If you're on Comcast / Xfinity, and if you're in one of their "enhanced" service markets, then you might want to consider the Hitron Coda56 modem, which is on their approved list for faster upload speeds. If not, the S33 is perfectly acceptable.
TiggerLAS
joined 1 year ago
Yes.
On the switch, define the ports that need to be on VLAN2 as "access ports".
VLAN2, Untagged, PVID2
Then use a single cable from your edgerouter to any one of those ports.
Make sure that no other (V)LANs are assigned to that particular port on the EdgeRouter.
Mesh can certainly be viable in situations where it is simply not possible or practical to install ethernet to support traditional access points.
You could be in an apartment or rental housing where you can't readily install the necessary cabling because you don't own the property, are in a historic home where you can't or don't want to risk damage to finished surfaces, or simply don't want the interruptions to the aesthetics. Or you might be in a home where there aren't accessible wall or ceiling cavities to run cabling.
Then there is always the balance between affordability and portability.
That being said, distributed WiFi via traditional ceiling-mounted access points are generally better than integrated table-top mesh units, both from a performance and stability stand point.
Stand-alone, non-mesh routers. . . probably about profitability. Low cost routers for the folks that can't afford, or don't need more advanced devices.
What ISP speeds will you be dealing with?
Do you actually need 24 ports?
How many access points will you be using?
A switch port port can support the following:
1 or more Tagged VLANS
1 Untagged VLAN by itself
1 Untagged VLAN plus one or more Tagged VLANs
A switch port CANNOT support more than one Untagged VLAN.
In all of your pictures, port 4 is correct.
In the 2nd picture - you'll note that the VLAN60 and 61 boxes are red. That's because you've selected Untagged VLAN60 and Untagged VLAN61 on ports 1, 2, 3, and 5. That isn't a valid configuration.
Your first picture has VLAN60 set for untagged traffic on ports 1, 2, 3, and 5. . . anything plugged in to those ports would be dumped onto VLAN60 during normal operation.
If you want VLAN61 as untagged on ports 1, 2, 3, and 5, you'd change the VLAN60 entries on ports 1,2, 3, and 5 to "E", and then in the VLAN61 row, change 1, 2, 3, and 5 to "U".
So, top row correct for VLAN60, middle row completely invalid, and bottom row won't put any VLANs on ports 1, 2, 3, and 5.
If you have a spare coax cable that you can use for testing (even if it is a short one), try swapping it out, and see if your blue lights come back on.
I've had borderline / intermittent coax cables in the past.
For trunk ports, the port on each end of the cable should be configured identically. So, if you set your ports on your router for Tagged 60 and 61, the port on the switch you're connecting it to should also be set for Tagged 60 and 61, and of course be configured as a Trunk port.
To assign a specific VLAN to the other ports on your switch:
Port Mode: Access
VLAN60, Untagged, PVID60
- or -
VLAN61, Untagged, PVID61
Anything plugged into those ports would be dumped onto the specificed VLAN, whether the device is VLAN-Aware or not.
If you do go with a new set of powerline adapters, try one of the adapters with the new(er) G.hn technologies, such as the Zyxel PLA6456 or similar.
Who is the carrier?
Some providers will sell you a public/static IP address for a monthly fee, which would make the CGNAT a non-issue. I'm not saying that is the route to go. . . just a possibility.
I don't use the default VLAN (VLAN1) on my network; I have one port assigned to VLAN1 on my ER-X, which I can plug into for management access to the ER-X. Everything else is on its own VLAN.
I created a few VLANs on my ER-X, and then used simple firewall rules to deny or permit access from one VLAN to the next as needed.
So:
VLAN1 = Unused, assigned to 1 port on ER-X for management. Untagged.
VLAN2 = PCs, phones, etc.
VLAN3 = Smart TVs, other smart devices.
VLAN4 = Guest network.
With that said, your plan would also work.
Add VLAN2 for your kid's devices. Add your NAT rules for internet access. Add Firewall rules to prevent access between VLANs. Add Firewall rules to allow access from your kid's network to printer. Trunk port to your access point, as you indicated in your diagram. Separate SSID for your kid's WiFi stuff, tied to their VLAN. Access port for your kid's hard-wired devices.
view more: next ›
Surface mount may be the way to go.
You can get surface mount boxes with keystone jacks that point out the side. These will be reasonably low-profile.
You could probably "rough up" the cover a bit with some sandpaper, and paint the cover of the box so that it blends in with the color of your bricks.
If you install the surface mount so that the jack(s) themselves point towards the floor, it would naturally direct the cables downwards, while hiding the unpainted faces of the keystone jack from direct view.
Additionally, you could choose dark-colored RJ45 keystone jacks, such as black, dark red, or grey, rather than using the more stark white or almond colors.