VLans

[Agent Crimson]

I need to setup VLans but don't really know how to. I tried to figure it out but got confused. 

The thing that question me is do I need to do some configuration on my router for VLans? My router is a really mediocre one the one which ISPs give was thinking to upgrade because whole network is full of expensive racks, Cisco switches and APs with a crap ton of cameras but I needed a stand alone unit can't use a server type machine for pfsense or other routing softwares. Also what would be a good around a 5 port level3+ network switch Vlan capable except Microtik

[Donut417]

4 minutes ago, Agent Crimson said:

I need to setup VLans but don't really know how to. I tried to figure it out but got confused. 

The thing that question me is do I need to do some configuration on my router for VLans? My router is a really mediocre one the one which ISPs give was thinking to upgrade because whole network is full of expensive racks, Cisco switches and APs with a crap ton of cameras but I needed a stand alone unit can't use a server type machine for pfsense or other routing softwares. Also what would be a good around a 5 port level3+ network switch Vlan capable except Microtik

You need devices that support Vlans. 

[Windows7ge]

On a network switch when you create VLANs the most common practice is to create a Trunk Port which leads back to the router. This TrunK shares all the VLANs. You then create sub-interfaces on the router to keep the VLANs seperate from each other. Otherwise the VLANs will be able to communicate with one another through the router.

[Viper9]

To route packets between VLANs you need a router or a L3 switch. The best way to do it is with a L3 switch because you don't need another device to route packets. 

 

Or you use a router using a trunk port between the switch and the router (router on a stick). 

 

But I would recommend a L3 switch and a firewall (like a Cisco ASA or a Fortigate).  

[Agent Crimson]

18 minutes ago, Windows7ge said:

On a network switch when you create VLANs the most common practice is to create a Trunk Port which leads back to the router. This TrunK shares all the VLANs. You then create sub-interfaces on the router to keep the VLANs seperate from each other. Otherwise the VLANs will be able to communicate with one another through the router.

Any suggestions on what Router I can upgrade to and what switch I should get? 

[Agent Crimson]

1 minute ago, Viper9 said:

To route packets between VLANs you need a router or a L3 switch. The best way to do it is with a L3 switch because you don't need another device to route packets, but it can be expensive. 

 

Or you use a router using a trunk port between the switch and the router (router on a stick). 

 

But I would recommend a L3 switch and a firewall (like a Cisco ASA or a Fortigate).  

Any suggestions which ones I should get? 

[Viper9]

2 minutes ago, Agent Crimson said:

Any suggestions which ones I should get? 

For the firewall/router I would go with either a Cisco ASA or a Fortigate. If you're more on a budget, you could go with a Ubiquiti UDM Pro. 

 

For the switch it depends, how many RJ45 ports do you need? 

[Windows7ge]

5 minutes ago, Agent Crimson said:

Any suggestions on what Router I can upgrade to and what switch I should get? 

Routers that support worthwhile features like sub-interfaces I'm no good at recommending. Only one I can name off the top of my head would be the CISCO 1941 but you won't want that. Most of the configuring would be done via Console.

 

For switches I like Ubiquiti's equipment. Look into their Edge Series. They cost a little more but come with WebUI's.

[Agent Crimson]

7 minutes ago, Viper9 said:

For the firewall/router I would go with either a Cisco ASA or a Fortigate. If you're more on a budget, you could go with a Ubiquiti UDM Pro. 

 

For the switch it depends, how many RJ45 ports do you need? 

Not a lot I need 4 at any point in my network so the cheapest but the best one if that makes sense would be great for me

[Viper9]

11 minutes ago, Agent Crimson said:

Not a lot I need 4 at any point in my network so the cheapest but the best one if that makes sense would be great for me

Ok so if you're more on a budget I suggest to go with a Ubiquiti UDM Pro, there's already a 8 ports switch built in. It's not PoE though so it could be usefull to have a PoE capable switch for your cameras or you can use power injectors for each of them. 

 

Also I suggest some Ubiquiti AP like the UAP-AC-LR. 

 

[Agent Crimson]

2 minutes ago, Viper9 said:

Ok so if you're more on a budget I suggest to go with a Ubiquiti UDM Pro, there's already a 8 ports switch built in. It's not PoE though so it could be usefull to have a PoE capable switch for your cameras or you can use power injectors for each of them. 

 

Also I suggest some Ubiquiti AP like the UAP-AC-LR. 

Um UDM Pro doesn't have a L3 switch and I already have Cisco APs not really into Ubiquiti to be really honest 

[Viper9]

6 minutes ago, Agent Crimson said:

Um UDM Pro doesn't have a L3 switch and I already have Cisco APs not really into Ubiquiti to be really honest 

Then to be honest, I would speak with a Cisco reseller and talk to them about your needs. If you already have Cisco equipment I would stay with Cisco. 

 

So basically you would need a ASA firewall and a L3 switch with PoE ports. 

[Agent Crimson]

17 hours ago, Windows7ge said:

Routers that support worthwhile features like sub-interfaces I'm no good at recommending. Only one I can name off the top of my head would be the CISCO 1941 but you won't want that. Most of the configuring would be done via Console.

 

For switches I like Ubiquiti's equipment. Look into their Edge Series. They cost a little more but come with WebUI's.

I was thinking to get the EdgeRouter X and configuring sub interfaces on it to its physical ports and just connecting it to my separate switches for cameras and main network will that work. Because a L3 switch will also do a similar thing virtually dividing the switch. But in my case I already have 3 seperate switchs for all the 3 seperate networks but till now they were connected directly to my Router without sub interfaces..... 

[Windows7ge]

5 hours ago, Agent Crimson said:

I was thinking to get the EdgeRouter X and configuring sub interfaces on it to its physical ports and just connecting it to my separate switches for cameras and main network will that work. Because a L3 switch will also do a similar thing virtually dividing the switch. But in my case I already have 3 seperate switchs for all the 3 seperate networks but till now they were connected directly to my Router without sub interfaces..... 

You could setup something like a pfSense box with a four port NIC then create a network on each physical interface. It'd allow you to keep using those switches. Cheaper option basically.

 

But yes, say a large 48 port switch you could divide into 3 or four VLANs then have one uplink (Trunk) to the router with VLAN tagging.