CommScope RUCKUS Community Forums

thomas_engelman · ‎08-09-2021

Hi everyone,

we just built a house and we have the following network components:

Netgear R7800 router with OpenWRT
Ruckus ICX7150-C12P switch
2x Ruckus R320 APs (one on each level)

I am completely new to Ruckus, VLANs and OpenWRT. My target is to have two VLANs, one for IOT/HomeKit components (we will go with Apple HomeKit for home automation) and the other one for laptops. Both VLANs should be independently from another with the exception of Homekit and Homebridge (I run Homebridge on a QNAP NAS). I also want to be able to limit the internet access for single IOT components for privacy purposes.

In a second step I would like to channel selected components through Wireguard VPN on the router.

What have I done so far:

1. Got the setup working without VLANs etc.

2. Set up the separate Wi-Fis (one for default and one for IOT).

3. I gave the IOT W-Fi the VLAN ID 2 and the default one has 1 by default.

4. I tagged the ports for the APs and the one for the router as tagged in VLAN 2 and left them as untagged in VLAN 1.

This is where the problems starts and I am stuck. VLAN 2 components do not have access to the internet anymore. I already watched a bunch of videos and read through the forum, but I was not able to get it set up properly. It would be great, if you guys could enlighten me some.

Thanks a lot in advance!

vijaykuniyal · ‎08-11-2021

@thomas_engelmann

Question: 1/1/2 and 1/1/4 are my AP ports, so I assume I need to tag them into both VLANs and leave them as untagged in the default VLAN?

Answer: Keep them tagged with both vlans 2 and 3.

Question:1/1/1 is my "uplink" port to the router. I left it as untagged in VLAN 1 and added it as tagged to VLANs 2 and 3.

Answer: remove tag on it, keep it untagged in vlan 1.

Add a default-route on the Switch pointing to the Netgear IP(Gateway).

thomas_engelman · ‎08-12-2021

@Vijay_Kuniyal Thanks again. I have tried this with the following result:

SSH@ICX7150-C12-Switch(config-vlan-2)#show ip

Switch IP address: 192.168.1.155

Subnet mask: 255.255.255.0

Default router address: 192.168.1.1

TFTP server address: 192.168.1.1

Configuration filename: None

Image filename: None

DNS Server: 192.168.1.1

IP MTU: 1500

This looks good, but still no internet connection. My assumption is that there is no DHCP provided to the VLAN. Do I need to configure that separately?

vijaykuniyal · ‎08-12-2021

Hello @thomas_engelmann,

Yes, you need DHCP, hope you have below config on the Switch.

Switch Config.

vlan 2 Home_Network
router-interface ve 2
tag e1/1/2, 1/1/4

interface ve 2
ip adress 192.168.2.1/24

vlan 3 IOT_Network
router-interface ve 2
tag e1/1/2, 1/1/4

interface ve 3
ip adress 192.168.3.1/24

ip dhcp-server pool HOME_NETWORK
network 192.168.2.0 255.255.255.0
exclude-address 192.168.2.1 192.168.2.10

ip dhcp-server pool IOT_NETWORK
network 192.168.3.0 255.255.255.0
exclude-address 192.168.3.1 192.168.3.10

ip route 0.0.0.0 0.0.0.0 192.168.1.1

thomas_engelman · ‎08-12-2021

@Vijay_Kuniyal I did not create any router-interfaces, but will do that now - thanks!

thomas_engelman · ‎08-17-2021

@Vijay_Kuniyal I had to install the router image first. I did that and now I will work on what you recommended above. Thanks again!

CommScope RUCKUS Community Forums

How to set up VLAN with new Ruckus hardware