CPE510s to share internet only, not LAN
CPE510s to share internet only, not LAN
I would like to share an internet connection from my house (house 1) to another house (house 2) that is in line of sight, about 50 metres away. I want house 2 to have internet access only but no access to the LAN in house 1. My intention was to plug one CPE510 into the LAN in house 1, and to plug the second CEP510 into a new router in house 2.
Modem - Router - Switch - CPE510 (house 1) ------------ (house 2) CPE510 - Router
Is there a set of settings I can use that will enforce this or do I need additional equipment?
Many thanks for any help.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
@R1D2 Just a dumb switch. I could get a small managed switch to allow me to create separate VLANs. Overkill?
- Copy Link
- Report Inappropriate Content
DanAir wrote
Just a dumb switch. I could get a small managed switch to allow me to create separate VLANs. Overkill?
No overkill, but the solution for your guest network.
With a managed switch you can use an asymmetric VLAN to split your LAN into two isolated VLAN segments and share a common resource such as an Internet router. But note that this is kind of a »poor man's guest network« since both LAN segments (VLANs) still use the same broadcast domain of the LAN, which means the router will send broadcasts to both LAN segments. However, access to devices in a different LAN segment from within another LAN segment is not possible.
Setup of a managed switch (e.g. a TL-SG108E):
- VLAN 1: the shared resource (Internet router) connected to switch port #1.
- VLAN 2: your guest LAN segment in house 2, that's the CPE in house 1 connected to switch port #2.
- VLAN 3: your private LAN segment in house 1, PCs, laptop etc. connected to switch port #3 (and ports #4 to #8 if needed).
Port settings:
- Set port #1 (router) as untagged member of VLANs 1, 2 and 3, PVID=1.
- Set port #2 (guest LAN via CPE link) as untagged member of VLANs 1 and 2, PVID=2.
- Set port #3 (private LAN) as untagged member of VLANs 1 and 3, PVID=3. Likewise with ports 4 to 8.
Effects:
- Traffic from guest LAN to private LAN or vice versa is not possible.
- Traffic from guest LAN gets tagged with VLAN ID 2 and reaches the router which is a member of VLAN 2.
- Traffic from private LAN gets tagged with VLAN ID 3 and reaches the router which is also a member of VLAN 3.
- Traffic from the router back to the clients gets tagged with VLAN ID 1 and reaches the client in guest or private LAN which are also members of VLAN 1.
Note that you must not use the router's built-in switch in such a topology (except for the uplink of the managed switch and other shared devices such as network printers etc.).
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
DanAir wrote
If I connect a dumb switch to port #3 on the managed switch, will all traffic across that dumb switch act like it’s within VLAN 3?
Yes. No need to replace the 16-port dumb switches. But note the edit in my post: you must not use the router's built-in switch anymore with that topology to connect other devices (except shared devices such as a network printer etc.).
- Copy Link
- Report Inappropriate Content
@R1D2 Got it. Understood. Thanks again.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 3021
Replies: 15
Voters 0
No one has voted for it yet.