Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
Nipplemilk909

Vlan setup on cable modemrouter and switch

Recommended Posts

Posted · Original PosterOP

hi, 

So I'm setting up my home network and have 

Modem router for time warner 

Netgear switch with vlan capabilities 

 

I'm trying to create several vlans for my network one being a network that all wireless phones can connect to. Can I use the router as an access point for that vlan?

Link to post
Share on other sites

I'm making 3 major presumptions from your statement

  1. The Time Warner box is a router/modem/firewall/access point or router/modem/access point.
  2. you mean to provide 802.11 wireless ethernet to these phones for internet access. 
  3. The netgear switch is not a Layer 3 IP switch that supports inter-vlan routing

 

If that is all true then the answer is a resounding yes.

 

HOWEVER, if you wish to send IP traffic from the phones and route to other VLANs on your wired nework (e.g. for some internal application that is only accessible on your wired network) then it depends on the setup.

 

Most ISPs will lock down their router/modem to not  be configurable by the enduser. They do this for one or several of the following reasons:

  1. The settings are not to be shared with the end user to avoid abuse or exposure.
  2. The router is CHEAP/SIMPLE such as an ethernet-to-cable bridge.
  3. The ISP wishes to avoid costly IT intervention because, let's face it, people are usually ignorant and will screw up anything they can mess with to figure out how it works. 
  4. On more advanced modem/router/AP/Switch devices they provide very rudimentary access as a courtesy for the more advanced users (They still don't trust you not to muck it up though)
  5. Business grade devices cost big money

 

Routers that provide inter-vlan routing or subnet-to-subnet routing on internal interfaces generally cost more, the functionality is not included on "All-in-one" devices, and for a simple internet connection via fiber/cable/DSL they are not likely to be provided as a "gimmie" by the ISP for non-business accounts. 

 

To route between VLANs (using VLAN trunking) you would need a router or layer 3 switch that supports VLAN trunking (if you are using 802.1Q vlan trunking connection from your netgear switch) or multiple physical ports, one to each subnet (if you are not using 802.1Q vlan trunking).  If only one network address range is supported on the TW router(usually 192.168.0.x or 192.168.1.x) you could use this separate internal router or layer 3 switch for inter-VLAN routing for the wired network. Otherwise you would also need to perform NAT translations to the inside network address range to and from each VLAN (as is the case on a standalone firewall device). 

 

Here is your topology with the extra device:

Phones

     |

     |

TW modem/router/AP ----VLAN aware router/L3 switch----Netgear SW---wired hosts

 

The topology becomes simpler if:

A. the Netgear SW is a Layer3 switch

OR 

B. if  the TW modem/router/AP supports intervlan routing, switched virtual interfaces, firewalling and many-to-one or many-to-many NAT or PAT.

 

In the case of possibility A:

 if the Netgear switch supports intervlan routing/layer3 switching then you simply set up the routing from VLAN-to-VLAN, assuming the wireless is bridged to it's internal network address range by the TW device (most all-in-one router/ap/switch/modem devices do this.)

 

If the case is possibility B (though highly unlikely for a consumer grade device that is provided by the service):

If the features are part of your timewarner device you would configure your wireless connection as switched virtual interface in a DMZ for firewalling, configure VLAN trunking on the port connecting to your netgear switch, configure NAT or PAT from your various VLAN address ranges (and any DHCP address range pools if the modem/router/ap/firewall/switch is also your DHCP server), and lastly the routing table for inter-VLAN routing.

 

in the case of A. or B. your topology goes to:

 

phones

    |

    |

TW wireless AIO device----netgear L3 switch---hosts

 

OR

 

phones

    |

    |

TW wireless AIO device----netgear switch---hosts

 

Link to post
Share on other sites
Posted · Original PosterOP
On Saturday, January 21, 2017 at 10:40 PM, Brightglaive said:

The netgear switch is not a Layer 3 IP switch that supports inter-vlan routing

The netgear switch I got says it has vlan capabilities and its managed

 

On Saturday, January 21, 2017 at 10:40 PM, Brightglaive said:

if the Netgear switch supports intervlan routing/layer3 switching then you simply set up the routing from VLAN-to-VLAN, assuming the wireless is bridged to it's internal network address range by the TW device (most all-in-one router/ap/switch/modem devices do this.)

 

Gotacha, make a vlan say 99 and brigde it with a wired vlan say vlan1 .. Default vlan? 

 

 

 

Also

 

The modem router I got was a higher end one that was approved by tw and x infinity 

Link to post
Share on other sites

Sorry to burst your bubble but just because a switch is managed and supports VLANs does not make it a Layer 3 switch.  Additionally, if you just bridge the wireless to VLAN 1 then all of your wireless clients will be connected to your internal network. In which case I would hope there is some sort of firewalling on the time warner device. 

 

Best practices would have you place the wireless in a DMZ and then route the traffic  to your internal network. This is the way *MOST* "Wireless Routers" should work. (However some wireless "router"s just bridge the traffic to your wired network thereby bypassing any protection firewalling would provide on the device.) If your wireless is in a DMZ, a malicious user may connect to your wireless but your entire network is not compromised. It also gives the added comfort of having some security in place to recognize and defend against attacks from a malicious wireless user. 

 

For simplification sake I'll just call the time warner device a wireless router instead of modem/router/switch/wireless AP/firewall. And I will presume that you have firewalling on the device. Feel free to correct me if I'm wrong. 

 

Here are the 4 key questions if that is the case:

1. Look in the setup options of the web interface on the wireless router. Does the wireless router support 802.1Q VLAN trunking?

2. Can you setup sub-interfaces with their own IP address for each VLAN that is trunked to the wireless router?

3. Can you set up your own routing table on the wireless router?

4. If the router creates a DMZ for the wireless, what reason would you need to segment your home network into separate VLANs?

 

I can come up with many scenarios where this would be important and smart for a business to do. However I can't think of one reason to do it on a home network without using some pretty expensive equipment that you likely do not have. 

 

 

Link to post
Share on other sites
Posted · Original PosterOP
On Tuesday, January 24, 2017 at 11:11 PM, Brightglaive said:

If your wireless is in a DMZ, a malicious user may connect to your wireless but your entire network is not compromised

But what woULd be compromised ? What would stay safe and what would be open to threat? So I'm trying to make sense of it, the DMZ would have the router "connected" to it and anything on the hole wireless network would be umbrelladd by the DMZ? Not any Ethernet connected pcs right? Since they would be outside the DMZ? 

This DMZ sound interesting sort of like a vpn.. Could I use a DMZ and VPN simultaneously? 

On Tuesday, January 24, 2017 at 11:11 PM, Brightglaive said:

 

I can come up with many scenarios where this would be important and smart for a business to do. However I can't think of one reason to do it on a home network without using some pretty expensive equipment that you likely do not have

I'm not tryina  to have a business setup with lots of data and traffix, but go more for security and segmenting things off since I would have users in my home network not up to par with the sense of network security any security for that matter 

Link to post
Share on other sites

I think we have gone VERY far afield form your original question.

 

Let's recap: 

 

Can you use the Time Warner AIO wireless router to route traffic from an 802.11 wireless ethernet network to an internal network? On the most basic level, yes. Can you use the AIO wireless router for routing between VLANs on the internal switch? Well....maybe...if the router and switch support it.  Are there security concerns in this network design? There can be, based on the functionality of the AIO wireless router.

 

I apologize for not asking sooner, what is the model of the netgear switch you are using? What is the manufacturer and model of the AIO wireless router that timewarner has provided?

 

Link to post
Share on other sites
Posted · Original PosterOP
5 minutes ago, Brightglaive said:

 

I apologize for not asking sooner, what is the model of the netgear switch you are using? What is the manufacturer and model of the AIO wireless router that timewarner has provided?

My apologies, I should have out the hardware info 

Netgear ac 1750 WiFi cable modem router 

Model number c6300

 

Netgear prosafe 

Gs105E switch

Link to post
Share on other sites

Based on the info you gave....No. The wireless router does not support 802.1Q VLAN trunking or subnet routing on the switch interfaces. While you can configure VLANs on the netgear gs105e, the switch on the router doesn't support the VLAN trunking. Think of the switchports on the router as being part of a unmanaged non-configurable switch connected directly to the router.  The switch doesn't support 802.1Q and therefore the router connection to the "dumb" switch is not configured (or configurable even) for VLAN support. 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×