

 

[L&LD]

L&LD, ColinTaylor

I appreciate the suggestions and concerns regarding our home network. It's been a week since I last posted and that week was spent researching and making sure that the network was properly setup "to my knowledge".

1. I kept the Asus Router, I purchased it for $150 at Best Buy during a promo they had so at it's purchase price it was a keeper.
2. I purchased the edgerouter X and configured it myself. By using the firewall, I was able to entirely segregate one port for "office" and a managed switch. Leaving me with 1 port for "home office" LAN with a switch and 2 ports as a 2nd LAN.
3. I'm using the RT3100 as an access point for now with the 2nd LAN for WiFi and wired xbox and PS4 in the RT3100 ports.
4. All have their own subnets.

IT setup. I directed them to use the "office" port just with it's subnet "192.168.10.100. From there, I created a vlan to use with the managed switch which they then connected desktop, phone, printer, a small box (which they named storage) I looked into it and it was just work files. VPN connection which I log into for work (I'm not sure if VPN is the proper term but its similar to what I log into at the office.)

A week later, I lot of research and what not. It's finally resolved "To my knowledge". I'm sure there's more to do to fine my initial setup, more tinkering around.

Network seems to be stable with edgerouter X and RT3100. I'm still getting close to 1 gig wired connections and 550-600 WiFi.

Lesson Learned: ALOT!! I felt like I took a networking class worth 5 credits. All of your suggestions were used for google searches to reference what I'm doing. This experience is something I will write a memo about regarding our "Work at Home" program. It needs to be simplified or have an experience IT with an intern. In construction, it's referred to as an apprentice with a journeyman.

Again, thank you for all your help and suggestions. Can I assume a lot of the guys here work as a professional IT or very knowledgeable individuals with a passion for networking?

This is a great follow up! Thank you. 5 Stars to a great pupil who went above and beyond!

Am very glad to be able to help and great to see some of our posts inspired you to learn even more.

Yes, I do many things, including networking for which I also have a passion for.

 

[ColinTaylor]

Thanks for the update @simpleuser6. That's good news and great encouragement for other users. As Naomi Wu would say "If I can do it, anyone can do it."

Yes there are many professionals on these boards, but all skill levels are welcome.