cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1352
Views
0
Helpful
4
Replies

Home VLAN on SG200s

nassosmichas
Level 1
Level 1

Hello!

I'm trying to separate the network traffic on my home setup using VLANs but going through the docs I must admit I feel a bit lost. I'm attaching a simplistic drawing of what I'm trying to achieve (in reality, there some some 50+ devices in my home network). My networking knowledge is limited, so please forgive me in advance if I misuse a term here and there making networking gurus going nuts

The idea is to separate the traffic from IP Cams into their own VLAN (5) , and the traffic from IP Phones to their own VLAN (7). However, I need certain devices (i.e. my main PC at 192.168.2.50/24) to be able to access simultaneously the Cams as well as the Phones VLANs, so for example, I can go through the admin settings of Cams and Phones. Naturally, I don't want any traffic between VLAN 5 and VLAN 7. The extra tricky part is that my devices are physically connected to different switches.

So, here are the questions:

Question 1:

Going through the forum and googling for the last three days, I saw people mentioning that it's not a good idea to have the same subnets in different VLANs. However, I realise this is my only option in order not to use a separate router (this being a home setup, I have limited budget, so I could throw in a router if this is absolutely the only way to make this work). Is my assumption correct or maybe doing this I'm breaking something else?

Question 2:

No matter what VLAN configuration I’m trying I can’t make this to work What I have tried:

- On SG200-08, I setup ports 1, 2 as ACCESS and assign them to VLAN 5 and VLAN 7 respectively. Being ACCESS ports, these are UNTAGGED.

- On SG200-08, I setup port 7 as TRUNK, with operational VLAN Membership 1U, 5T, 7T. Being a TRUNK port, I can only assign additional VLANs as TAGGED.

- On SG200-26, I setup port 15 as TRUNK with operational VLAN Membership 1UP, 5T, 7T. Being a TRUNK port, I can only assign additional VLANs as TAGGED.

- On SG200-26, I setup port 8 as General, with operational VLAN Membership 1UP, 5T, 7T (I also tried with 1UP, 5U, 7U).

According to my limited networking understanding, I would expect the above to work, but I’m obviously missing something here Can I please have some pointers?

Thanks!

4 Replies 4

DJX995
Level 3
Level 3

Your main problem is you need a L3 router that is VLAN aware.

Unfortunately the SG200s don't do routing so you will have to have a VLAN aware router that all your devices point to as their default gateway.

Your config looks correct otherwise.

The simplest way to set this up would be to get a L3 switch (preferably a 48-port so you could get rid of the SG200-08).

If you want to deny access between VLANs, you will have to setup ACLs.

For logical separation you are fine.

Thanks FratianD. However, having all my VLANs on the same subnet shouldn't actually allow me to see traffic from each other - provided the underlying port is "exposed" in both VLANs? I don't want to route traffic from one subnet to another. My "simple" requirement is to be able to tell to a port "When you send traffic, mark it as VLAN 5, but also listen for traffic on VLAN 7 (in addition to your own VLAN 5)". Isn't this possible? I though this is why General port type exists. I guess here's something I'm missing...

As I said above, my real configuration is a little bit more complex, with 5 x SG200-08 scattered around the house with each one having an "uplink" to the SG200-26 (plus buying an SG300-52 is totally out of budget ).

I would strongly suggest a more standard config for ease of management and growth.

If you cannot afford the devices, just wait and save some money so you can do this right.

The standard way of doing what you want is multiple subnets, one for each VLAN.

Layer 3 core switch that will route between the VLANs (this would be your default gateway).

If you need more access ports, then the SG200s are fine as access switches, just trunk them back to the core.

Default route on Layer 3 switch that points to your perimeter router.

I understand you are trying to make do with what you have but if you want to do it right, this is the way to go.

STEVEN WILCOX
Level 1
Level 1

What model router do you have to the internet?  My old WRVS4400N does vlans and does the routing between the vlan and internet.  I have a RV180W on the way.  Check out your current router?