Another semi-newbie question about upgrading my network

[cbjason]

Until fairly recently, my home network consisted of taking the ONT connection which was straight to ethernet to my Wi-Fi router for my home internet needs (tv's, phones, ipads, Kindles, security cameras, etc.). Then I'd head off to work, and take my work laptop and hop on that dedicated network, without a need for a VPN router.

With COVID and working from home 24/7 now, my work equipment is piggybacking on my Wi-Fi and I think I can get better management of my devices and throughput by setting up a wired network for work, and leaving the wireless for my home.  It's also worth mentioning, that on the wired network, work has me using a VPN router, and I am trying to prevent SIP keysets that are connecting through that VPN router to get either double or triple NAT treatment. 

I think it's possible, but I am probably misunderstanding or misconfiguring something here.  I thought I got the ER605 to connect up to the Cable Modem just fine, but when I try to connect the other downstream devices, nothing seems able to connect to the internet across this router.  I've tried configuring all the ports in LAN mode, and all the ports in WAN mode to no avail. Could someone help me understand the best way to set this up? 

If my cable modem gets a public IP address from Comcast at 1.2.3.4, and the TP link has a private IP address of 192.168.0.1, is it possible to have a 192.168.1.z network for my Wi-Fi and a 10.x.y.z network for my wired network? If so, how would I need to set these NIC's up?  I thought I knew networking pretty well, but apparently not! These UI's aren't abundantly clear to me, and it's too late on a Friday evening for me to even try to sort this out in my head.

[deanwebb]

The answer is "yes". You'll need to have either static IP addresses assigned for your devices or equipment that can provide DHCP services to your network. You will also need to create VLANs on that TP-Link device, most likely, that will allow traffic to route between the Internet and the different VLANs.

So the next question is if there is documentation you have for the ER605 that gets into creating VLANs and DHCP. If not, then you will need another device to do the work, and that will add more boxes and arrows on your diagram.

[cbjason]

Ok, thanks - at least that means I'm not chasing ghosts here. There is documentation for how to set it up in standalone or controller mode.  In the second scenario there's two options to use either Omada hardware Controller or the Omada Software Controller.  Since I don't have the hardware option, that leaves either standalone or controller via software. Per the QRC that came with the router:

Standalone mode - configure and manage the router singly
Controller mode - Configure and manage the network devices centrally. It is recommended in the large-scale network, which consists of mass devices as access points, switches and gateways. 

This means I have to use the Controller mode to do the configuration, which does not appear all that well documented on TP-Link's site.  There do seem to be some videos on the topic from YouTube:

https://www.youtube.com/watch?v=ie38-OXuE94

But this is all TP-Link hardware he's using.  He's also creating vlans for subnets of the same parent:

192.168.10.w as the parents/admin LAN subnet - VLAN 10
192.168.20.x as a kids subnet  - VLAN 20
192.168.30.y as an IP camera subnet - VLAN 30
192.168.40.z as a guest network - VLAN 40

It seems easier I guess to keep everything on the same parent as the controller (192.168), but wouldn't that be sacrificing security for convenience?  I don't expect a ton of hacking attempts against me from the meanies out there, but wouldn't separate networks make it even more secured?  I don't know that the Linksys Router can do DHCP nor the Netgear switch for the wired portion, so it may limit my options by the hardware anyway, but would like to know an experts thoughts...

Finally, does anyone have experience with this Omada software? It looks pretty straightforward from the YT tutorial if all the hardware is native to TP-Link, but how is it with non-member hardware?

[deanwebb]

That's fine, though. 192.168.0.0 /16 is the supernet and you can get a /24 by changing that third number that gives you ~250 addresses per network. You can still put security between each of the /24 networks that are outlined in that example.