vlan config help

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Author Message
11MeG
DD-WRT Novice


Joined: 08 Mar 2020
Posts: 13

PostPosted: Sun Mar 08, 2020 12:21    Post subject: vlan config help Reply with quote
Hello,
I am looking for some help configurering my home network.

What I have:
cabel modem
(1) Netgear R7000 router with DD-WRT v24-sp2 (04/16/14) kongac
(2) Netgear R7000 router with DD-WRT v3.0-r39960M (06/08/19) kongac
2 netgear Prosafe GS108 unmanaged switches one connected to each router.

What I want to make:
I want to secure my IOT devices from my main network.

What I did so far:
The cable modem is connected to router (1) via the WAN port on that router. I made a vlan3 on port 1 of router (1) and connected router (2) to that vlan3 via the WAN port on router (2)
I have setup to wifi networks one o each router with different ip ranges en DHCP servers. That all works fine. I use router (1) to connect to the internet with my laptop's, mobile, gaming via wifi or utp cable connected to the switch.

Router (2) is used for all the IOT deveices, server (homeassistant). Everything is separated now but what i am looking for is a way so i can connect to my homeassistant (on router 2) with just my phone when i am connected to router (1).

Hope i explaned my setup so you can help.
Sponsor
Wildlion
DD-WRT Guru


Joined: 24 May 2016
Posts: 1407

PostPosted: Sun Mar 08, 2020 17:31    Post subject: Reply with quote
Couple of side tracks first:

1. You might update that v24-sp2 router to newer firmware

2. Look up a Y configuration for routers, that is the most secure way of doing it.


But to answer your question, it sound like you should set up static ip addresses for the routers and the specific iot device (you can do this on the routers themselves as static leases on Services->services)

Then use port forwarding to allow access to the specific iot devices.

if you are just using vlans, that is the point of using them for separation of traffic
11MeG
DD-WRT Novice


Joined: 08 Mar 2020
Posts: 13

PostPosted: Sun Mar 08, 2020 19:38    Post subject: Reply with quote
Wildlion wrote:
Couple of side tracks first:

1. You might update that v24-sp2 router to newer firmware

2. Look up a Y configuration for routers, that is the most secure way of doing it.


But to answer your question, it sound like you should set up static ip addresses for the routers and the specific iot device (you can do this on the routers themselves as static leases on Services->services)

Then use port forwarding to allow access to the specific iot devices.

if you are just using vlans, that is the point of using them for separation of traffic


First of tank you for your reply.

1) I am planning to upgrade de firmware of router one but i wanted to do this after de rearanging of the network. I am not sure if I can use the backup config on the new firmare.

2) The Y configuration is what i have right now i think.

All the routers and devices have a static ip like you explaned to do.

And I will try and use the port forwarding. But I think that this is not going to work becouse it is for all the devices.

I am thinking i should do something with the IPtable configuration to add a rule that some devices are aloud to eccess the vlan.
Wildlion
DD-WRT Guru


Joined: 24 May 2016
Posts: 1407

PostPosted: Tue Mar 10, 2020 2:11    Post subject: Reply with quote
Do NOT use the old backup config file on the New firmware, it should not work (and if it does there will probably be something else that has problems)

It sounded to me like you are trying to emulate the Y configuration, which is why I pointed it out, they have similar refs.

You can have the port forwarding for a specific device, all port forwarding is doing is creating iptables rules for modifying and allowing packets. The router itself will do the translation between the vlans if needed.
11MeG
DD-WRT Novice


Joined: 08 Mar 2020
Posts: 13

PostPosted: Tue Mar 10, 2020 16:08    Post subject: Reply with quote
Tank you for confirming to NOT use the old config file.

I have tryed the port forwarding but it does not seem to work.
I was wondering if i should give the vlan a different/or the same ip range as the lan on router 2.

so router one has 2 ip adresses one for de WAN side (192.168.178.1) and one for the LAN side 192.168.15.2. The VLAN has the IP adress 192.168.3.1 and then router two (that is connected to router ones vlan) has ip adress 192.168.3.2 as WAN adress. and the LAN ip of router two is 192.168.30.1. Or should the lan ip adress of router two be in the range of 192.168.3.x?
And should i use DHCP on the VLAN on router one?

I tryed both but it does not seem to work.

Hope this is clear and someone can help me.
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6856
Location: Romerike, Norway

PostPosted: Fri Mar 13, 2020 17:34    Post subject: Reply with quote
Make it simpler. Make router 2 IP 192.168.3.2 and connect it LAN-LAN with router 1.
11MeG
DD-WRT Novice


Joined: 08 Mar 2020
Posts: 13

PostPosted: Tue Mar 17, 2020 10:25    Post subject: Reply with quote
HELP
I can't get it to work.
It works one way but not the oether I can connect to internet from router one when connected to it. I can connect to internet from router two when connected to it. But I can't go or ping any device that is connected to router two when i am connected to router one.

I tryed to do a vlan-wan, vlan-lan connection but it does not work.
Why is this so hard? What am i doing wrong?

It looks like it would work but it does not.

The only thing i want is to connect to routers with different ip ranges 192.168.15.0 and 192.168.30.0 And have them seppearted from each other exept for some devices connected to router one that i speccify to connect tou router two. I tryed to do a vlan-wan connection with portforwarding. vlan-lan connection with and without portforwarding. I can get it to work in the same ip range but that is not what i want.

I can't seem to find the right configuration for this setup.
I am not the only one that would like to have my network like this i gues.

Hope someone can help me.
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6856
Location: Romerike, Norway

PostPosted: Tue Mar 17, 2020 13:30    Post subject: Reply with quote
Give router 2 the IP address 192.168.3.2 with gateway 192.168.3.1

Connect a LAN port to the VLAN 3 port of router 1
11MeG
DD-WRT Novice


Joined: 08 Mar 2020
Posts: 13

PostPosted: Tue Mar 17, 2020 22:27    Post subject: Reply with quote
Per Yngve Berg wrote:
Give router 2 the IP address 192.168.3.2 with gateway 192.168.3.1

Connect a LAN port to the VLAN 3 port of router 1


I tryed that but that does not work. Do I have to set some port forwarding rules (when i am connected to router 1 to get to a home assistant on router 2) or should it be woring like this?
I did also do a powerdown of the routers but that also did not help.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum