Skip to main content
Forum FAQ's
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

ONT to 3rd Party Router via VLAN Aware switches

Go to solution
Mr_Incredible
Established Contributor
Established Contributor

‎19-11-2024 12:28 PM - edited ‎19-11-2024 12:37 PM

Hi.

When FTTP was originally installed to replace the copper line, it was impossible to run the fibre to the same location.  As a result, the fibre and ONT was brought into the front of the house (as opposed to the rear) where I have had a 1Gb  network switch connected to equipment in the lounge and being linked via ethernet to the rear of the house (where the old router used to be).

I have used the BT Smart hub in the front of the house because I had had DV from BT (& EE when I moved), but I have now gone with a third party VOIP supplier I don't need a DV capable router.

Although the new 'Smart' series of routers/extenders do what they say on the tin, I am nonetheless looking at setting up in a different way to allow me to isolate a WiFi SSID from my LAN for my IOT devices.  As a result, I need a router (and APs)  that will allow a combo of VLANS and ACLs to be set up in the router and switches.

I have two 'smart managed' L2 switches - one in the rear of the house and one in the front, and they are trunked with a 1Gb ethernet cable.  I would like to have a new router situated in the rear near the bulk of my devices and where I sit.

And to the question.......

I noticed on the details for using a 3rd party router here that the Fibre PPPoE connection has a VLAN ID (802.1q)  of 101.

Can I directly connect from the ONT to the switch in the front of the house, and by setting the switches VLAN configuration , 'trunk' the connection to a port on the switch in the rear of the house to which I will attached the WAN port of my router, and then connect a router LAN port onto the 'normal' LAN network via the switch?

Is this doable in anyone's experience?

Thanks

0 Helpful
1 SOLUTION

Accepted Solutions
Go to solution
Mr_Incredible
Established Contributor
Established Contributor
In response to Mustrum

‎20-11-2024 12:08 AM - edited ‎20-11-2024 12:16 AM

@Mustrum  Well, it's been an interesting journey to prove the principal and my assumptions about how I might setup and test  it!.

I was fairly confident that it *SHOULD* work, but as I haven't delved into VLAN tagging, untagging and PVIDs before, I wasn't too confident in achieving my goals across two trunked-switches and keeping other LAN traffic off the one 'dedicated' port on each of the switches (TL-SG108E).

I can't quite believe how much success I had in the end!!  Dead chuffed!

Believe it or not, before moving off FTTC (130Mbs) to FTTP (900Mbs), I was using an old Netgear router WNDR3700V1 which first saw the light of day back in 2009 - so about 15 years old!  I had installed DD-WRT on it and it was a stable as anything.  But once I was on FTTP and DV, I had to use the BT Smart Hub 2 and the Netgear was just pressed into working as a hub in the office.  (DD-WRT could re-assign the WAN port to be a LAN port).

Anywhoo......  As DD_WRT is to a bit long in the tooth for the Netgear, a few weeks ago I flashed it back to stock Netgear firmware and tested it out in the ONT using the PPPoE credentials that worked on the BT hub.  Although it connected OK, a Google confirmed that people had struggled with a 1Gb WAN connection in that although the LAN-LAN ports worked fine on 1Gb, the WAN-LAN interface was struggling.  According to a Netgear spec page the WAN-LAN had an expected throughput of 408Mb/s.  I was achieving about 450 so not that bad.  But sufficient perhaps for me to test the theory.

So the plan.

1.  Switch #1   & Switch #2  Initially no VLANs setup other than the default VLAN1 which is broadcast and untagged on all 
Use a new VLAN999 to route the WAN connections.
Be careful not to expose the the rest of the LAN to the 'WAN' 'ports' by removing VLAN1 as appropriate.

VLAN1 settings Switch 1:                                  VLAN1 settings Switch 2:

Port 8 - Trunk port to SW2                                                       Port 1 - Trunk Port to SW1            
Port 7 - Assigned dedicated 'WAN' from SW2              Port 5 - From ONT
Port 7 - PVID 999                                                                          Port 5 - PVID 999

vlan1sw1.png   vlan1sw2.png

  

 

 

 


VLAN999 settings Switch 1:                                VLAN999 settings Switch 2:


vlan999sw1.pngvlan999sw2.png       

 

 

 

 

SW1 Summary

SW1Vlansummary.png

 

 

SW2 Summary
SW2Vlansummary.png

 

 

2.  Test the 'WAN' VLANs work as expected - Attached Shield TV to Port 5 on SW2 (static IP), and on a VM on my PC connect via a USB ethernet adapter (static port same subnet) to Port 7 on SW1.   I could ping the Shield no problem from the VM, but not from my main PC (attached to Port 4 on SW1) .  The VM could not ping any devices on my LAN even though both the LAN and the 'WAN' ports were on the same 192.168.1.0/24 subnet.  Looking good!

3. Belt and braces....  Attached the Netgear WAN to the ONT directly next to SW2, and connected a LAN port off the Netgear to Port 5 on SW2.  Netgear set to PPPOe on the WAN.  Tested from the VM (connected via VLAN999 on Port 7 on SW1) and I got internet!  Ping tested from the VM and my PC and neither VLANs could see any devices on each of them!  Result.

4. So now moved the Netgear next to SW1.   Connected ONT direct to Port 5 on SW2 and the Netgear WAN port to Port 7 on SW1.  Used a Netgear LAN port to connect to the USB ethernet on the VM.  Yay!  The Netgear made a PPOe connection through both switches on VLAN999.  Again, no device on VLAN 1 could see any device on VLAN999 and vice-versa.

5.  Oookla speedtest:   430Mbs DOWN and 109Mbs UP.  Mmmmmm.......

6.  Took my life in my hands and flashed the Netgear with the latest OpenWRT and configure it with Software and Hardware offloading on the Firewall.  Oookla test:  890Mbs DOWN and 109 Mbs UP. Yikes!   The Netgear really likes OpenWrt under the hood!  Just need to figure out how to get the WiFi going now.

Well, I may not need to buy a new router to replace the current EE router in order to get VLANs working on the WiFi APs!

Hope this may help someone else who wants to tinker with multiple switches and VLANs and 'remote' ONT to the physical location of the router.

View solution in original post

6 REPLIES 6
Go to solution
Mustrum
EE Community Star
EE Community Star

‎19-11-2024 12:52 PM

@Mr_Incredible  You need to look at the Full Fibre settings, not Fibre which is the old VDSL - so no Vlan required, that is done by the modem (ONT)

Providing you can configure a clear 1Gb point to point connection you should be able to connect the ONT to the router.

Go to solution
Mr_Incredible
Established Contributor
Established Contributor

‎19-11-2024 01:01 PM

Ah, right.  Missed that one!

However, question part deux....

If I put a (unique) PVID on the port I connect to the ONT to, and then 'route' that through to the 2 x switches to the port connected to the WAN on a new router, would that likely work?

0 Helpful
Go to solution
Mustrum
EE Community Star
EE Community Star
In response to Mr_Incredible

‎19-11-2024 03:09 PM

@Mr_Incredible  I would have thought so, easy enough to give it a go I imagine.

Let us know how you get on.

 

0 Helpful
Go to solution
JimM11
Brilliant Contributor
Brilliant Contributor

‎19-11-2024 03:14 PM

@Mr_Incredible Does not matter where the router is located, as long as you can get to it over the lan. 

Go to solution
Mr_Incredible
Established Contributor
Established Contributor
In response to Mustrum

‎20-11-2024 12:08 AM - edited ‎20-11-2024 12:16 AM

@Mustrum  Well, it's been an interesting journey to prove the principal and my assumptions about how I might setup and test  it!.

I was fairly confident that it *SHOULD* work, but as I haven't delved into VLAN tagging, untagging and PVIDs before, I wasn't too confident in achieving my goals across two trunked-switches and keeping other LAN traffic off the one 'dedicated' port on each of the switches (TL-SG108E).

I can't quite believe how much success I had in the end!!  Dead chuffed!

Believe it or not, before moving off FTTC (130Mbs) to FTTP (900Mbs), I was using an old Netgear router WNDR3700V1 which first saw the light of day back in 2009 - so about 15 years old!  I had installed DD-WRT on it and it was a stable as anything.  But once I was on FTTP and DV, I had to use the BT Smart Hub 2 and the Netgear was just pressed into working as a hub in the office.  (DD-WRT could re-assign the WAN port to be a LAN port).

Anywhoo......  As DD_WRT is to a bit long in the tooth for the Netgear, a few weeks ago I flashed it back to stock Netgear firmware and tested it out in the ONT using the PPPoE credentials that worked on the BT hub.  Although it connected OK, a Google confirmed that people had struggled with a 1Gb WAN connection in that although the LAN-LAN ports worked fine on 1Gb, the WAN-LAN interface was struggling.  According to a Netgear spec page the WAN-LAN had an expected throughput of 408Mb/s.  I was achieving about 450 so not that bad.  But sufficient perhaps for me to test the theory.

So the plan.

1.  Switch #1   & Switch #2  Initially no VLANs setup other than the default VLAN1 which is broadcast and untagged on all 
Use a new VLAN999 to route the WAN connections.
Be careful not to expose the the rest of the LAN to the 'WAN' 'ports' by removing VLAN1 as appropriate.

VLAN1 settings Switch 1:                                  VLAN1 settings Switch 2:

Port 8 - Trunk port to SW2                                                       Port 1 - Trunk Port to SW1            
Port 7 - Assigned dedicated 'WAN' from SW2              Port 5 - From ONT
Port 7 - PVID 999                                                                          Port 5 - PVID 999

vlan1sw1.png   vlan1sw2.png

  

 

 

 


VLAN999 settings Switch 1:                                VLAN999 settings Switch 2:


vlan999sw1.pngvlan999sw2.png       

 

 

 

 

SW1 Summary

SW1Vlansummary.png

 

 

SW2 Summary
SW2Vlansummary.png

 

 

2.  Test the 'WAN' VLANs work as expected - Attached Shield TV to Port 5 on SW2 (static IP), and on a VM on my PC connect via a USB ethernet adapter (static port same subnet) to Port 7 on SW1.   I could ping the Shield no problem from the VM, but not from my main PC (attached to Port 4 on SW1) .  The VM could not ping any devices on my LAN even though both the LAN and the 'WAN' ports were on the same 192.168.1.0/24 subnet.  Looking good!

3. Belt and braces....  Attached the Netgear WAN to the ONT directly next to SW2, and connected a LAN port off the Netgear to Port 5 on SW2.  Netgear set to PPPOe on the WAN.  Tested from the VM (connected via VLAN999 on Port 7 on SW1) and I got internet!  Ping tested from the VM and my PC and neither VLANs could see any devices on each of them!  Result.

4. So now moved the Netgear next to SW1.   Connected ONT direct to Port 5 on SW2 and the Netgear WAN port to Port 7 on SW1.  Used a Netgear LAN port to connect to the USB ethernet on the VM.  Yay!  The Netgear made a PPOe connection through both switches on VLAN999.  Again, no device on VLAN 1 could see any device on VLAN999 and vice-versa.

5.  Oookla speedtest:   430Mbs DOWN and 109Mbs UP.  Mmmmmm.......

6.  Took my life in my hands and flashed the Netgear with the latest OpenWRT and configure it with Software and Hardware offloading on the Firewall.  Oookla test:  890Mbs DOWN and 109 Mbs UP. Yikes!   The Netgear really likes OpenWrt under the hood!  Just need to figure out how to get the WiFi going now.

Well, I may not need to buy a new router to replace the current EE router in order to get VLANs working on the WiFi APs!

Hope this may help someone else who wants to tinker with multiple switches and VLANs and 'remote' ONT to the physical location of the router.

Go to solution
Mustrum
EE Community Star
EE Community Star

‎20-11-2024 12:36 AM

Thanks for the update.

0 Helpful