Reply
New Member
Posts: 36
Registered: ‎11-29-2016
Kudos: 1
Solutions: 5
Accepted Solution

VLAN with an unmanaged switch

[ Edited ]

Hello Ubiquiti Community!

 

Let me preface this by saying that I'm relatively new to networking and am still trying to learn how everything works.  I just purchased an EdgeRouter Lite and a Unifi Access Point and I had some questions about setting up a guest network with a dumb (layer-2) switch.  I am just trying to use this equipment to set up my home network.

 

I am planning on having my EdgeRouter configured as such:

 

Eth 0: WAN (Google Fiber)

Eth 1: Home Network (untagged)

Eth 1.1: Guest Network

Eth 1.2: Devices Network

Eth 2: Not used

 

Then I would have Eth 0 plugged into my Fiber Jack, and Eth 1 plugged into a dumb switch.

 

The dumb switch would have some devices hanging off of it that are meant to be connected to my home network (e.g. a desktop, a printer, etc.) as well as the UAP.  I would then configure the UAP to have different SSIDs for the different VLANs.  I would have my firewall rules set up to isolate the 2 different VLANs from each other as well as from untagged traffic.  My understanding is that this should pretty much do what I want, but I'm not entirely sure if that's correct.

 

EDIT: Also, I am planning on using a wireless bridge (ASUS RT-AC68U) to connect some other devices.  My understanding is that as long as I connect the bridge to the correct SSID on the UAP, this should allow me to connect devices to whichever VLAN I want.  I understand that all devices connected to the bridge would be on the same VLAN.


Accepted Solutions
New Member
Posts: 36
Registered: ‎11-29-2016
Kudos: 1
Solutions: 5

Re: VLAN with an unmanaged switch

[ Edited ]

UPDATE: Have everything installed and it seems to work fine for now. Final configuration is as follows:

ER-L:
Eth0: Port 0 of dumb switch
Eth0.102: VLAN for Guest Networks (Isolated)
Eth0.103: VLAN for IoT Devices (Isolated)
Eth1: WAN
Eth2: Local Admin port (with routing between Eth0 and Eth2)

Dumb switch (Netgear GS305):
LAN: Eth0 of ER-L
LAN: Printer (on untagged VLAN)
LAN: Raspberry Pi (on untagged VLAN) with Unifi Controller Software
LAN: Unifi UAP-AC-Pro

Unifi UAP-AC-Pro:
3 Networks with VLAN tagging for the different VLANs

Wireless Bridge (ASUS RT-AC68U, connected to the untagged VLAN on the Unifi UAP-AC-Pro):
LAN: other stuff connected to the untagged VLAN

Everything is working as expected. Guests are able to connect to the Guest Wifi network and are properly isolated, while everything else is connected to the Home LAN (on Eth0, untagged VLAN)

View solution in original post


All Replies
SuperUser
Posts: 20,402
Registered: ‎09-17-2013
Kudos: 5133
Solutions: 1458

Re: VLAN with an unmanaged switch

Nope. Get a managed switch.

Most unmanaged switches choke on the larger packets used for dot1q
New Member
Posts: 36
Registered: ‎11-29-2016
Kudos: 1
Solutions: 5

Re: VLAN with an unmanaged switch

[ Edited ]

What if I instead bridged Eth 1 with Eth 2 (which I'm aware is undesirable for performance reasons) and then connected my AP directly to Eth 2?

 

So:

 

Eth 1 --> Switch --> untagged devices only

Eth 2 --> AP --> tagged AND untagged devices

 

Alternatively, would it help to instead use the Google Fiber Box as a switch?  I assume that would support the required larger packet size even though the box itself doesn't support tagging/untagging.

Regular Member
Posts: 710
Registered: ‎06-01-2016
Kudos: 102
Solutions: 23

Re: VLAN with an unmanaged switch

Using ETH2 makes sense, but you would route rather than bridge ideally.
SuperUser
Posts: 20,402
Registered: ‎09-17-2013
Kudos: 5133
Solutions: 1458

Re: VLAN with an unmanaged switch

Either get a managed switch, or skip VLANs
New Member
Posts: 36
Registered: ‎11-29-2016
Kudos: 1
Solutions: 5

Re: VLAN with an unmanaged switch

So I've got everything set up to test the VLAN functionality. I have a VLAN set up on Eth0 with tag 102. Eth0 is then plugged in to a Netgear GS305 dumb switch which it then plugged into my laptop with VLAN tag 102.

I am able to do a ping of packet size 1472 in both directions to and from the router. Any higher and ping tells me that the packet must be fragmented and the DNF flag is unacceptable.

Does this mean that things are working? Is there anything else I can test?
SuperUser
Posts: 20,402
Registered: ‎09-17-2013
Kudos: 5133
Solutions: 1458

Re: VLAN with an unmanaged switch

for some value of "working", anyway.

 

Using a dumb switch with VLANs is generally a recipe for things breaking horribly -- also, ALL devices you plan on using MUST be able to handle VLANs now, since the switch can't do anything about them.

New Member
Posts: 36
Registered: ‎11-29-2016
Kudos: 1
Solutions: 5

Re: VLAN with an unmanaged switch

I do understand that all devices downstream need to support VLANs, but I believe that should be fine. Thank you for your help, everyone, I'm just going to try things out and see if they don't break horribly.
New Member
Posts: 36
Registered: ‎11-29-2016
Kudos: 1
Solutions: 5

Re: VLAN with an unmanaged switch

[ Edited ]

UPDATE: Have everything installed and it seems to work fine for now. Final configuration is as follows:

ER-L:
Eth0: Port 0 of dumb switch
Eth0.102: VLAN for Guest Networks (Isolated)
Eth0.103: VLAN for IoT Devices (Isolated)
Eth1: WAN
Eth2: Local Admin port (with routing between Eth0 and Eth2)

Dumb switch (Netgear GS305):
LAN: Eth0 of ER-L
LAN: Printer (on untagged VLAN)
LAN: Raspberry Pi (on untagged VLAN) with Unifi Controller Software
LAN: Unifi UAP-AC-Pro

Unifi UAP-AC-Pro:
3 Networks with VLAN tagging for the different VLANs

Wireless Bridge (ASUS RT-AC68U, connected to the untagged VLAN on the Unifi UAP-AC-Pro):
LAN: other stuff connected to the untagged VLAN

Everything is working as expected. Guests are able to connect to the Guest Wifi network and are properly isolated, while everything else is connected to the Home LAN (on Eth0, untagged VLAN)

New Member
Posts: 18
Registered: ‎09-13-2018
Kudos: 1

Re: VLAN with an unmanaged switch

I can confirm that I got a VLAN working on my Netgear unmanaged switch (GS105) as well.  On the client end, wired clients that don't support VLANs just see the untagged LAN.  If I tell the client to use the VLAN (for the computers with NICs that support it), they grab an IP address from the VLAN and everything seems to work fine.

 

If the network were critical or I was setting it up for a business, then of course this would be a terrible idea.  But if you're just tinkering with VLANs at home like me, you might be able to get away with that dumb switch you have laying around!

Member
Posts: 146
Registered: ‎07-26-2017
Kudos: 39
Solutions: 2

Re: VLAN with an unmanaged switch

Noting that newer GS105 switches are web smart managed and do VLANS.

New Member
Posts: 18
Registered: ‎09-13-2018
Kudos: 1

Re: VLAN with an unmanaged switch

I think that the GS105E is the "smart managed plus" version.  You can still get the plain old unmanaged GS105, which is what I have.

Established Member
Posts: 975
Registered: ‎09-24-2017
Kudos: 202
Solutions: 78

Re: VLAN with an unmanaged switch

I have tested the GS105 and GS108 and a few other unmanaged switches and I have found that a lot of them seem to pass the VLAN frames without issue. However, keep in mind that unmanaged switches do not necessarily have a defined behavior when tagged VLAN frames arrive, so it is not always clear how it is handled -- there may be efficiency issues and might even broadcast (like old ethernet hubs) if the switching fabric doesn't know how to handle it. For a small network, it is probably not a big deal, though.

Reply