Routing assistance
Routing assistance
Hi,
Just installed this switch and wanted to move DHCP to it. DHCP is currently handled by the modem. I also want internal traffic that doesn't need to go out of the network to be routed by this switch, instead of reaching the modem.
So current setup is:
Modem (DHCP and all) > clients
New setup:
Modem (minimal roles) > Switch (most roles) > clients
Modem is in the 192.168.1.0/24 network, with an IP of 192.168.1.254
Switch is in the same network with an IP of 192.168.1.110, but this will change.
So these are the first few things I did:
1. Created a DHCP pool for 192.168.2.0/24 network
2. Modified the interface's IP to 192.168.2.1
3. Ensured default route is present: dst 0.0.0.0/0 to next hop 192.168.1.254 (modem)
4. Added a static route: dst 192.168.2.0/24 to next hop 192.168.2.1 (which is the new switch's interface)
All ports are on default VLAN still, didn't change anything there.
With the new setup, the DHCP is working, PC gets the lease just fine. But no one in this network is able to reach anything from the modem and beyond (so basically no modem management, and no internet). So if I ping or traceroute the modem's IP, both from the PC and form the switch, the host is unreachable. Everything works fine as soon as I change the switch's interface back to 192.168.1.110.
I am not a network guy, so I'm hoping that this is just a basic configuration issue :) What am I missing? :)
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
@DanFMT
OK, so you're trying to use the layer 3 features of your switch, as a minirouter? For dividing up a network like that you should probably just use VLANs. TP-Link has a fairly long example article on setting up that kind of network, "Divide the Network and Ensure BYOD Security with Omada SDN Solution" that you could read through for terminology and example ideas. But more simply check out this related post "Configuring a Layer 3 Switch in Omada SDN" and how they solved it, which is basically what you want to do. I don't use the L3 switching features myself outside a few high speed niches, at smaller scale I prefer to just push it all through a dedicated router of my own, and just have any ISP links (be it a modem/direct GPON/satellite/wisp) be pure bridges that plug into that. More powerful features that way as well. So another option albeit one that costs money would be to get a basic dedicated router, keep the switching layer 2, and cut your ISP out of the equation entirely putting the modem into bridge mode. Good luck.
- Copy Link
- Report Inappropriate Content
@sonaric
Yes, trying to use the layer 3 features, and the more I work on it, the more I think that I should have simply gotten a L2 switch and installed a dedicated firewall (thinking of pfSense) then bridged the ISPs modem/router/AP box.
The point I am at is I have 2 VLANs:
VLAN 1 : 192.168.1.0/24 (DHCP via modem)
VLAN 2 : 192.168.2.0/24 (DHCP via switch)
Ports assigned to VLAN 1 work fine, ports assigned to VLAN 2 get a IP lease but no internet access (i.e. cannot ping or reach anything from the modem onwards).
Now I'm not doing this via an Omada controller, I'm doing this directly from the switch. I'll check the documentation you shared and try Omada controller.
Seems like this L3 switch is going to be used just like a cheapo switch, with only one VLAN able to access the internet, which basically defeats the purpose of multiple VLANs.
- Copy Link
- Report Inappropriate Content
I use OPNsense myself, which predates my experiments with Omada. I'd definitely suggest that or VyOS over pfSense when it comes to x86 based dedicated routers. Of course TP-Link themselves have 3 levels of native router too which blend into the overall system. Depending on your needs and what you already have they may be plenty and offer decent value bang for the buck, $60 isn't much as an entry price to play with. Not as powerful and you're somewhat more tied in then an open source router, but on the other hand you get the full single pane of glass.
Anyway it definitely can work and Omada Switches/WAPs have performed fine for me overall with dozens of VLANs as advertised. As you say you are missing out a bit if you're not really able to leverage all the separation on offer, PPSK in the WAPs also works very nicely to segregate and control IOT stuff.
- Copy Link
- Report Inappropriate Content
Hi @DanFMT
Thanks for posting in our business forum.
Not sure what you want to set up. So, the switch is not capable of doing the NAT. You probably will never get Internet because of the lack of NAT.
Consider getting a router instead.
ISP---Modem+Router/Router---Switch---AP/Clients.
- Copy Link
- Report Inappropriate Content
Thank you both for the input.
In this case, I guess I should be fine if I get something like the ER605 to start with?
If yes, then do you recommend / do I need to bridge the ISPs modem/router or is it not necessary?
- Copy Link
- Report Inappropriate Content
Yes, ER605 will be plenty fine to get started with. Make sure you get the current v2 version, it's the same price as the old but has a few upgrades. You can easily upgrade down the road if you need more power, for the price it's a good way to start working with it. I would suggest using the controller, it'll make it a lot easier to keep everything straight as you get multiple devices. Runs fine in a VM which is how I do it, or there are a few standalones. They also now make an AIO (router+switch+controller) called the ER7212PC, though if you already have a switch I don't think it's a good value. If you don't already have an Omada WAP for WiFi, I'd suggest that as well since it'll again make it easier to manage and also to take full advantage of all the features available for splitting clients amongst various VLANs etc.
| If yes, then do you recommend / do I need to bridge the ISPs modem/router or is it not necessary?
It's always a good idea when possible to just have a single layer of routing/NAT, double NAT is a pain. So yes, once you get the ER605, switch the ISP CPE to bridge mode so that it's acting as a pure modem/gateway and that's it. Have the ER take care of all the routing functions, DHCP etc.
Also to be clear, here I'm assuming that you really do have a "modem" or CPE translator, so cable/DSL/or the like. If you get a clean ethernet connection from the ISP and their "modem" gateway is just acting as a router/switch/WiFi AIO, then you probably don't need it at all and can connect the ER directly.
- Copy Link
- Report Inappropriate Content
@sonaric, thanks for the information.
Not sure about the modem or how to check. I have an ONT device for fiber, which goes into a Technicolor modem/AIO device.
- Copy Link
- Report Inappropriate Content
It looks like your “modem” is a modem/router combo, not just a modem.
Anyways, you have a choice to either learn the networking or learn the Omaha 😊
If you decide to learn the networking after all, try to follow these steps.
- Set up a static route to the 192.168.2.0/24 network on the “modem” like dst 192.168.2.0/24, next hop 192.168.1.1, LAN. Note that, if your “modem” does not support static routes (most do), it cannot be used in this setup.
- Reset the switch to its factory defaults.
- Set the switch’s IP address to 192.168.1.1/24. That’s in the default VLAN 1.
- Enable routing on the switch.
- Create VLAN 2.
- Set up an IP interface of 192.168.2.1/24 in VLAN 2.
- Enable the DHCP server in VLAN 2 and create in it an IP pool with the gateway of 192.168.2.1. Start the IP pool with a higher IP address, say 192.168.2.10.
- Enable the DHCP server in VLAN 1 and create in it an IP pool with the gateway of 192.168.1.1. Start the IP pool with a higher IP address, say 192.168.1.10, and end with an IP address lower than 192.168.1.254.
- Disable the DHCP server on the “modem.”
- Set up the default route on the switch like dst 0.0.0.0/0, next hop 192.168.1.254, VLAN 1.
You can use any VLAN 1 port on the switch to connect to the “modem.” Do not try to set up a “trunk” port for that connection.
- Copy Link
- Report Inappropriate Content
@KJK, unfortunately does not support static routing. The only things you can do is Port Forwarding and Firewall rules. No VLAN or Routing options.
- Copy Link
- Report Inappropriate Content
You need a new router in that case. ER605 seems to be a popular choice and you can use it with Omada and without. Buy it from a seller that has at least 1 month no-question-asked refund policy so you can return the router if it does not work for you.
As for your modem, I think you should post its make and model. Maybe somebody who reads your posts is familiar with it and will answer your question.
Good luck!
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1263
Replies: 14
Voters 0
No one has voted for it yet.