router with at least 2 @ vlan on the local lan

**incisor** · 8th March 2017, 04:38 PM

anyone have practical experience with a decent router that routes 2 VLANs on the local gigabit LAN NOT on the WAN side.

I want to be able to route two separate subnets of a c class on a local lan by eth port hopefully so I can give one internet access as well as printer and file access whilst restricting the other subnet to just the file and print services.

not many under $1500 that will do it from what I am seeing except for a couple of draytec units.

anyone know of any others that are capable?

TIA

**Eevo** · 8th March 2017, 04:41 PM

MIKROTIK possibly.

**Bytemrk** · 8th March 2017, 05:29 PM

Depending on the application Dave, well inside your budget you could pick up a second hand Cisco. ( either route or layer 3 switch)

If you want something with supplier warranty though - ignore that.

**incisor** · 8th March 2017, 05:33 PM

most likely candidate looks like a draytec 2952 at this stage

anybody used one?

**Bytemrk** · 8th March 2017, 05:38 PM

Not that model, but we used a Draytec in a small office about 5-6 years ago that behaved well enough. I was just providing internet access for 4-5 staff.

**steveG** · 8th March 2017, 06:53 PM

Originally Posted by Eevo

MIKROTIK possibly.

We're running a Mikrotik CCR1016 at one of our sites for work.
Running voice and data vlans on lan side, has policy based routing so we're doing things like source ip tagging so that traffic from certain LAN IPs goes via different gateway or interface etc.
They take a bit of getting used to as they have slightly different approach to configuration but haven't found anything we can't do with it.
Amazing bit of gear for the price.

Steve

**tact** · 8th March 2017, 09:02 PM

I use mikrotik too. Excellent kit. Set up multiple VLAN no issue. As noted getting started or used to them takes a bit of work but well worth it. Once set up forget about it they just keep on working.

**Blade74** · 8th March 2017, 09:52 PM

Maybe also check out edgerouter by ubuiqiti.
There's a few models and pretty affordable.

**steveG** · 8th March 2017, 10:13 PM

Originally Posted by Blade74

Maybe also check out edgerouter by ubuiqiti.
There's a few models and pretty affordable.

We considered those before buying the Mikrotik - but I don't recall the reason we decided against them.
Definitely affordable and by all accounts a good bit of gear, but I've a feeling they may not have been up to the gigabit routing throughput we were looking for.

Steve

**steveG** · 8th March 2017, 10:29 PM

Originally Posted by incisor

anyone have practical experience with a decent router that routes 2 VLANs on the local gigabit LAN NOT on the WAN side.

I want to be able to route two separate subnets of a c class on a local lan by eth port hopefully so I can give one internet access as well as printer and file access whilst restricting the other subnet to just the file and print services.

not many under $1500 that will do it from what I am seeing except for a couple of draytec units.

anyone know of any others that are capable?

TIA

Just had another read of your post, and a poke around on the router to confirm it can definitely do it (answer is yes). Comments below apply to the Mikrotik but I can't comment on the Draytek as I've never used them, and only have sketchy Cisco vlan and ACL experience.

When you say you're wanting to route "by eth port" it almost sounds like you can physically split the subnets and plug one into eg eth0 and the other into eth1. If that's the case you don't need to mess around with vlan's - just configure the subnets on different ports - it will automatically route between interfaces as it sees both active. If I've misinterpreted and you're talking proper 802.1Q tagging the Mikrotik will still handle it happily.
A few firewall rules would sort out the access control you want to put in place. Default block rule for all traffic from LAN outbound on the internet port/interface, then allow what you DO want to go out. You've got the complete range of network/device attributes to base your rules on but simple ones based on source interface/port, subnet or vlan would likely sort you out.

Very easy bandwidth throttling/reservation too if you need to keep little Johnny developer's software download from impacting the owner streaming his favorite sport.

I expect that you could get away with a much lower spec Mikrotik device than the CCR1016, but I don't have personal experience with any.

To give you and idea of the CCR1016 capability - in our case it handles multiple lans/vlans with upwards of 1000 devices total (data and voice), a bunch of on-premises servers, and multiple internet WAN interfaces.
We have all but one of the 12 ports used, either bridged and connected to one of the lan, or as various seperate interfaces (LAN/WAN/DMZ etc).

It was originally bought it as we needed something at a reasonable price that had better than Gigabit routing throughput for a high speed connection between sites and the $3K HP layer3 switches we had bought were ghastly to work with (and not really appropriate in hindsight).
Its ended up being a case of "damn - these are seriously awesome, does everything we throw at it and I don't need a PhD in astroCiscoPIX to drive it!!!"

Only downside from our perspective is they aren't really mainstream so don't have Cisco Smartnet style extended support and availability is limited. Definitely not a suitable fit for some organisations.

Steve

Thread: router with at least 2 @ vlan on the local lan

Thread Tools

router with at least 2 @ vlan on the local lan

Tags for this Thread

Bookmarks

Bookmarks

Posting Permissions