Anybody have current/recent recommendations for a WiFi Router with support for VLAN? Just a 2500 square foot home with the usual devices (PC's, cell phones, printers) and a growing list of IoT devices( Roku, TV, Hubitat, DVD, etc. etc.). Primarily want to keep LAN, IoT, and Guests separate. But share the single Printer.
Looking for:
Very Good WiFi coverage in the home. Or good support for satellites.
WiFi 6 or better.
Ethernet (wired) support.
I have 1GB internet so I would like good throughput.
Good support (vendor or forums) so that I can get some help with VLAN and Rules.
Don't mind, in fact prefer, an annual cost for software development and support.
Seems like the usual Consumer stuff doesn't support VLAN and the Commercial stuff is too complicated and expensive. Looking for ProSumer type stuff. Thank you for your help.
Depending on how prosumer, Ubiquiti/Unifi is a good direction. Built-in VLAN support on most (likely all) of their recent products, very active forums, and a good number of Ubquiti/Unifi users here.
This:
...plus one Unifi AP and you'd probably be good...I ran my home of about the same size on a single Unifi LR (long range) ap. U6-LR. No issues.
Ubiquiti makes both "all in one" devices (router and Wi-Fi) and separate devices router/gateway only and Wi-Fi Access Points (APs). That's what I linked you to and noted it would require an AP for the Wi-Fi part.
If you prefer an all-in-one unit, something like below could work...does do VLANS:
If you're not familiar at all w/VLANs they do add complexity in setup and management of your network, so you'll need to be prepared for that.
FWIW, you don't need to have a VLAN to use home automation, many folks here w/adavanced networking/tech skills run w/out them and are perfectly happy that way.
Thank you, again.
I am familiar with vlan as i previously owned a cisco soho router with vlan. But it was not a great router.
With ubiquiti, and separates, you can buy a router that supports vlan, any then 1 or more AP devices that plug into the router and use/support the routers vlan?
@dean
I have installed the Ubiquiti dream Machine at someone's house, and it's as good as everyone says that it is. It will do the trick for you.
However, in my own house, I implemented another approach to this very same problem. I actually use another, separate router to segregate devices that I want to be separate (e.g. cameras, IOT devices, etc.) My main router is a big Asus WiFi 6 capable device, but my other router is a previous generation AC type router, that is physically separate.
The main advantages are security and efficiency. (And, I happened to have a very capable AC generation router just lying around.)
Your mileage may vary - but this approach, also works.
I currently have an Unmanaged 16 port Switch with all non-POE connections. With only 4 LAN ports on the Dream Machine, I can have at most 4 VLAN segments using Unmanaged Switches. Does Ubiquiti make a 16 port Switch that supports VLAN assignments to each port on the Switch? I believe this is called ".1Q" support?
If you want to give ASUS a shot I use this. I use a CWWK minipc as my router / firewall so mine is running in AP mode but it can run as both. Supports hub mesh however the link / tunnel between each mesh does NOT support vlans. So only the primary router would support vlans and the meshed devices would only get your management vlan or the first vlan setup I believe.
Ubiquiti makes all sorts of managed switches. I'm using a Dream Machine Pro with a 16 port PoE switch. The Dream Machine SE is basically the same device but includes PoE ports.
2nd asus, I have been really impressed with mine. The software is great with loads of extras like built in VPN etc. It's all included in the price which is why it's costs a bit more but the ability to separate IOT etc is built in.
I brought it for the firmware thinking I would need another in mesh mode however it's surpassed my expectations and reaches everywhere in my house. No router I have had has ever done that.
If you want Wifi 7, you may want to look at the Unifi Cloud Gateway Max (UCG-MAX) as a option as well. The nice thing about the UCG-MAX is that it has 5x2.5gbel ports. The only ports the UDM-Pro has above 1gbe are 2 10gbe ports split between the lan and wan.
Wifi 7 AP's uses a 2.5gbe uplink so you want it to be that speed to get the performance out of it.
For the switch you may want to look at the Pro Max 16 POE as it gives you the port capacity you have and 4 of the ports are 2.5GBE with POE. There is also the Standard switch line, but it has a minium of 24 ports with the Standard 24. No 2.5gbe though on it or POE to power stuff. Lastly they have their Utility switches and for 16 ports you wouldb e looking at the Lite 16 Poe The utility switches i believe bring you from Layer 3 switching to layer 2 switching, but all support Vlans
I already understand IP's and Mac addresses, and the OSI 7 layer model. And I have seen and used VLAN Routers before, but with no Switches involved. I have never used a Managed Switch, only dumb Switches. What I don't understand is "how" you get specific ports/IP/Mac on a Switch assigned to a specific VLAN. If I have a single 16 port Switch, there are devices attached to that single Switch that belong in 3 different VLANs. How do I get each Device on the Switch into its proper VLAN??????????
Does the Router "see" every device on the Switch and let you assign each device to a specific VLAN? Or...
Do you somehow manage each device connected to the Switch on the Switch itself? Perhaps assigning each device an IP that is within the specific VLAN scope?
And how does having a Layer 2 or Layer 3 Switch affect getting each Device on the Switch into its proper VLAN?
Absolutely not a VLAN expert, but did set up my VLANS to work on a bunch of managed switches throughout the house...
VLANs are defined on my router (Ubiquiti EdgeRouter12) and each managed switch is configured to expose desired VLAN(s) on each of its ports. So you tell your switch(es) which VLAN(s) to expose on each port, and plug the devices into the switch ports w/the desired VLAN(s) available. For example...the switch in my entertainment center configured to allow access to VLANs 10 (personal) and 20 (IoT):
VLAN's are just a identifier. Generally speaking your main device will have a default network, and then you can create VLANS to be available. So as @danabw has it his default vlan is likely 1 and then 10 and 20 are defined additional VLANS. At least on the ubiquity device i have each VLAN has it's own network, subnet, and dhcp server attached to it.
Then when you configure ports on the switches they are either Trunk Ports or Access ports. A trunk port generally carries multiple VLAN while a Access port will likely care only one, and that one VLAN will be default for whatever is connected.
You can run multple VLANS over a single port because there is something called VLAN Tagging(802.11Q). I believe it is part of the frame and calls out what VLAN is used for the data being sent,
Generally speaking a Trunk port will be used between the router, network devices, or anything that needs more than one VLAN access. A device that just access one VLAN like a client can exist on a access port with the needed VLAN assigned to the default VLAN value for that port. Then the switch will assign the appropriate VLAN Tag for all communication on that port
I believe the distinction between layer 2 and Layer 3 switches with regard to VLANs has to do with how they will handle the vlan routing of the packets. I believe the layer 3 switch can handle some of the routing instead of making it all go back to the main router. This can be benificial if you have 10GB between switches and only a 1gb or 2.5GB back to the main switch. I could be wrong, but that is what i got from some stuff i have looked at.
If It is does layer 3, it is routing. Separate DHCP servers are not needed if the router can be configured to forward DHCP packets to the DHCP server's subnet. But then the DHCP server has to support scopes. A scope to manage each vlan. Then we can get into DHCP options to give out where other services are. But all this goes well beyond what is needed for home automation.
OK. Thank you folks. Managed Switches where you can configure each Port were clearly a "hole" in my knowledge about networking. From the comments, above, and some reading, I think I now kinda/sorta/maybe understand how the Switch can be programmed and support VLANs.
I think I will probably go with a Unifi system:
Cloud Gateway Ultra
Lite 16 POE Switch (will only power the Access Point)
Flex Mini Switches that sit downstream from the Lite 16 POE Switch
U6 Long Range Access Point
Still pretty hazy about the actual steps to set it up. I assume I configure the Gateway Router with VLANS first. Then "adopt" and configure the Switch. The cable from the Gateway Router to the Switch is a Trunk. The cable from the Switch to the AP is also a Trunk (?). And the other Switch Ports are configured as Access. Still not sure how the Switch knows which VLANS are available. Does it somehow get this information from the Gateway Router? Or does the Unifi Network Management software provide the Switch with that information?
That is a nice setup. The Flex Mini Switches are pretty pretty good for the price
I would say you have a decent idea of how to set it up. Unifi has a fairly good guided way to setup the first piece of gear with their phone app. I would start with the UCG-Ultra. You can also set it up all locally if you want and I think the default IP it assigned upon first boot is 192.168.1.1. Once the UCG-Ultra is fully configured and loaded and updated. Then I would start on the parts as they go out from it.
When you get Unifi part of what you are paying for is the Unified network experience via their controller software. Their controller which is built into the UCG-Ultra. Once you adopt a device like a switch you can configure it the way you want it. Here you can see my Flex mini Switch and the configuration of one of the ports on it. Here you can see I set the Native VLAN/Network to my default, Then the option below it is to managed the Tagged Vlan's, I have select Custom to show how I can pick and choose what vlans are assigned to the port.
