RSS

Blog posts tagged with 'draytek'

Separating public WiFi from your terrestrial LAN with a DrayTek Router and Netgear Switch

Separating public WiFi from your terrestrial LAN with a DrayTek Router and Netgear Switch

In this example we are going to use an older Netgear switch as it is the one in place but this method will work equally as well for the GS752 or XS series, although the interface has been updated somewhat.

Fist of all it is important to not that the default DrayTek setup for ports is an untagged VLAN ID 10 and for Netgear it is a default untagged VLAN of ID 1

What this means is that by default, all the ports on the Netgear assume they are in VLAN1 if the data traffic packets are not 'tagged' with a number. So if you plug in your DrayTek AP910 and use the default VLAN of 10 then your WLAN will not reach your router. In this case we are not going to change any untagged port settings as we are onyl making a single 'tagged' VLAN so there will be no confusion. The important thing to note here is that each port can only have a single VLAN for 'untagged' becuase if there is no tag (no label to tell the device which VLAN to send the traffic to) then there can only be one default failback choice. There can only be one default for anything after all.

So bearing that in mind we are going to take the following action:

  1. We will make a VLAN on the DrayTek 3900 called sirclesPUB VLAN ID: 3
  2. To this VLAN we will tag the LAN port connected to the Netgear switch so that th e traffic labelled with VLAN ID:3 knows it should go to the Netgear switch.
  3. We will make a subnet associated with this LAN on the DrayTek with a different subnet to our usual 192.168.1.0/24 network
  4. We will use the inbuilt DHCP server onm the DrayTek and assign the ISPs DNS servers to the DHCP clients as they will not have access to the local Microsoft AD/DNS
  5. We will make an associated VLAN on the Netgear with VLAN ID: 3
  6. We will tag the ports connected to the DrayTek 3900 and the DrayTek AP-910 with this VLAN ID so tha the traffic know where to be routed
  7. We will associate the public WLAN with the VLAN ID so that the traffic that is tagged by the WLAN as VLAN ID: 3 remains separate and can be routed straight back to the router without interraction with the untagged default private LAN.

 

So let's get started, we login to the DrayTek 3900 and open up the LAN > General Set-up section.

 

Click Add to add a new LAN Profile, in this example we will use a Class B Subnet of 172.16.0.1/16:

 

DrayTek Vigor 3900 add LAN

 

The VLAN ID is set to 3

Our mode is NAT

Our router IP will be 172.16.0.1

We are choosing a /16 subnet

We enable DHCP server

We have chosen a huge range in this case but the WLAN is restricted to 64 clients at once by the defaul of the AP-910

We add the ISP DNS server addresses

Everything else can be left at default in this example as it is only a public Wi-Fi

Click Apply

 

In our example we see that the LAN has been successfully created:

 

DrayTek Vigor 3900 new LAN set-up

 

Now we move on to LAN > Switch section:

Under the 801.1Q VLAN section we click the Add button to add the new VLAN:

 

DrayTek Vigor 3900 new VLAN

 

We are making the SFP (fibre module) the tagged member in this case (DrayTek just call it a member rather than tagged) and we do not touch the untagged settings as we could lock ourselves out of the router if we do! In this set-up the DrayTek connects to the Netgear via SFP but you may well be selecting LAN_Port_1 in your example.

Click Apply to create the VLAN.

Now we have a separate network on a separate IP range with a tagged VLAN ID of 3, we must tell the Netgear switch to expect this tagged information on certain data packets and tell it what to do with them.

 

Open up the Netgear interface on your switch by browsing to the IP address.

Open up switching > VLAN

Create a new VLAN: 

Netgear GS748 add VLAN

 

We have given it a name to show what it is for but the name is just a label and only the VLAN ID: 3 is important

 

We now go to the member ship of the VLAN to choose the ports under Advanced:

 

Netgear GS748 VLAN Advanced

 

We choose the VLAN ID at the top to be our chosen new VLAN ID of 3

in this case the switch is describing itself as unit 1 and so we click the text to reveal all the ports:

 

Netgear GS748 VLAN Membership

We are tagging the ports and so they need to be populated with a T for Tagged

Port 5 is where our DrayTek AP910 is plugges in (there must be no other switches in between or you will have to configure them for the VLAN also)

Port 45 is our SFP for the fibre

Now we click Apply and we are ready to configure our public Wi-Fi:

I am using the central AP management feature of the DrayTek 3900 and so I browse to the WLAN profiles and select the SSID of the public network:

 

DrayTek central AP management public Wifi VLAN

 

As you can see we have set the VLAN ID to be 3 and the security as Disabled

 

Using a mobile device I connect to sirclesPub wifi:

 

 Public Wi-Fi Mobile IP Address confirmation

 

As we can see under the information section in the Wi-Fi settings  the system has been assigned the correct IP range and cannot communicate with the private LAN.

What Internet Connection is Best for my UK Business?

When you are looking to start a business or move into a new premises then it is definitely worth considering what options are available for the internet connection. Some business premises are serviced and include internet already but with most it is left up to the admin or support staff to requisition their own connection.

Most SMEs use ADSL2+ - broadband to you and I - to connect to the internet which is great as the download speeds are usually pretty fast and in the most part people judge internet speeds on how quickly pages load from the internet. Now that we are seeing many more SMEs use 'the Cloud' as a major part of their activity it is becoming more useful to have larger upload speeds so that Office365 or Google Docs do not appear as sluggish. This is where FTTC or 'fibre' as it is commonly referred to become important. FTTC - fibre to the cabinet - is only available if your new office fulfil BOTH of the following conditions:

  1. Your exchange has been readied for VDSL/FTTC/BT Infinity/Virgin Fibre (all the same thing)
  2. Your offices street cabinet has been equipped with a fibre connection from the exchange

You can find this out fairly easily by looking up your postcode/house number or BT line number on https://www.samknows.com/broadband/broadband_checker

BT Infinity/Fibre connections offer much greater upload speed - currently up to 20MB - and download speeds - currently 100MB - and cost very little more than ADSL2+ conventional broadband. If you have 10-50 people in your office then this can make a noticeable difference to your internet response times and increase productivity and staff morale.

N.B. Check with the existing provider to make sure that the closest cabinet to your office is fibre enabled or - if you have no service with anyone currently - speak to BT or another provider in advance to check available services before you sign your lease.

Once you have your new service you will need a VDSL/FTTC router and sircles currently recommend the Vigor 2860 VDSL range.

The Vigor 2860 comes in various guises:

  1. As the 2860 VDSL/ADSL router that will connect to your existing LAN (Local Area Network) which has many great features to protect and streamline your business such as comprehensive VPN and firewall filtering
  2. The 2860n which also includes n-band wireless for fast connectivity
  3. The 2860 Vn which includes support for analogue phones and lines as well as VoIP
  4. The 2860n Plus which also allows for ISDN connectivity as a backup
  5. The 2860 Vn Plus for all of the above

using a combination of these technologies - VDSL internet and The DrayTek Vigor 2860 range - you can have an enterprise quality internet service for extremely reasonable prices.

Have a look at our range of Vigor 2860 routers or call us on 0844 880 1618 to discuss your options.