SG2100 implementation at home with VLAN

Networking & Firewalls
1

Thanks to Tom’s videos I’m learning so much that I need to do. I’ve got a recently setup SG2100 on my home network and have realized that I need to move all the IoT devices and an old ZModo Security Cam DVR off of the rest of our main network. I use a set of 3 first generation Eero devices in bridge mode as access points and also as unmanaged switches to 3 each of the 3 floors of our home. I bring them all together to another Dlink unmanaged switch before going into the SG2100. Realizing that I can’t set up VLans to split our Eero wifi up as Eero doesn’t support VLans, I was going to dig out an old DLink wifi router I have stowed away to use as a second wifi network for our IoT devices and plug that into port 3 of the SG2100 switch ports with a VLan associated with it. As far as our old ZModo DVR, plug that into port 4 in the SG2100 and create a second VLan for that.

Given those ideas does anyone have any feedback as to holes in this strategy? Should I ditch the Eeros and go for managed AP’s and Switches? Ultimately I’m really interested in segmenting only what I need to keep the home network decently secure. Thanks VERY MUCH to Tom and all you folks who help out on these forums! I’m learning so much and am very grateful for your time!

2

Pays your money, takes yer pick.

You can do as you have outlined with your existing kit, if you don’t have budget your decision is made.

However, I previously had several consumer access points, extenders, routers acting as an AP etc. ultimately the wifi was crappy.

I’m now running a TP-Link EAP 245 access point, the wifi is just excellent to what I had before. IMO if you bought such an AP you can better place the device in your house to give much better coverage because you can place it optimally.

Personally I would just donate your kit, get a decent managed main switch, if you need switches placed elsewhere you can get these off ebay.

Once you have the ability to have vlans then you will probably create these as you need them.

The only thing might be to wait for 10G, but I’ve been using 1G for the last 20 years and it seems fast enough for my needs.

1 Like
3

Thanks so much for the guidance! I get it and it seems the universe seems to be handing me a repeated message lately: You get what you pay for!

That said, for yourself and to the community at large what would be a nice set of “recommended” AP and managed Switch combinations that would replace the effective “Mesh” coverage I currently have. When we first moved in we had some trouble with effective wifi coverage in the home which seemed to be solved by our first gen Eero’s. We live in a 2900 square foot, 3 story brick home that seems more “vertical” than horizontal. I have managed to pass at least one CAT 5 connection to each needed room in between various hollow-walled passthrus. But as I inventory our setup we have a LOT of IoT devices (30+) that need to be moved onto a separate vLan.

Thanks again for your guidance!

4

Well I can say what I’ve done, it’s been operational now for a couple of years without any issues.

Firstly I’d get back on my knees and run a second cable to every room / location you want, this way when you connect the two ends between switches you can use an LACP LAGG which will give you both aggregation and redundancy, if there is a fault you will have the second connection without an immediate need to faff around.

I bought Netgear switches only, they are relatively cost effective and do the job. The Pro model has slightly more features than the Plus models, the GUI is out of the 80’s but once configured you don’t need to look at it. Depending on market prices, it might turn out that say a 24 Port PoE switch is cheaper than say a non-PoE 24 port Switch and an 8 Port PoE switch. I bought 48 ports, glad I did as I have LAGGs on my VM server, pfSense box and NAS that uses 16 ports in total, so it just adds up from nowhere.

If I was doing it again and had the budget I would consider switches from FS.com I like the look of them but pricey.

My TP-Link EAP 245 is pretty good, it’s PoE and has a 2nd ethernet port, so I suppose I could daisy-chain another device or AP, haven’t mind you. It has a controller too, you must use a controller if you run more than one AP, easy to run in a headless linux vm, though I don’t think you need it running all the time. If I bought a second AP I could put it in a mesh easily.

Perhaps you are thinking you need 3 APs, depending on cost, you might want the highest power at the top of the house, and lower power (cost) on the ground floor. Though I would just buy one and test it out, then add a second it you need it.

Some things to look out for, double check the switch will support the AP, there is PoE and PoE+ I think or it’s called something else. Check that the APs support vlans / multiple SSiDs, mine has 8 bands on 2.4 and 8 on 5. Read the manuals for any switch you consider, check the features are what you want and the switch version is still supported. Some switches have loud fans, caveat emptor.