Reply
Emerging Member
Posts: 46
Registered: ‎02-09-2018
Kudos: 1
Accepted Solution

VLANs over non-switched interfaces

[ Edited ]

I'm planning a router-on-a-stick type of layout where an ER-4 will be the main router and two ER-X's will carry my VLANs to various parts of the house.  

 

The question (see diagram below) is with regard to accessing the same VLAN via two different router interfaces.  VLANs are created on the interface itself (vif) so to do what I want in the top-right of the diagram on eth2, do I simply create the same VLAN 400 again (on the same router) but apply it on eth2?  I understand how this works with a switch0 scenario, but I haven't quite grasped how this works without using switching.

 

I'd like the hosts on the top-right to get IPs from the VLAN 400 DHCP pool.

 

Home Network VLANs.png

 

Thank you!!


Accepted Solutions
Senior Member
Posts: 3,085
Registered: ‎08-06-2015
Kudos: 1305
Solutions: 176

Re: VLANs over non-switched interfaces

You would need to configure a bridge:  EdgeRouter - Create a bridge

 

Beware (as noted in the KB article) that traffic through a bridge interface is not offloaded.  This may or may not be an issue for your case.

 

Is that 'unmanaged' device an unmanaged switch?  If so you would probably want to use the base (untagged) interface eth2 instead of eth2.400 since the unmanaged switch wouldn't know what to do with the tagged frames.

 

What would be better would be to connect that 'unmanaged' device to your ER-X instead of the ER-4 so you leverage the builtin switch.

 

View solution in original post


All Replies
Senior Member
Posts: 3,085
Registered: ‎08-06-2015
Kudos: 1305
Solutions: 176

Re: VLANs over non-switched interfaces

You would need to configure a bridge:  EdgeRouter - Create a bridge

 

Beware (as noted in the KB article) that traffic through a bridge interface is not offloaded.  This may or may not be an issue for your case.

 

Is that 'unmanaged' device an unmanaged switch?  If so you would probably want to use the base (untagged) interface eth2 instead of eth2.400 since the unmanaged switch wouldn't know what to do with the tagged frames.

 

What would be better would be to connect that 'unmanaged' device to your ER-X instead of the ER-4 so you leverage the builtin switch.

 

Emerging Member
Posts: 46
Registered: ‎02-09-2018
Kudos: 1

Re: VLANs over non-switched interfaces

[ Edited ]

That's what I was afraid of.  Yes that is an unmanaged switch feeding an upstairs office.  Normally my internet modem lives there in the office - hence the layout in the diagram - but I'm getting new service installed next week. 

 

Based on your recommendation I might re-arrange location of devices so that the router is in the basement and the ER-X-SFP feeds the upstairs office via the CAT5e run instead, rather than the office feeding the rest of the house.

 

Does this make more sense below?

Home Network VLANs.png(And THANKS for replying!)

 

 

Regular Member
Posts: 694
Registered: ‎01-26-2015
Kudos: 178
Solutions: 63

Re: VLANs over non-switched interfaces

[ Edited ]

This won't work. 10.0.300.x and 10.0.400.x are no valid IP addresses Man Wink

You might want to replace VLAN 300/400 with 30/40 and rename the subnets accordingly. For consistency reasons rename VLAN200 to VLAN20 and same for the subnet.

 

 

I guess this was just a careless mistake though. As for the VLAN setup in general, this won't work either. Each interface is independent and without bridging them they won't be in the same network. You could add a simple 8 port VLAN switch in front of the ER-4 that handles the VLAN distribution instead. An ER-X (or ER-PoE5) could handle this scenario without an additional switch and without bridged interfaces as both of them offer an internal switch by themselves.

 

 

 

 

Member
Posts: 238
Registered: ‎01-10-2016
Kudos: 48
Solutions: 21

Re: VLANs over non-switched interfaces

Slightly off-topic... what tool are you using to create these diagrams? They look great.

Emerging Member
Posts: 46
Registered: ‎02-09-2018
Kudos: 1

Re: VLANs over non-switched interfaces

Yikes! 

 

Yes, please disregard my sloppy IP addressing there - I should not post these things when I'm tired.  We can take an extra '0' off those subnets Smilielol5

 

I think I can work with @waterside's suggestion and just shunt devices around so that the office (top-right) can be served by an ER-X instead of trying to bridge off the main router.

 

@kpfleming : thanks - I subscribe to Lucidchart, which seems to be improving all the time and is not super expensive.  Great option when you're self-employed.

Emerging Member
Posts: 46
Registered: ‎02-09-2018
Kudos: 1

Re: VLANs over non-switched interfaces

[ Edited ]

So what if I decided to put the office (top-right) on its own network (172.16.x.x or whatever) on eth2, and just create any needed routes to other networks sitting on eth1?  Would there be any performance penalty on an ER-4 for that?

 

The reason I ordered an ER-4 was to take advantage of its throughput.  If everything in the house has to funnel through an ER-X then it seems to defeat the purpose/power of an ER-4.

 

Home Network VLANs - alternate.png

 

Thanks again all.

Regular Member
Posts: 717
Registered: ‎06-17-2015
Kudos: 146
Solutions: 43

Re: VLANs over non-switched interfaces

Putting your office in its own subnet, won't be an issue.  With your current house configuration, the ER4 won't even break a sweat...

Senior Member
Posts: 3,085
Registered: ‎08-06-2015
Kudos: 1305
Solutions: 176

Re: VLANs over non-switched interfaces

You can indeed put the umanaged switch and its connected devices on a different unique subnet assigned to eth2 to avoid the need for a bridge.  You shouldn't need to "add" any routes anywhere:

  1. Devices on the new office subnet would use the address of eth2 as their default gateway
  2. Devices on the other vlans would use the addresses of their respective VIFs on the ER-4 as their default gateway(s)
  3. The ER-4 would already know the proper routes as they're all "connected" and would do the right thing.

 

Veteran Member
Posts: 7,233
Registered: ‎03-24-2016
Kudos: 1862
Solutions: 823

Re: VLANs over non-switched interfaces

You can use ER4 for routing, and ERX-s for switching. 

In switch mode, ERX has full Gigabit speed, this won't cripple your ER4 speed

Emerging Member
Posts: 46
Registered: ‎02-09-2018
Kudos: 1

Re: VLANs over non-switched interfaces

Since I'm still waiting for an ER-4, I tried doing a test of the plan above, using the ER-X-SFP as the router.

 

- All ER-X-SFP ports taken out of the switch

- eth0 is WAN

- eth1 has all VIFs/VLANs directly on it from diagram above

- eth2 has "office" network with a GW IP of 172.16.1.1

- configured appropriate DHCP servers and DNS forwarders

 

I set up an ER-X as the switch (connected to eth1 on router) 

- VLAN99 (mgmt) created on switch0 with its Management IP <--This used to be "1" but I decided on "99".

- remaining switch ports set up as follows, with trunk on eth0...

 

Screen Shot 2018-02-22 at 3.07.15 PM.png

 

I hope I've done that trunk port correctly.  Everthing is working in testing.  I thought I could make VLAN 99 the PVID but that breaks everything.  I must have all VLANs tagged as VIDs there to make it work.

 

What suprised me was hosts on the router's eth1 VLANs could ping hosts on the router's eth2 "office" LAN and vice-versa.  I knew VLANs could all talk to each other by default, but will any Edgerouter allow LANs on separate "raw" interfaces to talk to each other?  In the "production" set-up I will make the appropriate firewall rules, but just wanted to verify I'm making sense.

 

Thanks again everyone.

 

Emerging Member
Posts: 46
Registered: ‎02-09-2018
Kudos: 1

Re: VLANs over non-switched interfaces

I completely missed @waterside's last post about the routes being unnecessary.  That is indeed the case!

Regular Member
Posts: 374
Registered: ‎08-19-2016
Kudos: 97
Solutions: 19

Re: VLANs over non-switched interfaces


@msncookiewrote:

 

What suprised me was hosts on the router's eth1 VLANs could ping hosts on the router's eth2 "office" LAN and vice-versa.  I knew VLANs could all talk to each other by default, but will any Edgerouter allow LANs on separate "raw" interfaces to talk to each other?  In the "production" set-up I will make the appropriate firewall rules, but just wanted to verify I'm making sense.

 


The traffic is probably going from the EdgeRouter X to theEdgeRouter X-SFP, since (if I correctly understand what is configured) it is the default gateway for all these networks. The X-SFP will route it to the subnet associated with the other VLAN. The traffic will then go back to the ERX and out on the appropriate port.

 

-- Pete

Emerging Member
Posts: 46
Registered: ‎02-09-2018
Kudos: 1

Re: VLANs over non-switched interfaces

It's nice not having to do any manual routes there.  I will simply create the appropriate "protected networks" groups on the firewall to block any "cross-talk" with IOT and Guest VLANs.

New Member
Posts: 8
Registered: ‎04-19-2016
Kudos: 1

Re: VLANs over non-switched interfaces

What did you use to make your network drawing?

Highlighted
Emerging Member
Posts: 46
Registered: ‎02-09-2018
Kudos: 1

Re: VLANs over non-switched interfaces

Reply