I have a small network at home. I currently have Verizon FiOS with 400 up and 400 down. I currently have a desktop, Windows Laptop, Macbook Pro, cell phone, Android TV box, Synology NAS, Work Laptop connected via work VPN, raspberry pi(DNS server for PiHole and VPN server), VOIP phone for work use via OBI talk services and lastly a Cisco Catalyst 1000 series 16 port POE switch with Web GUI. I would like a good vlan switch to setup like 2 networks. 1 for my IOT device and voip phone and another one for the computers, NAS, and DNS/VPN server. I would like to use the Cisco switch but dunno how to configure vlan on it.
You’ll also need a vlan capable router.
I recommend a UniFi because they are one of the easier ones to setup.
1 Like
I have your standard Verizon FiOS router I guess that will not work
I took a look at the Cisco 1000 Series and honestly can’t say that they support inter-vlan routing. All I can find is that they support static routing, but who knows if that is on a per vlan basis. Anyway, I would be glad to jump on a Zoom meeting to help you try to configure those vlans. If you are interested, let me know.
At a minimum you need a router that supports more than a single LAN. And most routers that support more than one LAN will also support vlans.
Unless you get a high end L3 switch, most inexpensive switches that claim “L3” capabilities are very limited in their L3 capabilities, it can route but many of the “router” features you take for granted are missing. It’s mostly a marketing check box. This is true for the Ubiquiti EdgeSwitches, which can supposedly route at “wire speed”, but supporting only static routing (and a small number of route entries (I think 16) and not even nat. It is really there for accelerating inter vlan routing, and usually they don’t have stateful firewall capabilities, so if anything you might have static acls.
If you want to have multiple separate local networks, with the ability to control what flows between them, you would be better off to get a router that can handle multiple (v)lans. The ideal situation would be to replace the Verizon FIOS router, but I don’t know if that is a possibility or not. Next best would be if you could set the Verizon device into brige mode (unlikely). If bridge mode doesn’t exist, then the next best would be passthrough mode. The advantage of either bridge or passthrough is that your router would have the most direct connetion to the internet, without another layer of nat between your device and the internet. This makes hosting services easier, e.g. vpn. But if neither of those is a possibility, you can just put a second router behind the Verizon one, and your router’s WAN connection will be connected to the Verizon router’s LAN connection, and will get its “WAN” ip address from the Verizon router’s LAN address range via dhcp. You will need to use different network addresses for the internal networks than the Verizon is using for its LAN. If you can put static routes in the Verizon router, you would be able to disable NAT on your personal router, so you would not have double nat; this won’t affect your ability to firewall. But it will require static routes on the Verizon FIOS router, other wise the FIOS router will not know it needs to forward the packets for your interal (v)lans to your second inside router’s “WAN” interface.
Your Cisco 1000 should work fine with vlans (from what I have read, I don’t have one).
Is this your first use of vlans? If so, Ed Harmoush’s Practical Networking site https://www.practicalnetworking.net is a good source of well explained foundational info. Ed has recently started a Networking Fundamentals course and he is putting the first module (with multiple videos) on Youtube. It’s a good intro with very little assumptions about previous knowledge. Ed has some of the best explained info about vlans Virtual Local Area Networks (VLANs) See the challenge quiz if you think you understand vlans. Ed also have a video covering the same info VLANs – the simplest explanation Here’s an index to the vlan pages on PracticalNetworking And here’s a good starting point for Networking topics in general (don’t be put off by the CCNA, this is pretty generic info that you need to know, and explained in an easy to understand way. CCNA Index
Pfsense and Unifi works great from what I’ve ive seen from @LTS_Tom for VLAN segmenting network traffic. As for a router PfSense is my goto.
Be aware that you must buy the $100 or higher version of the UniFi managed switch to get custom port VLAN configuration to work. The Flex mini i think they call it that is like $40 only allows for simple port activation vlan setup. So if you are doing a VLAN from pfsense to the unifi managed switch, you would need to get the $100 box. But otherwise i would 2nd doing a pfsense with your cisco box. if you have a spare computer lying around with 2 NIC ports, you can spin up a pfsense firewall in about 15 to 20 mins.