Using 7206 and Deco M4
I've just purchased the ER7206 and want to add it into my home network as the router/firewall device. I currently use 3 x Deco M4s in Router mode.
My question is once I switch the Decos into AP mode. can I use VPNs on the ER7206 using them? Or do I need to change the AP hardware (which I do intend to do down the line).
I want to have 3 VPNs
- IoT
- Main
- Guest
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hey
Just to clarify, are you looking for VLANS and not VPNs? Namely you want to have 3x separate networks in your house for Guests, IOT etc? If so that's VLANs and most of us do that :)
VPN is allowing you to connect to the Router from external (4g / hotel wifi etc) so you can be "on your network" when you are away from home. I guess this is not what you are after as you mentioned guest / IOT etc..
If you are referring to VLANs then you will need some new hardware sadly.. VLANs require a switch to trunk the traffic, and APs that can support them. Sadly the DECO range doesnt support VLANs
You would need at least.. (in addition to your ER7206
1 Switch (something like an SG2008P)
1 Controller (Software or OC200 should do)
whatever number of EAPs.. EAP2xx or EAP6xx depending on your requirements.
Thats really your basics to get VLANs working.
In short the switch will create the VLAN (lets say guest with VLAN ID 123) and tell the ER7206 to allocate an address range (192.168.123.x).
Setup an SSID called Guest and set it for VLAN 123
Anything connects to the SSID GUEST will be added to VLAN123, given an address ending 192.168.123.xxx and that data will be trunked via the switch to the ER7206 tagged for that VLAN. You can then lock that VLAN to internet only / no access to other VLANS etc but this is all done on the switch
In short switches are for VLANs :)
- Copy Link
- Report Inappropriate Content
Hey
Just to clarify, are you looking for VLANS and not VPNs? Namely you want to have 3x separate networks in your house for Guests, IOT etc? If so that's VLANs and most of us do that :)
VPN is allowing you to connect to the Router from external (4g / hotel wifi etc) so you can be "on your network" when you are away from home. I guess this is not what you are after as you mentioned guest / IOT etc..
If you are referring to VLANs then you will need some new hardware sadly.. VLANs require a switch to trunk the traffic, and APs that can support them. Sadly the DECO range doesnt support VLANs
You would need at least.. (in addition to your ER7206
1 Switch (something like an SG2008P)
1 Controller (Software or OC200 should do)
whatever number of EAPs.. EAP2xx or EAP6xx depending on your requirements.
Thats really your basics to get VLANs working.
In short the switch will create the VLAN (lets say guest with VLAN ID 123) and tell the ER7206 to allocate an address range (192.168.123.x).
Setup an SSID called Guest and set it for VLAN 123
Anything connects to the SSID GUEST will be added to VLAN123, given an address ending 192.168.123.xxx and that data will be trunked via the switch to the ER7206 tagged for that VLAN. You can then lock that VLAN to internet only / no access to other VLANS etc but this is all done on the switch
In short switches are for VLANs :)
- Copy Link
- Report Inappropriate Content
Thanks for the reply, it is VLANS I wanted to create not VPNs (currently).
I do have one Jetstream switch (8 port POE managed) in my loft for my external CCTV cameras.
i need to replace my Netgear 16 port switch in my home office with a TP-Link POE one, then purchase a couple of AP devices from TP-Link.
At this point from your reply I could then seperate out IOT WiFi traffice to its own VLAN, Main traffic to its own VLAN and lastly a guest WiFi VLAN.
The bit I havent got my head around is having say one AP device that broadcasts multiple SSIDs (although saying that the Deco does create an SSID_guest network based on your chosen SSID).
So if the APs broadcast multiple SSIDs then in my head I think I've got it (and a shopping list to go with it eventually!)
- Copy Link
- Report Inappropriate Content
Hey
Yeah you can indeed separate out the VLANs, its generally common enough to do this. In terms of Omada, when you create a VLAN its generally got full access to the other VLANs. Lets take GUEST vlan for example
If I was to going to create a Guest VLAN, I would also create an SSID called Guest and link it to the same VLAN. There is two things I would then do.
1. Set the SSID as GUEST, this will stop anyone on the SSID connecting to other users (internet only)
2. Create an ACL (access control list) on the switch to disable any access from the guest vlan to the other vlans (deny rule) and that should suffice.
Therefore anything on the guest SSID goes to the Guest VLAN, and if you apply the guest profile to a port on the switch, anything connected to that port will also be on the guest vlan.
In terms of your APs, they need to be on a switch port profile that can see ALL your VLANs (well all the ones you want it to be able to access anyways)
So setting up an SSID in omada is done on the controller, literally set the name / encryption cypher / password and go... within a few seconds all APs will update and start broadcasting the SSID.
In answer to your question, yes EAPs can broadcast up to 16 SSIDs (8 on each 5 / 2.4 GHz) per EAP as they are more powerful radios, this is the difference in business grade vs home grade. This wont cause any issues, however the SSIDs will be on the same channel as channels are per EAP not SSID.
- Copy Link
- Report Inappropriate Content
Should also mention, if you are going for a new install, depending on your budget and how many device you have to connect then 2.5gbps networking might be a consideration
Most switches and APs are 1gbps ports, that should easily suffice up to 60 devices.. possibly more. However if ££ isn't an issue then 2.5 or even 10gbps networking is starting to appear, this would work well with the EAP660 as it has a 2.5gbps LAN port. However these switches are MUCH more expensive, but can handle many many more clients.
Like everything its down to cost!
- Copy Link
- Report Inappropriate Content
@Philbert Thanks for the really useful information.
I have around 60 clients in total wired/wireless as it stands.
My internet connection is 500mbps as it currently stands.
I think I need to get a 16 Port switch with POE for my office (which I dont think they do, so maybe 2 x 8 port or 1 x 24), a new 8 port POE for loft and a 4 port POE for lounge. All of these can then do the VLANS and power any AP devices.
In terms of the 2.5gbps + models, will my hardware make use of this? I have a 2021 HP Omen gaming laptop that I use on WiFi as my main machine. With a HP Microserver as a NAS and dedicated CCTV PC. None of these devices have anything more than a 1gbps network card.
- Copy Link
- Report Inappropriate Content
Sadly they dont have a 16 port switch at present, but they do have a few 24 ports which may work out better for you than 2x 8 ports in the office (TL-SG2428P), they only do 8 port POE on the SDN (SG2008P) so they may be best for the loft and lounge.
With 60 clients and 500mbps you are likely OK with the 1gb ports, but the 2.5gbps is more for the backhaul traffic between switches. Being honest, likely overkill for you based on what you said, personally I have 1gb internet connection and 40 odd devices on 1gb switches.. never saturated it for more than a few seconds (large transfers or something like that)
The only seller I can see for 2.5gb ports is if you are going to move to 1gb+ internet speed anytime soon. However if not for a few years, then wait till the switches come down and replace then! :)
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1812
Replies: 6
Voters 0
No one has voted for it yet.