VLANs without VLAN-aware router?

[ExplodingTNT]

So I have a Netgear XR500 (lame consumer grade stuff, no VLAN support) as my main router, and it's connected to a Netgear GS724TPv2 smart switch. I want to create a VLAN for wired IoT devices, so they cannot talk to each other or other devices on the network, but can still have internet. Is this possible? (I also have a VLAN-enabled AP lying around that I could use for wireless IoT stuff)

[schizznick]

It depends on the device, some will pass the vlan header without an issue, some will not. You'd have to try it. However for the IOT devices to have internet your Router would also have to support VLAN's or strip the VLAN before it gets to the router. 

[ExplodingTNT]

51 minutes ago, schizznick said:

It depends on the device, some will pass the vlan header without an issue, some will not. You'd have to try it. However for the IOT devices to have internet your Router would also have to support VLAN's or strip the VLAN before it gets to the router. 

What if some devices don't need internet, and just need access to a single local server? The server would need full internet access though. How would I configure that? The server would need to be part of multiple VLANs, and the no internet devices won't have access to the router, so how would that work?

[schizznick]

The easiest method would be to have a trunk interface between the server and a switch with both VLAN's. A trunk interface allows multiple VLAN's so your server/OS needs to support this. If that works then the server could talk to both VLAN's. What OS is your server using? What smart switch do you have?

[ltguy]

$300 for a router without vlans....  Go buy a refurb core2duo pc for $80 and install pfsense. Done.   We need some consumer education on what piles of crap consumer routers are.

[beersykins]

4 hours ago, ltguy said:

Go buy a refurb core2duo pc for $80 and install pfsense

That's a lot more expensive than a $40 Ubiquiti ERX or something from an electricity perspective as well.  I agree that the price was inflated on the one he bought, gamer marketing gets people to shell out for anything, although some solutions are more practical than others.

[ExplodingTNT]

2 hours ago, beersykins said:

That's a lot more expensive than a $40 Ubiquiti ERX or something from an electricity perspective as well.  I agree that the price was inflated on the one he bought, gamer marketing gets people to shell out for anything, although some solutions are more practical than others.

Lol I wouldn't have bought it for the price, I got it for free ?

7 hours ago, schizznick said:

The easiest method would be to have a trunk interface between the server and a switch with both VLAN's. A trunk interface allows multiple VLAN's so your server/OS needs to support this. If that works then the server could talk to both VLAN's. What OS is your server using? What smart switch do you have?

The server is running Ubuntu 18.04 Server ( it's a old Gateway prebuilt with a Core 2 quad and Intel Ethernet).

The switch is a Netgear GS724TPv2.

[schizznick]

8 hours ago, ExplodingTNT said:

Lol I wouldn't have bought it for the price, I got it for free ?

The server is running Ubuntu 18.04 Server ( it's a old Gateway prebuilt with a Core 2 quad and Intel Ethernet).

The switch is a Netgear GS724TPv2.

Running Ubuntu you can setup VLAN's and provided the NIC isn't crap you should be good. This is a good reference https://www.techonia.com/448/create-vlan-ubuntu-linux. I would add the 2 VLAN's then connect it to a trunk port on the smart switch with both VLAN's on it. Then feed the VLAN's you need as access ports to the other interfaces on the switch. 

[ExplodingTNT]

2 hours ago, schizznick said:

Running Ubuntu you can setup VLAN's and provided the NIC isn't crap you should be good. This is a good reference https://www.techonia.com/448/create-vlan-ubuntu-linux. I would add the 2 VLAN's then connect it to a trunk port on the smart switch with both VLAN's on it. Then feed the VLAN's you need as access ports to the other interfaces on the switch. 

This is really confusing... So each VLAN needs it's own subnet/different IP addresses? And when I add a VLAN to Ubuntu, I have to give it a subnet? How will other devices on this VLAN get IP addresses and routing if they have no access to the router and are on a different subnet? Sorry for my noob networking skills

[beersykins]

51 minutes ago, ExplodingTNT said:

So each VLAN needs it's own subnet/different IP addresses? And when I add a VLAN to Ubuntu, I have to give it a subnet? How will other devices on this VLAN get IP addresses and routing if they have no access to the router and are on a different subnet?

Yep each VLAN needs a gateway address on the router, each VLAN contains its own logical network and is a segregated broadcast domain.  You need something to route the traffic between these VLANs (Inter VLAN Routing)

 

You can add a DHCP server on each VLAN or use an IP helper type of configuration to forward across VLANs to a centralized DHCP server.  If all of your gateway addresses are on the same device you can just make a DHCP server on that device with different scopes for each VLAN network.

 

Devices in the VLAN would have access to the router via that gateway address, the device that does the inter-vlan-routing can have policies permitting or rejecting traffic between VLANs.

[schizznick]

If you don't want to route between VLAN's then you just need a DHCP server or use Static IP's on the VLAN not connected to the router. Ubuntu could provide routing and/or DHCP server or Relay. All of which are quite easy to do with a little googling. Remember VLAN's are Virtual LAN's think of it as a completely separate network requiring it's on services to function. 

[Alex Atkin UK]

If I were to do it I'd use the router DHCP for Internet devices and the Ubuntu server for DHCP for the none-Internet devices, or set them statically.