Posted: Sun Mar 08, 2020 12:21 Post subject: vlan config help
Hello,
I am looking for some help configurering my home network.
What I have:
cabel modem
(1) Netgear R7000 router with DD-WRT v24-sp2 (04/16/14) kongac
(2) Netgear R7000 router with DD-WRT v3.0-r39960M (06/08/19) kongac
2 netgear Prosafe GS108 unmanaged switches one connected to each router.
What I want to make:
I want to secure my IOT devices from my main network.
What I did so far:
The cable modem is connected to router (1) via the WAN port on that router. I made a vlan3 on port 1 of router (1) and connected router (2) to that vlan3 via the WAN port on router (2)
I have setup to wifi networks one o each router with different ip ranges en DHCP servers. That all works fine. I use router (1) to connect to the internet with my laptop's, mobile, gaming via wifi or utp cable connected to the switch.
Router (2) is used for all the IOT deveices, server (homeassistant). Everything is separated now but what i am looking for is a way so i can connect to my homeassistant (on router 2) with just my phone when i am connected to router (1).
1. You might update that v24-sp2 router to newer firmware
2. Look up a Y configuration for routers, that is the most secure way of doing it.
But to answer your question, it sound like you should set up static ip addresses for the routers and the specific iot device (you can do this on the routers themselves as static leases on Services->services)
Then use port forwarding to allow access to the specific iot devices.
if you are just using vlans, that is the point of using them for separation of traffic
1. You might update that v24-sp2 router to newer firmware
2. Look up a Y configuration for routers, that is the most secure way of doing it.
But to answer your question, it sound like you should set up static ip addresses for the routers and the specific iot device (you can do this on the routers themselves as static leases on Services->services)
Then use port forwarding to allow access to the specific iot devices.
if you are just using vlans, that is the point of using them for separation of traffic
First of tank you for your reply.
1) I am planning to upgrade de firmware of router one but i wanted to do this after de rearanging of the network. I am not sure if I can use the backup config on the new firmare.
2) The Y configuration is what i have right now i think.
All the routers and devices have a static ip like you explaned to do.
And I will try and use the port forwarding. But I think that this is not going to work becouse it is for all the devices.
I am thinking i should do something with the IPtable configuration to add a rule that some devices are aloud to eccess the vlan.
Do NOT use the old backup config file on the New firmware, it should not work (and if it does there will probably be something else that has problems)
It sounded to me like you are trying to emulate the Y configuration, which is why I pointed it out, they have similar refs.
You can have the port forwarding for a specific device, all port forwarding is doing is creating iptables rules for modifying and allowing packets. The router itself will do the translation between the vlans if needed.
Tank you for confirming to NOT use the old config file.
I have tryed the port forwarding but it does not seem to work.
I was wondering if i should give the vlan a different/or the same ip range as the lan on router 2.
so router one has 2 ip adresses one for de WAN side (192.168.178.1) and one for the LAN side 192.168.15.2. The VLAN has the IP adress 192.168.3.1 and then router two (that is connected to router ones vlan) has ip adress 192.168.3.2 as WAN adress. and the LAN ip of router two is 192.168.30.1. Or should the lan ip adress of router two be in the range of 192.168.3.x?
And should i use DHCP on the VLAN on router one?
HELP
I can't get it to work.
It works one way but not the oether I can connect to internet from router one when connected to it. I can connect to internet from router two when connected to it. But I can't go or ping any device that is connected to router two when i am connected to router one.
I tryed to do a vlan-wan, vlan-lan connection but it does not work.
Why is this so hard? What am i doing wrong?
It looks like it would work but it does not.
The only thing i want is to connect to routers with different ip ranges 192.168.15.0 and 192.168.30.0 And have them seppearted from each other exept for some devices connected to router one that i speccify to connect tou router two. I tryed to do a vlan-wan connection with portforwarding. vlan-lan connection with and without portforwarding. I can get it to work in the same ip range but that is not what i want.
I can't seem to find the right configuration for this setup.
I am not the only one that would like to have my network like this i gues.
Give router 2 the IP address 192.168.3.2 with gateway 192.168.3.1
Connect a LAN port to the VLAN 3 port of router 1
I tryed that but that does not work. Do I have to set some port forwarding rules (when i am connected to router 1 to get to a home assistant on router 2) or should it be woring like this?
I did also do a powerdown of the routers but that also did not help.