1

This is probably asked a thousand times but I can't seem to find an answer.

The situation is this:

I have one Ethernet connection (over 4G) which will be used by 2 households. I need to seperate the internet connection in 2 different networks unable to talk to each other.

What I found so far is using a managed switch and make use of VLAN. I think the solution is this:

enter image description here

VLAN1:

  • Untagged: port 2 till 23
  • Tagged: port 24 (where the router is plugged in)
  • Forbidden: port 1

VLAN2:

  • Untagged: Port 1
  • Tagged: port 24 (where the router is plugged in)
  • Forbidden: port 2 till 23

Am I doing this right? Does anyone know a better option?

Bilesh Ganguly
  • 829
  • 1
  • 6
  • 16
Maik Verheijen
  • 11
  • 2
  • Your 4g router is vlan capable right? You can think of each vlan as if it was on it's own physical switch. Two or more separate physical LANs need a router in-between. And it's the same for vlans – Tim_Stewart Apr 03 '18 at 16:08
  • The 4G router is a FRITZ!Box 6890 LTE. I don't think you can make VLANs with it (searched in the manual for VLAN, no results). Yes that's what i thought, but setting it up for the first time is hard. I used this website: goo.gl/QYmkFs Is it correct to make port 24 which is connected to the router tagged, so both VLAN's can communicate with the router? And did i set up the VLAN's correctly? so VLAN1 is port 2 till 23. and VLAN2 is only port 1. – Maik Verheijen Apr 04 '18 at 06:01
  • Yes, both vlans would be tagged going to the router (trunk port). Unfortunately you need a vlan capable router to do what your trying to do. (802.11q) there are free options out there, like pfsense or opensense. Because you have a vlan capable switch, you could install pfsense on a old laptop or tower, it would only need one nic. And you would configure it for "routing on a stick". – Tim_Stewart Apr 04 '18 at 15:04
  • Thank you @Tim_Stewart you helped me a lot! I thought a VLAN capable switch was enough. will check out the pfsense option! – Maik Verheijen Apr 05 '18 at 06:30

2 Answers2

1

As pointed by @Tim_Stewart, you can add a router (I suggest also Mikrotik) which is VLAN-aware, in a trunk port (so you have only a single NIC). Then, you add a third VLAN only for the 4G-router and VLAN-router.

If you use a Mikrotik, they have multiple ports, so you won't need a third VLAN.

Of course, if you need to isolate both networks, you need to configure some firewall on the router in order to allow internet from both networks, and reject every connection attempt from one to the other internal LAN.

  • You may want to add that the ISP connection would have it's own VLAN untagged connected to a designated switchport, but then tagged at the trunk. Regards, – Tim_Stewart May 04 '18 at 16:46
0

You can configure one of the LAN ports of the Fritzbox to be a Guest network. This will automatically separate two networks in the router, which you can then switch independently.

https://en.avm.de/service/fritzbox/fritzbox-6890-lte/knowledge-base/publication/show/949_Setting-up-LAN-guest-access-in-the-FRITZ-Box/

Configuring guest access

  • Click "Home Network" in the FRITZ!Box user interface.
  • Click "Network" in the "Home Network" menu.
  • Click on the "Network Settings" tab.
  • Enable the option "Guest access enabled for LAN 4".
lkraider
  • 199
  • 1
  • 4