Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VLAN without a smart switch possible?

    Scheduled Pinned Locked Moved L2/Switching/VLANs
    5 Posts 3 Posters 63 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      coffeecup25
      last edited by

      I have a couple of elementary VLAN questions. Frankly, they get a little confusing to me as soon as the router get included. I once had a VLAN controlled by a smart switch but it became unstable. It was fairly easy to configure and worked well for a few weeks.

      The Question: Can a VLAN be set up using a spare router port without a smart switch? I need isolation for a series of LAN addresses. Right now I have a 2nd subnet doing that job.

      This is for hobby purposes. If the answers look good for me, I will play around later and try to figure it out. A point in the right direction is all I will need.

      I have a 2nd subnet doing that now and it works well. It's isolated from the main LAN.

      I had a VLAN using a TP-Link smart switch. It isolated IoT traffic very well. But then the switch decided to act out and downgrade network speeds to 100mb from 1gb. That unreliability earned it a place back in storage and I figured out subnetting.

      People here seem to use VLANs as a solution for just about everything so the answer to this question should be easy. You can't ask a question here without someone saying they had a VLAN for that. A link or two to a good instruction of how to set up a VLAN without a smart switch is all I need.

      keyserK S 2 Replies Last reply Reply Quote 0
      • keyserK Offline
        keyser Rebel Alliance @coffeecup25
        last edited by keyser

        @coffeecup25 Subnets and VLANs is not the same thing and does not offer the same isolation.
        VLANs is a “isolated” network where only clients connected to it, can talk (physically transmit packets) to each other.
        Subnets is a Logical software layer definition of what is considered local - so you can talk to neighbours without using a router on the physical network/vlan.

        But if you put two different subnets on the same VLAN (unmanaged switch) they may not immidiately be able to talk to each other, but they can see each others broadcast/multicast packets, and learn about the neighbours (in the different neighbourhood/subnet) there. Having learned that they can send/recieve packets to them by being a little “crafty”. They can also eavesdrop, impersonate/forge valid neighbour packets and sabotage connections.

        So you need VLANs to offer true isolation and security. The normal networking design is having each subnet on its ovn VLAN (1 to 1).

        Doing VLANs without smartswitches can only be done by having a router/firewall with multiple interfaces. then you can assign each vlan to its own interface, and have different/unique dumb switches connected to each port. Then eash switch is its own VLAN.

        Love the no fuss of using the official appliances :-)

        C 1 Reply Last reply Reply Quote 1
        • S Offline
          SteveITS Rebel Alliance @coffeecup25
          last edited by

          @coffeecup25 One possibility is, if using wireless, the SSID can assign (force the device onto) a VLAN.

          Otherwise devices can for instance set a VLAN tag in their network config and jump onto the VLAN.

          So the switch doesn't "create" the VLAN but it enforces the VLAN...anything plugged in to port 7 is (must be) VLAN 22.

          Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
          When upgrading, allow 10-15 minutes to reboot, or more depending on packages, and device or disk speed.
          Upvote 👍 helpful posts!

          C 1 Reply Last reply Reply Quote 1
          • C Offline
            coffeecup25 @SteveITS
            last edited by coffeecup25

            @SteveITS said in VLAN without a smart switch possible?:

            @coffeecup25 One possibility is, if using wireless, the SSID can assign (force the device onto) a VLAN.

            Otherwise devices can for instance set a VLAN tag in their network config and jump onto the VLAN.

            So the switch doesn't "create" the VLAN but it enforces the VLAN...anything plugged in to port 7 is (must be) VLAN 22.

            Thank you for the reply. The TP-Link smart switch created the 802.1Q VLAN, easily without the router getting involved. But it was highly unreliable, as it turned out. My needs were very simple by the way. The brand new switch downgraded the entire network to 100mb after working perfectly for several weeks. I had to do a lot of detective work to figure it out. A faulty switch was at the very bottom of my suspect list. It's in a storage box now. Fortunately they are also inexpensive. As I result, I learned how to add a network to an open router port to replace it.

            For fun, I have one more empty port. I will experiment with that as a VLAN and give it another go. I'm going to try to glom off a few IP addresses on the main LAN and move the devices from the new subnet. Having everything on the same subnet simplifies a few things that 2 networks made a little more complicated. Plus it's one of those things that has always been nagging at me to learn.

            1 Reply Last reply Reply Quote 0
            • C Offline
              coffeecup25 @keyser
              last edited by

              @keyser Thanks for the reply. I have a spare port on my router and I will use it to experiment with.

              1 Reply Last reply Reply Quote 1
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.