1 DSL Anschluss – 3 isolierte Netzwerke?
Hallo Zusammen,
ich würde gerne 3 separate Netzwerke in meinem Heimnetz gestalten. Aktuell habe ich 2 voneinander isolierte Netzwerke über eine FRITZ!Box ( 1 Hauptnetz, 1 Gastnetz)
Mein UseCase:
3 unterschiedliche Netzwerke (3 Verschiedene Subnetze) die isoliert voneinander sind:
- Privat: Hier sollte der AccessPoint per LAN an die FRITZ!Box verbunden werden, damit Geräte wie Handys SmartTVs usw über WLAN darauf zugreifen können (WLAN und mind. 1 LAN Port)
- Gast: Hier sollen alle Gäste sich per WLAN verbinden können (WLAN)
- Arbeit: Hier sollten die Arbeitsrechner sich per LAN verbinden können, WLAN wär nice to have aber kein muss (LAN mind 1, WLAN optional)
aktuell vorhandene Hardware:
- 1 FRITZ!Box 7530
- 1 Unifi AP
neue kann hinzugekauft werden, Preise sollten sich aber im Rahmen halten, da es nur ein Homesetup ist.
Wie könnte ich meinen Use-Case bedienen und das Netzwerk mit 3 isolierten Netzwerken realisieren?
Vielen Dank für eure Hilfe!
(2 votes)
Loading...
As others have already mentioned, the most elegant should be the use of VLANs (virtual local networks).
You need a so-called. Managed Switch, because the Fritz!Box does not control the out-of-the-box m. W. n.
Here are some information on the topic and an idea of inexpensive devices:
https://www.youtube.com/watch?v=-u5fFBCJY5E
You don’t need vlans.
Buy a second router that has at least two ethernet ports.
The first networks are already separated via two wlans.
The second router is connected to fb. At the second ethernet port you connect a switch to which all hosts are connected by cable. For this network you need to define a ip network and enter on the fb eonen routing entry for this network. The router must of course also be configured, but is easy….
However, the hosts behind the 2nd router can access the computers which are connected in the non-gassed wlan of the FB. I don’t know if it’s okay for the FS.
and if the two. Router does not make NAT, then everyone from the normal FB network can access the devices behind the 2nd router. Then it takes appropriate FW rules.
Hi.
Unfortunately, it will not work so easily with the Fritz!Box, as far as I know, the Fritz!Box can only separate the internal and the external (guests), but no further subnetwork add
For another subnet, you need another router, for example DrayTek or something.
Then you pack behind the FritzBox and set up your subnet / VLANS there
Hey, thanks for your answer. Yes, you’re right, the FRITZ!Box can only have 2 nets. With DrayTek I haven’t had any experiences yet, can you recommend a specific model?
Hi, ehm gives a variety of DrayTek routers, the user interface is very good and you can quickly find his things you need.
It depends on what you need when you have a VDSL line at home, of course you need a VDSL router, otherwise you have a bottleneck or it doesn’t work at all
It doesn’t really matter because almost all models do VLAN/Subnetting.
The DrayTek Vigor 2850n is good for what you need.
Consider that the older models don’t get security updates anymore, in case you make your router public for what reasons.
You should replace the FB with a small firewall appliance that supports VLAN’s. Cisco Asa can do this, but there are also cheaper devices.
Network
DSL Modem -> Firewall -> Unify AP
Home network:
DSL Modem -> Firewall -> Unify AP
Working net:
DSL Modem -> Firewall -> Lan Connection to workstation
for WLAN in the work network
DSL Modem -> Firewall -> Unify AP
In my knowledge, unify AP’s can radiate several SSID’s and assign them to their own VLAN. And then pass the VLAN’s to the firewall using tagging (802.1q). The firewall can then assign the VLAN’s corresponding zones and filter the traffic between the zones and the internet.
Instead of a DSL modem, you might also use the FB, but then probably have 2x NAT.
In general, the already extended network knowledge requires to be able to understand and debugging in doubt. (OSI model should be known in principle)
probably this would also be imageable with Openwrt on a compatible router
Too complicated. See my answer
To realize your use case with 3 isolated networks, you can do as follows:
1. Private network:
– Connect the Unifi AP to the FRITZ!Box via LAN.
– Configure the Unifi AP with a separate WLAN network for your private devices.
Two. Guest network:
– Configure the guest network on your FRITZ!Box for guests’ wireless connection.
3. Working network:
– Connect the work computers directly to the FRITZ!Box via LAN.
– If desired, you can set up a separate WLAN network for the workstations on the FRITZ!Box.
You can set up 3 isolated networks in your home network that meet the requirements for private, guest and work areas.
Unfortunately, this has not worked with me, since the access point can emit its own WLAN with its own password, but the home network uses the same subnetwork as the work network.
At FRITZ!Box 7530 I can only configure 2 subnets (main and guest net)
Use the home network and the working network : 192.168.178.0
Guest: 192.168.179.0
However, I need different subnetworks for the host network, the home network and the work network.
To set up different subnetworks for the home network, the work network and the guest network, you need a router with VLAN support or a layer 3 switch. These devices can create virtual LANs (VLANs) that enable separate subnetworks, even if only one device is physically present. This allows you to assign your own IP address to each network segment and control the communication between the segments. Ultimately, this allows a clear separation and security between the different networks.
probably this would also be imageable with Openwrt on a compatible router
Ah, thanks for the tip, I didn’t know that. So you’d rather recommend a VLAN capable router? Can you recommend a specific one?
layer 3 switches are less suitable for this because the filter possibilities between the subnetworks are quite limited.
Thank you for your help, I have already thought about the two solutions. Can you recommend devices for my use case? I would have spontaneously fallen into the UniFi Dream Machine or alternatively Unify 8 Switch 60 W.