New to TP-Link, simple noob VLAN question

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

New to TP-Link, simple noob VLAN question

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
New to TP-Link, simple noob VLAN question
New to TP-Link, simple noob VLAN question
2024-03-11 19:37:25 - last edited 2024-03-12 02:04:20

Hello,

 

This is my first TP-Link product. Previously, I used the ASUS RT-AC88U, then I switched to the RT-AX86U.

My problems began when I attempted to run dual WANs, as I now work from home most of the time, and an outage means I need to take PTO or drive to the office. My ISPs are Comcast and Verizon. I chose two ISPs because I received an advertisement in the mail offering Verizon service for $29/month with no contract or rate increase, even though it's only a 400MB/s service. Comcast claims to offer 1GB/s, but realistically, you get around 800MB/s.

 

Both ASUS routers support dual WAN, but I think this was more of an afterthought, or something they assumed could be easily implemented. In reality, it comes with many issues such as disconnects, the need for daily reboots, and devices stopping accepting new clients, whether wireless or wired (e.g., I turn on an iPad, and it won't connect to WiFi until I reboot a few times). This is the same issue with wired connections; new devices need multiple reboots to connect. I will admit, when I had fewer devices, the problem was less apparent. I have added about 24 Smart WIZ lightbulbs and switches, and 9 Tuya cameras. This, along with 4 laptops, 1 desktop, 1 PS5, 1 XBOX-1X, 1 XBOX-X, 1 Roku, 1 Smart Vizio TV, 3 iPads, 1 Android phone, and whatever else comes my way to repair that day. The laptops all run Cisco Secure Client VPNs. I also provide my neighbor's Router (Linksys) WAN port with a feed so they can have internet (yes, this creates a double NAT).

 

So, my configuration is as follows:
WAN Port = Comcast
WAN/LAN Port #2 = Verizon
LAN Port #3 = repurposed Asus AX86U as an Access Point, DHCP disabled, using TP-Link DHCP
LAN Port #4 = Netgear 8-port blue metal gigabit switch, the little dumb ones
LAN Port #5 = to my neighbor's WAN port on their Linksys

I have assigned 10.10.10.0/24 as my subnet, the TP-Link ER605 has the IP=10.10.10.1, and the DHCP Range is 10.10.10.100-10.10.10.254.
The Asus AX86U has a static IP of 10.10.10.50.

 

Here is my question:

 

I would like to put the neighbors on their own VLAN, so that they cannot see, ping, or access anything on my 10.10.10.0/24 network. I was thinking I should do a MAC-to-IP reservation to ensure their device (Link WRT) is always assigned the same IP. They would still need internet access, but nothing from my network, just allowing them to send and receive data streams they initiated. I do not need to DMZ their WAN port on the TP-Link ER605V2.

 

How might I best accomplish this? I read the 1910013510_ER605(UN)_UG.pdf user guide, but it does not go into detail about what happens when you configure a VLAN. I also do not know if I should tag or not tag packets for the VLAN I would want to assign to them.

 

I know this might seem like a simple question, but I wanted to ask, and also see how well support works for these products.

 

I have many other questions, like whether I should get an Omada controller, which is the best PoE switch, as I might want to switch my cameras to wired PoE vs. wireless. I would need at least a 16-port switch. I would also need to figure out the power requirement of the Tuya cameras; I think some support PoE already, and for those that do not, I could always use injectors with ends that have a 2.1mm barrel connector if they don't support PoE through Ethernet.

 

Thanks for taking the time to read my question. I just don't want to break anything and was hoping I could get a little beginner's help. For what it's worth, everything is working 100% now, everyone has internet and all is working. I used the Load Balance mode for Dual WAN, but I have other questions about how that works too, perhaps another post if all goes well here.

 

Best regards,

David P. Howard

  1      
  1      
#1
Options
6 Reply
Re:New to TP-Link, simple noob VLAN question
2024-03-12 02:07:14

Hi @HowardDavidP 

Thanks for posting in our business forum.

So, you can do this with the ER605.

Create a new VLAN interface on your router. Set it to a port that you are going to assign to your neighbor.

Create ACL to block communication from their VLAN to yours.

How to create multi networks and manage network behavior with ACL on Omada Gateway in standalone mode

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#2
Options
Re:New to TP-Link, simple noob VLAN question
2024-03-12 18:10:03 - last edited 2024-03-12 18:10:49

  @Clive_A Thank you very much for your reply.

 

I read and tried to follow the article, and I was able to enter 2 ACL rules.

My ext question is that when I was creating the ACL rules, my choices were LAN or !LAN (I assume it means not LAN).

 

Do I need to define my main LAN and then my neighbors LAN under the Network LAN section?  If so, I could use a little advice on the best way to accomplish that.

 

  0  
  0  
#3
Options
Re:New to TP-Link, simple noob VLAN question
2024-03-12 18:12:25 - last edited 2024-03-12 18:12:51
  0  
  0  
#4
Options
Re:New to TP-Link, simple noob VLAN question
2024-03-12 18:15:39

  @HowardDavidP 

This is my current LAN setting:

 

  0  
  0  
#5
Options
Re:New to TP-Link, simple noob VLAN question
2024-03-12 22:41:05

  @HowardDavidP 

Also curious, I have 2 default VLAN's created I am not sure what their purpose is, they are:

VLAN ID = 3, name = vlan4093 Ports 2 (untag)

VLAN ID = 4, name vlan4094 Ports 1 (untag)

I get VLAN ID = 1 named vlan1 using ports 3 untag, 4 untag, and 5 untag is the default vlan, but what are the others?



David

 

 

  0  
  0  
#6
Options
Re:New to TP-Link, simple noob VLAN question
2024-03-13 06:12:56

Hi @HowardDavidP 

Thanks for posting in our business forum.

HowardDavidP wrote

  @HowardDavidP 

Also curious, I have 2 default VLAN's created I am not sure what their purpose is, they are:

VLAN ID = 3, name = vlan4093 Ports 2 (untag)

VLAN ID = 4, name vlan4094 Ports 1 (untag)

I get VLAN ID = 1 named vlan1 using ports 3 untag, 4 untag, and 5 untag is the default vlan, but what are the others?



David

 

 

These are reserved for the Internet connection.

I also need to remind you, the replies above do not show you that have configured the VLAN interface properly. I would recommend you re-read the guide I pasted.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#7
Options