What's new
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

VLAN and DHCP (tough question)

Jeroen1000

Regular Contributor
If you could please offer some advice on this I'll be very thankful:

My gear:
  • A cable modem (Motorola SURFboard)
  • A router (Draytek Vigor 2130)
  • A Switch (Cisco SLM2008)

Setup description:

The cable modem is connected to the Draytek's WAN port, and the Cisco switch is obviously connected to a Lan port. For simplification, all other devices I own are connected to the Cisco Switch.


Normal operation is as follows:

1. the cable modem will offer a routable IP (from my ISP) to my Draytek.
2. The Draytek will hand out DHCP addresses in the range of 192.168.0.x and will perform NAT.
3. all devices but *ONE* are in VLAN 2
4. One device, is in VLAN 3

My Q:

My cable modem can offer 2 routable IP's. One of those will be offered to the Draytek's WAN port, but the other one should be offered to that one device in VLAN 3.

So for VLAN 3 I do *not* want the Draytek to hand out a 192.168.0.x internal IP-address and subsequently, NAT is not needed for that VLAN. I want the device in VLAN 3 to get an DHCP offer from the cable modem and *not* from the Draytek router.

My thoughts:


1. Forgetting about VLAN's, I could place a switch between the cable modem and the Draytek. This would require the so-called "VLAN 3 device" to be directly connected to that switch. Since DHCP requests would not propagate beyond the Draytek's WAN interface, only the cable modem can offer an IP, wich would be the second routable IP my ISP hands out.

This would require me to get into the basement and pull a brand new cat5e wire. Plus I'd have to buy a switch. In short, bad idea:).

2. Briefly, I wondered about DMZ. But DMZ requires me to input an INTERNAL IP-address. I wish there was a kind of DMZ that converts a LAN port on the Draytek as a second WAN port. But wait... doesn't this sound like a 1 member VLAN:confused:

3. Can I somehow configure the Draytek to allow the VLAN 3 device to cross the WAN interface when asking for an IP? Of course the answer should also be able to return but no unsollicited broadcasts are to be allowed in the WAN -> LAN direction.

*Cries help*

Cheers,
Jeroen
 
Last edited:
If I'm understanding you correctly, you want VLAN3 to be your "internet" VLAN. This VLAN would consist of devices that should receive a public, routable IP via your ISP's DHCP.

So here's what you do: configure 3 ports on your switch as VLAN3. Then plug your cable modem, the WAN port for your router, and whatever other device you want to receive a DHCP from your ISP into these ports. Your router and the other device will then each get an IP from your ISP's DHCP.
 
If I'm understanding you correctly, you want VLAN3 to be your "internet" VLAN. This VLAN would consist of devices that should receive a public, routable IP via your ISP's DHCP.

Yes, that is entirely correct. The device in VLAN 3 is a TV setup box (My ISP also provides television). My ISP gives those boxes a "special" IP in some special range which is different from IP's they hand out for computers. I wonder what would happen if I were to clone the setup box's MAC;).

So here's what you do: configure 3 ports on your switch as VLAN3. Then plug your cable modem, the WAN port for your router, and whatever other device you want to receive a DHCP from your ISP into these ports. Your router and the other device will then each get an IP from your ISP's DHCP.

Okay, I'm not 100% in the loop here. So allow me to spell it out:

- I create a VLAN on my Draytek router, VLAN 3. VLAN 3 contains ports 2,3 and 4.
- Connected to that VLAN are:

1. The cable modem (on port 2)
2. My Drayteks WAN port (on port 3)
3. My VLAN enabled Cisco switch (on port 4)

The setup box will be in VLAN 3 on the Cisco switch. And will receive DHCP from my ISP. And my router will feel no desire to NAT traffic coming from the setup box because the cable modem is considered a local device (layer 2 is at work here so no NAT and routing required). Am I correct so far?

I can also see how the WAN port will be able to get DHCP. Its DHCP request will be broadcasted into VLAN 3 but only the cable modem will offer an IP.

If I'm still correct so far, this is the part I'm unclear on:

How will all the other devices in VLAN 2 receive an internal 192.168.0.x IP from my router? VLAN 2 is another VLAN on my Cisco switch. There is only one physical cable between my Cisco switch and the Draytek router.

I'll take a stab at answering this myself:

I put port 3 of the Draytek in VLAN 2 also so it becomes a trunk for VLAN 2 + VLAN3. A VLAN 2 device will ask DHCP and since all PUBLIC addresses have been handed out (1 for the WAN port and 1 for the setup box) the Drayteks DHCP server will hand out an internal 192.168.0.x address.

So VLAN 2 traffic would flow to the trunk port of the Draytek, next to the Drayteks WAN port and then to its switch port (where the cable modem is on) on the Draytek which is in VLAN 3? Perhaps that port should also be in VLAN 2 + 3 then.

You have introduced an interesting idea, thank you.
 
Last edited:
I managed to get this setup running by disabling my Draytek's DHCP server and putting everyting in 1 VLAN as the Draytek only does port based VLAN's. Hence, you cannot configure a trunk on it.

The trick to get a public IP on the WAN port worked just fine. Again, thanks for that one:).
 
What model is your Motorola?

I've just received a DrayTek 2130Vn running 1.5.1 beta firmware and a SURFboard SB6120, and my problem is as basic as it gets: I can't get the 2130 to connect to the modem via the WAN port. Just comes up as "Disconnected," even when I use the same settings as the older 2110Vn I've been running up until now.

I can't even resolve the modem's local IP when the 2130 is hooked up.

Any special trick you used to get the WAN up and running?

Oh, and I assume you're using Comcast? That's my ISP, which might or might not have something to do with it.
 
Last edited:
No Comcast here. I live in Belgium. Unfortunately I cannot check right now but I'll have a stab at it anyways.

I also have the same cable modem you have (but the E model. E= Eurodocsis)

perhaps comcast only issues 1 public IP and that IP may be tied to on of your computers. Unplug the Motorola for ... eum a while an then try again.

I believe that the only thing I did was select DHCP in the WAN interface tab. But I will be able to check tomorrow what exactly I've set up there.
 
Similar threads

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Back
Top