Will this network configuration work?

[Scheimong]

The small business owned by a family member is moving into a new office space, and I helped them plan their networking setup.

 

They've got a pretty fancy router (Netgear Nighthawk X10) that has great performance in general and even supports 10Gbps SFP+. Therefore I am planning to keep using it as both the DHCP server for the whole network, and also the access point for WLAN. For the purpose of best signal coverage, this router has to be placed on a shelf in the centre of the office, therefore outside of the server/networking cabinet. Therefore this is the current plan:

 

 

* The use of 10G Fibre connection from the Nighthawk to the switch is due to the desire for fast LAN speeds between an ethernet-connected PC to a wirelessly-connected mobile device.

 

However since the cable run from the cabinet to the centre of the office is not negligible, I am wondering if it is possible to eliminate the long cable in red by connecting the modem and the switch instead, like this:

 

 

I am slightly concerned, because with the original plan, it's pretty self-explanatory how the cables should be connected. The 1G Base-T from the modem simply goes into the WAN port of the Nighthawk, then set Nighthawk's SFP+ port to be a LAN port, and I'm all set.

 

However with the modified plan, I really do not know whether the connected device will or will not have internet access. Does anyone know, whether something like this can be done? If yes, is there any special configuration in software I need to make? If no, is there any other way this whole plan can be optimised? Thanks.

[LAwLz]

8 minutes ago, Scheimong said:

I am slightly concerned, because with the original plan, it's pretty self-explanatory how the cables should be connected. The 1G Base-T from the modem simply goes into the WAN port of the Nighthawk, then set Nighthawk's SFP+ port to be a LAN port, and I'm all set.

 

However with the modified plan, I really do not know whether the connected device will or will not have internet access. Does anyone know, whether something like this can be done? If yes, is there any special configuration in software I need to make? If no, is there any other way this whole plan can be optimised? Thanks.

Sadly I don't think this will work.

Whether or not it is possible entirely depends on the router. Most consumer routers have a dedicated port for the WAN connection, and dedicated ports for the LAN connection. What you want to do is use a single port as both the WAN and LAN connection, which is typically not supported on consumer hardware.

 

What I would have done with other gear (or if your gear supports it) is this:

Create two subinterfaces on the SFP port on your NetGear router. One for VLAN 10 and one for VLAN 100.

VLAN 10 will be "outside" and VLAN 100 would be "inside".

 

On the switch, set the port connected to your modem as "access vlan 10", the port to your router as "trunk, allowed vlan 10, 100" and all other ports as "access vlan 100".

That would create a setup where everything is logically behind your router (like in the first diagram) despite not physically being connected that way.

Sadly, subinterfaces and VLANs are typically not supported on non-enterprise equipment.

 

I think you will have to somehow put down two cables to your networking cabinet. One for connecting to your modem and one for connecting to your switch.

[TheBean]

I didn't read any of the text yet. just looking at the 2 pictures, I would assume that both would work but the 2nd option might be better. 

[Scheimong]

3 minutes ago, LAwLz said:

Sadly I don't think this will work.

Whether or not it is possible entirely depends on the router. Most consumer routers have a dedicated port for the WAN connection, and dedicated ports for the LAN connection. What you want to do is use a single port as both the WAN and LAN connection, which is typically not supported on consumer hardware.

 

What I would have done with other gear (or if your gear supports it) is this:

Create two subinterfaces on the SFP port on your NetGear router. One for VLAN 10 and one for VLAN 100.

VLAN 10 will be "outside" and VLAN 100 would be "inside".

 

On the switch, set the port connected to your modem as "access vlan 10", the port to your router as "trunk, allowed vlan 10, 100" and all other ports as "access vlan 100".

That would create a setup where everything is logically behind your router (like in the first diagram) despite not physically being connected that way.

Sadly, subinterfaces and VLANs are typically not supported on non-enterprise equipment.

 

I think you will have to somehow put down two cables to your networking cabinet. One for connecting to your modem and one for connecting to your switch.

Ah, thanks for the professional help. Yeah for some reason I haven't thought of VLAN... I am planning to purchase an enterprise grade switch for them though; that thing will certainly have VLAN support. I will check on the router side a few days later when I visit their current office. Will keep you updated!

[Scheimong]

7 minutes ago, LAwLz said:

Sadly I don't think this will work.

Whether or not it is possible entirely depends on the router. Most consumer routers have a dedicated port for the WAN connection, and dedicated ports for the LAN connection. What you want to do is use a single port as both the WAN and LAN connection, which is typically not supported on consumer hardware.

 

What I would have done with other gear (or if your gear supports it) is this:

Create two subinterfaces on the SFP port on your NetGear router. One for VLAN 10 and one for VLAN 100.

VLAN 10 will be "outside" and VLAN 100 would be "inside".

 

On the switch, set the port connected to your modem as "access vlan 10", the port to your router as "trunk, allowed vlan 10, 100" and all other ports as "access vlan 100".

That would create a setup where everything is logically behind your router (like in the first diagram) despite not physically being connected that way.

Sadly, subinterfaces and VLANs are typically not supported on non-enterprise equipment.

 

I think you will have to somehow put down two cables to your networking cabinet. One for connecting to your modem and one for connecting to your switch.

I will put down an extra ethernet cable from the router to the cabinet just to be safe though. The tube's well wide enough to fit a couple of cables.

[LAwLz]

6 minutes ago, Scheimong said:

Ah, thanks for the professional help. Yeah for some reason I haven't thought of VLAN... I am planning to purchase an enterprise grade switch for them though; that thing will certainly have VLAN support. I will check on the router side a few days later when I visit their current office. Will keep you updated!

Just remember that VLANs might not save you. The features you need are:

1) VLAN tagging on your router.

2) Subinterface support on your router.

3) The ability to send WAN traffic on LAN ports on your router.

 

All three of those are uncommon in consumer gear, but you need all three to make your setup work.

 

  

4 minutes ago, Scheimong said:

I will put down an extra ethernet cable from the router to the cabinet just to be safe though. The tube's well wide enough to fit a couple of cables.

Yeah that's a good idea. That will 100% for sure work without any special features necessary. Will probably be useful in the future as well.

[Falcon1986]

4 hours ago, Scheimong said:

I will put down an extra ethernet cable from the router to the cabinet just to be safe though. The tube's well wide enough to fit a couple of cables.

What kind of switch do you have that supports 10Gbps fiber? If you have something like this already, I’m assuming it’s enterprise-grade.

 

Anyway, my approach to this would be a little simpler: Between the modem and switch I would place an EdgeRouter-X and let that be your network’s router. You can even get the SFP version although it’s still 1Gbps. Then set up the X10 in access point mode and connect it to the switch. This keeps it at 1 cable to the X10 (which can be fiber) and your wired/wireless devices still having fast LAN communication.

[Scheimong]

6 hours ago, Falcon1986 said:

What kind of switch do you have that supports 10Gbps fiber? If you have something like this already, I’m assuming it’s enterprise-grade.

Not sure which exact brand or model I'm going to go with just yet, but it will certainly be a managed switch with VLAN splitting&tagging support.

6 hours ago, Falcon1986 said:

Between the modem and switch I would place an EdgeRouter-X and let that be your network’s router.

Thanks for the suggestion, but I'd much rather live with an extra cable than an extra router.

[Scheimong]

10 hours ago, LAwLz said:

Just remember that VLANs might not save you. The features you need are:

1) VLAN tagging on your router.

2) Subinterface support on your router.

3) The ability to send WAN traffic on LAN ports on your router.

 

All three of those are uncommon in consumer gear, but you need all three to make your setup work.

Turns out you are correct. I checked with their network admin, and it seems like the X10 does not support VLAN tagging on its SFP+ port unfortunately, not to mention subinterfaces. I won't be messing with third party firmware - that seems dangerously stupid for an office deployment. I will be sticking to the original plan for now then.