Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: VMG8924: Can I put the wifi on a VLAN?  (Read 1523 times)

LordFox

  • Member
  • **
  • Posts: 24
VMG8924: Can I put the wifi on a VLAN?
« on: January 08, 2021, 08:15:30 PM »

More specifically, I need to have two wireless networks (four SSIDs, two each for 2.4GHz and 5GHz). Each wireless network needs to be on a different VLAN, which is trunked through the LAN4 port to my router along with the VLANs' access ports, LAN1,LAN2 on one VLAN and LAN3 on the other.

The VDSL will be bridged, and in an interface bridge group with the fifth port (in LAN mode) as an uplink to my router so isolating it from the other four ports and wifi.

Am I asking too much?

I currently have a VGM8324 connected for my internet (current config follows), but bought the 8924 to try to get the above working.

The 8324 is currently bridging, with the VDSL (ptm0.1) in a bridge group with LAN5 as the 'uplink' to my router which is a good distance away. LAN1-LAN4 and my (currently single) wireless network are in another bridge group with a connection back to my switch, so I can use that group of ports as a local switch, use the wifi, and log on to the 8924 easily. No VLANs are configured on it.

I've been experimenting with my spare 8924, but for the life of me cannot figure out how to do this. There seems no way to put the wireless interface into a VLAN. Furthermore, despite configuring the VLANs seemingly correctly (see attachment), it just doesn't work. The whole lot of ports (1-4) still behave as if no VLANs are configured, probably because the won't leave the 'default' group. I might have missed something there though; programming a Cisco router is straightforward compared to this, lol. There's no point though if I can't attach the wifi to the VLANs.

ETA: The VLAN config is at least partially working. The trunk works to my switch and I can connect through that to the IP address I put on one of the VLANs in the 8924.
« Last Edit: January 08, 2021, 08:42:20 PM by LordFox »
Logged
PN 80/20 FTTC /29 subnet. VMG8324 modem. Mikrotik RB3011 Router. SG300 Switches. /48 IPv6 prefix. PiHoles. Stratum-1 NTP. Fibre around the house.

burakkucat

  • Respected
  • Senior Kitizen
  • *
  • Posts: 38300
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: VMG8924: Can I put the wifi on a VLAN?
« Reply #1 on: January 08, 2021, 10:54:03 PM »

Hmm . . . I have no experience of a VMG8924 but, having read through what you would like to achieve, I suspect it is just too complex for the device. However my "tingles in the whiskers", upon which my suspicion is based, have been shown to be wrong in the past and so that might also be the case here.

Perhaps other members who use a ZyXEL VMG8924-B series device will comment?  :-\
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

LordFox

  • Member
  • **
  • Posts: 24
Re: VMG8924: Can I put the wifi on a VLAN?
« Reply #2 on: January 09, 2021, 12:34:46 AM »

Yep, seems to be a no-go.

I've also found a far more fundamental problem: on the VLAN access and trunk ports, I can still access the Default group IP address (and so the config) of the VMG8924 simply by using that subnet on the attached PC. There is no isolation of the VLANs from that because the firmware does not remove the ports from the Default group even though they have been added to a VLAN group. That defeats the whole purpose of this (security) even if I could add the wifi to the VLAN.

I can remove and add the interfaces to the bridge groups (and so VLANs) using the console, which seems to have the desired effect (not tested it exhaustively) but only until the VMG8924 reboots. There's no way to save such changes.

So much for that idea then. 'Tis my own fault for not fully RTFM'ing before I bought it, and making the mistake of assuming that claiming multiple SSID and 802.1Q support was enough. Such is life, lol.
Logged
PN 80/20 FTTC /29 subnet. VMG8324 modem. Mikrotik RB3011 Router. SG300 Switches. /48 IPv6 prefix. PiHoles. Stratum-1 NTP. Fibre around the house.

burakkucat

  • Respected
  • Senior Kitizen
  • *
  • Posts: 38300
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: VMG8924: Can I put the wifi on a VLAN?
« Reply #3 on: January 09, 2021, 04:01:49 PM »

Yep, seems to be a no-go.

That's unfortunate. (But not too surprising.)  :(

I would be interested in knowing which device you ultimately decide upon to fulfil the role.
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

Alex Atkin UK

  • Addicted Kitizen
  • *****
  • Posts: 5260
    • Thinkbroadband Quality Monitors
Re: VMG8924: Can I put the wifi on a VLAN?
« Reply #4 on: January 09, 2021, 08:14:20 PM »

Yeah, I never got anywhere with VLANs until router, Access Point and Smart Managed switches were all separate units.

Lately I've been trying to re-enable IPv6 on its own VLAN but found the stupid Xbox doesn't like IPv6 only service which is ironic as originally they said Xbox Live would go pure IPv6 with Xbox One, but it seems that never happened it just fires up Teredo on certain games.
Logged
Broadband: Zen Full Fibre 900 + Three 5G Routers: pfSense (Intel N100) + Huawei CPE Pro 2 H122-373 WiFi: Zyxel NWA210AX
Switches: Netgear MS510TXUP, Netgear MS510TXPP, Netgear GS110EMX My Broadband History & Ping Monitors

LordFox

  • Member
  • **
  • Posts: 24
Re: VMG8924: Can I put the wifi on a VLAN?
« Reply #5 on: January 10, 2021, 06:58:14 AM »

Yes, separate units seems the way it will have to be. I've given up on the 8924 as far as multiple SSID/VLAN goes. The firmware clearly doesn't support managing VLANs in a meaningful way.

I've just ordered a TP-Link EAP225 AP. I'll still use the 8924 as my modem in the hallway where the phone line enters, and have its switch ports and wifi just on the main VLAN. My 8324 can be relegated to spare.

The EAP225 should properly support VLANs from the looks of it. I used to design wireless networks; I was a '3COM Wireless Enterprise Expert', lol, and that dates me. The kit I installed was much more expensive (big managed systems usually) but I can't afford that stuff for home use and it was a lifetime ago.

I'm thinking of splurging and getting a hAP AC2 as an extra AP as well, and swap it for my current router. The hAP is actually a more powerful router too, as well as an AP. I'll see how coverage goes with the EAP225 first though.

My current router is a Mikrotik RB850GX2, in the loft cabinet with my L3 Cisco switch and a Raspberry Pi running PiHole and a stratum 1 ntp server with a timekeeping GPS.

I used to have an IPv6-only VLAN, for testing, but there wasn't much would actually run happily on it.
Logged
PN 80/20 FTTC /29 subnet. VMG8324 modem. Mikrotik RB3011 Router. SG300 Switches. /48 IPv6 prefix. PiHoles. Stratum-1 NTP. Fibre around the house.

burakkucat

  • Respected
  • Senior Kitizen
  • *
  • Posts: 38300
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: VMG8924: Can I put the wifi on a VLAN?
« Reply #6 on: January 10, 2021, 04:28:17 PM »

Thank you for those further background details.

It's been a long while since I last looked at any 3COM equipment.  :)
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

LordFox

  • Member
  • **
  • Posts: 24
Re: VMG8924: Can I put the wifi on a VLAN?
« Reply #7 on: January 16, 2021, 07:29:02 PM »

Aye, my 3COM kit is a bit old now; all ABG and a bit past its prime. I still have a bunch of dual radio APs that are covered by HP with a lifetime warranty as part of the deal when HP acquired 3COM. I used to love the 'active countermeasures' on some of that kit. It could basically do an automatic DOS/Deathentication attack on any APs and clients that intruded into the controlled area. Great fun!

I'm just updating my situation from above. My EAP225 arrived, and was a dream to configure. Took all of five minutes including updating the firmware. Four SSIDs, two VLANs for the Main and IoT networks, management VLAN, unused default VLAN... then I put a trunk on my SG300-28 switch to it and away we went.

At the moment the switch is routing between the VLANs for testing but tomorrow I'll get up into the loft and move a few wires around. Then my router can do that routing, and apply a stateful firewall so I can contact the devices on the IoT VLAN from the Main VLAN for configuration, but devices on IoT can't initiate a connection to Main.

I'm expecting an SG300-10MPP next week for a PoE switch. That will have an aggregated link to the main switch and power my IP cameras and the EAP225 to get rid of all the individual PoE adapters currently having a tangle party around my cabinet.

I don't think I'll need the new router for the additional AP it has. The EAP225 seems to give a really good signal throughout the house and I'll be keeping the radios on in the VMG8924 to give additional Main VLAN coverage in that far corner.

Job done; almost.
Logged
PN 80/20 FTTC /29 subnet. VMG8324 modem. Mikrotik RB3011 Router. SG300 Switches. /48 IPv6 prefix. PiHoles. Stratum-1 NTP. Fibre around the house.

burakkucat

  • Respected
  • Senior Kitizen
  • *
  • Posts: 38300
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: VMG8924: Can I put the wifi on a VLAN?
« Reply #8 on: January 16, 2021, 07:35:08 PM »

That reads as a fun task.  ;)  Thank you for the latest update. (I'm sure other members also share my interest.)
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

LordFox

  • Member
  • **
  • Posts: 24
Re: VMG8924: Can I put the wifi on a VLAN?
« Reply #9 on: February 03, 2021, 10:57:59 PM »

I finally managed to do a network diagram, of sorts. I gave up with the so-called professional network diagrammers and just made it in Word. Thought you might like it. Most of the kit lives in and around a rack in the loft, apart from the obvious (the Zyxel is in a cupboard in the hallway).



« Last Edit: February 03, 2021, 11:12:27 PM by LordFox »
Logged
PN 80/20 FTTC /29 subnet. VMG8324 modem. Mikrotik RB3011 Router. SG300 Switches. /48 IPv6 prefix. PiHoles. Stratum-1 NTP. Fibre around the house.

burakkucat

  • Respected
  • Senior Kitizen
  • *
  • Posts: 38300
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: VMG8924: Can I put the wifi on a VLAN?
« Reply #10 on: February 03, 2021, 11:06:15 PM »

Thank you for taking the time to document it and, then, sharing the result.  :)
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

LordFox

  • Member
  • **
  • Posts: 24
Re: VMG8924: Can I put the wifi on a VLAN?
« Reply #11 on: February 03, 2021, 11:26:22 PM »

This is the home-made precision timing GPS receiver (the green board inside the plastic box), and the uBlox monitor software connected to it. The rest of the circuitry is a GPSDO system I designed, keeping time to within 1ns instantaneous and less than 1ppt of error if averaged over a day.




Logged
PN 80/20 FTTC /29 subnet. VMG8324 modem. Mikrotik RB3011 Router. SG300 Switches. /48 IPv6 prefix. PiHoles. Stratum-1 NTP. Fibre around the house.
 

anything