AX88U Pro and VLANs

[docluv01]

Hi Guys, I had a question about VLANs.

I have an AX88U Pro setup as a Router, and connected to this I have (2) RT-AC3100's as AiMesh nodes. The nodes are both connected to different parts of my house via a wired connection. All are on the latest/greatest Merlin official releases.

On my network, I have a Camera NVR which has 8 ports with 8 cameras connected. The cameras are on their own separate network created by the NVR (10.x.x.x). This network is obviously separate from my main network (192.168.1.x).

Now, my NVR has the ability to add 8 more external POE cameras. I have successfully added 2 more cameras on my main network using a unmanaged POE switches, all works well. These 2 cameras are on the 192.168.1.x network. For now, I haven't seen any network issues, but from what I have been reading if I add more cameras, I may see performance issues on my home network. As such, it was suggested I setup a VLAN for my cameras.

I see there is an alpha firmware for my router that gives a gui for VLAN's. I am trying to figure out the best way to do this. I know you can make the VLAN port specific on the router. But my problem is I have the cameras connected to each of my nodes. Forgive this dumb question but is there a way I can have a VLAN created just for cameras but available on all ports? meaning I put just the NVR and the other 2 external cameras on a separate VLAN but they can be accessed from any port? I assume just put the NVR and cameras on a different subnet (eg. 192.168.10.x)?

Also, I know I can't setup VLAN id's on my NVR or cameras, so I assume I will have to use static ip's for everything?

Please let me know if I'm thinking of this wrong.

Thanks in advance!!

 

[bbunge]

A VLAN on the same physical wiring as the LAN will still use the resources (bandwidth) of that LAN. a VLAN is for security.
Now, if you put all your cams and NVR on the same switch the cam traffic will stay in that switch and not bother the rest of the LAN. This is what I do as I have a PoE switch that all the cams connect to and the NVR, Zoneminder server, is also connected to that switch. Then that switch is connected to the router. The PoE switch and server are connected to a UPS. The cams and server have static IP addresses so that part will keep working even when I mess up the router settings.

 

[docluv01]

A VLAN on the same physical wiring as the LAN will still use the resources (bandwidth) of that LAN. a VLAN is for security.
Now, if you put all your cams and NVR on the same switch the cam traffic will stay in that switch and not bother the rest of the LAN. This is what I do as I have a PoE switch that all the cams connect to and the NVR, Zoneminder server, is also connected to that switch. Then that switch is connected to the router. The PoE switch and server are connected to a UPS. The cams and server have static IP addresses so that part will keep working even when I mess up the router settings.

Thanks for the quick reply

I understand the bandwidth part on the LAN, which I'm ok with. Someone did say something about these cameras constantly broadcasting on the subnet, which would affect performance on my devices, which is why putting them on a different subnet would be "better".

Again, if I'm thinking of this incorrectly pls advise

TIA!

 

[bbunge]

Subnet or VLAN on the same LAN will use the LAN bandwidth.

The cams on Ethernet will not bother other clients as an Ethernet switch will isolate the traffic. Not so with WIFI as the router or AP will negotiate with the clients so all get a fair share of the WIFI bandwidth.

Yes, you can run different subnets on the same physical network. For most, however, it is best to keep it simple. With your AX88U Pro you can do some nifty tricks with VLAN. I set up a VLAN for my media devices with the TV, Dish and one NAS port on Ethernet VLAN with the other WIFI devices. Worked pretty good but I eventually went back to a simpler network. Put the TV and Dish back on WIFI after I added an AiMesh node.

 

[Tech9]

For now, I haven't seen any network issues, but from what I have been reading if I add more cameras, I may see performance issues on my home network. As such, it was suggested I setup a VLAN for my cameras.

It's the same physical network with the same bandwidth limit no matter how many VLANs (virtual networks) you run on it. If the cameras are generating a lot of traffic even on separate VLAN this will still affect negatively the entire physical network. You have to have separate physical network for the cameras or increase the bandwidth from GbE to 2.5GbE for example.

 

[Ripshod]

No real need to worry about bandwidth. A typical 1080p ip camera using H.264 compression won't exceed 4Mb at 30fps.

 

[docluv01]

No real need to worry about bandwidth. A typical 1080p ip camera using H.264 compression won't exceed 4Mb at 30fps.

Its a 4k camera

 

[docluv01]

Question, so if its best practice to segment off ports, my issue is I only have a single cable drop to parts of my house.

However, when I say single cable drop, I mean 1 cat6 and 1 coax. I'm thinking i can use a Moca 2.5 adapter and have a separate VLAN on the coax for my cameras and Moca devices. Would that work? I have used Moca in the past and has worked well.

TIA!

 

[CaptainSTX]

Question, so if its best practice to segment off ports, my issue is I only have a single cable drop to parts of my house.

However, when I say single cable drop, I mean 1 cat6 and 1 coax. I'm thinking i can use a Moca 2.5 adapter and have a separate VLAN on the coax for my cameras and Moca devices. Would that work? I have used Moca in the past and has worked well.

TIA!

Another option to consider is to use inexpensive smart switches and set up 802.1Q VLANs. This implementation of VLANs allows you to run multiple VLANs over a single Ethernet cable. You would need a pair of switches but at US$23 each it is probably less costly than a pair of MOCA adapters.

 

[docluv01]

Another option to consider is to use inexpensive smart switches and set up 802.1Q VLANs. This implementation of VLANs allows you to run multiple VLANs over a single Ethernet cable. You would need a pair of switches but at US$23 each it is probably less costly than a pair of MOCA adapters.

Hmm, thats an idea. SO with this type of VLAN, I won't have to do anything on the router, but simply segment on the switches themselves? Or would I have to set that up on the router first?

Can you recommend a model?

Would a Netgear GS308E work?

TIA!

 

[CaptainSTX]

Hmm, thats an idea. SO with this type of VLAN, I won't have to do anything on the router, but simply segment on the switches themselves? Or would I have to set that up on the router first?

Can you recommend a model?

Would a Netgear GS308E work?

TIA!

You don't have to do anything on the router. You just run an Ethernet cable from a LAN port on the router to a LAN port on the first switch in the network. Through the firmware on the switch you set up the 802.1Q vlan(s). You then using your existing Ethernet drop connect to the smart switch at the far end and program it so that each of ports belongs to a designated 802.1Q VLAN.

The switch you mentioned should work just fine. If you don't need or think you need 8 ports you could buy just a 5 port. The pair of switches don't have to have the same number of ports. You could have 5 ports at one end and 8 at the other. Since 802.1Q VLANs are not port based you can assign one or more ports on either router to the same VLAN.

I use two TP-Link SG108E smart switches. They have worked flawlessly since 2018. I run three VLANs on them. I can't tell you if Netgear switches are equivalent or better.

I don't know if firmware has improved but when I was setting up my VLANs it was a little confusing and I had to do some research but once they were setup they just work and need no attention unless for some reason you want to reconfigure them.

 

[docluv01]

You don't have to do anything on the router. You just run an Ethernet cable from a LAN port on the router to a LAN port on the first switch in the network. Through the firmware on the switch you set up the 802.1Q vlan(s). You then using your existing Ethernet drop connect to the smart switch at the far end and program it so that each of ports belongs to a designated 802.1Q VLAN.

The switch you mentioned should work just fine. If you don't need or think you need 8 ports you could buy just a 5 port. The pair of switches don't have to have the same number of ports. You could have 5 ports at one end and 8 at the other. Since 802.1Q VLANs are not port based you can assign one or more ports on either router to the same VLAN.

I use two TP-Link SG108E smart switches. They have worked flawlessly since 2018. I run three VLANs on them. I can't tell you if Netgear switches are equivalent or better.

I don't know if firmware has improved but when I was setting up my VLANs it was a little confusing and I had to do some research but once they were setup they just work and need no attention unless for some reason you want to reconfigure them.

Thank you man!!!! This will def help! I was thinking of setting vlans from the router, but this seems much more "cleaner" in my situation.

I see netgear has POE switches that can be setup the same way. this may be even better!

I take it it doesn't really matter if you use the same manufacturer.,,,each switch has its own configuration really.

 

[CaptainSTX]

Thank you man!!!! This will def help! I was thinking of setting vlans from the router, but this seems much more "cleaner" in my situation.

I see netgear has POE switches that can be setup the same way. this may be even better!

I take it it doesn't really matter if you use the same manufacturer.,,,each switch has its own configuration really.

I don't know if you could get 802.1Q VLANs to work if you used switches from different manufacturers. The data packets have a wrapper and no idea if there is an industry standard. Also as I said setting up 802.1Q might be confusing and trying to follow different instructions from two manufacturers isn't going to make it easier.

 

[docluv01]

I don't know if you could get 802.1Q VLANs to work if you used switches from different manufacturers. The data packets have a wrapper and no idea if there is an industry standard. Also as I said setting up 802.1Q might be confusing and trying to follow different instructions from two manufacturers isn't going to make it easier.

thanks I'll stick to 1