Hello, before I go screwing around I was wondering if the CR1000B router will route vlan traffic through it's 10ge int, uplinked from a Catalyst switch SFP. Unclear if the router 10ge int is configured as a trunk.
Only asking because I don't see any vlan settings in the router GUI, nor the documentation, however the doc does say Quality of Service supports 802.1q prioritization. Also I'd imagine the options for IoT and Guest SSIDs are segmented from the primary LAN with vlans? If that is the case, what numbers are used?
Thanks in advance!
Solved! Go to Correct Answer
GUI VLAN settings were available on BHR 3, but was axed on BHR 4 (G1100) and onward.
Since you mentioned Catalyst, I am assuming you have network engineering backgrounds.
IoT WAP is not segmented from the main network. Guest WAP is on VLAN 10 with prefix 192.168.200.0/24. There are also VLAN 20 and VLAN 30 on 192.168.150.0/24 and 192.168.250.0/24, respectively (I think), but I don't recommend their use.
All LAN ports are trunked and tagged for VLANs 10, 20 and 30.
You can add a Layer 3 switch behind the router and make it route.
Verizon routers have the following NAT setting
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
So it will perform masquerading on all subnets. Verizon routers also support static routing, so point the subnets on the L3 switch on the Verizon router.
GUI VLAN settings were available on BHR 3, but was axed on BHR 4 (G1100) and onward.
Since you mentioned Catalyst, I am assuming you have network engineering backgrounds.
IoT WAP is not segmented from the main network. Guest WAP is on VLAN 10 with prefix 192.168.200.0/24. There are also VLAN 20 and VLAN 30 on 192.168.150.0/24 and 192.168.250.0/24, respectively (I think), but I don't recommend their use.
All LAN ports are trunked and tagged for VLANs 10, 20 and 30.
You can add a Layer 3 switch behind the router and make it route.
Verizon routers have the following NAT setting
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
So it will perform masquerading on all subnets. Verizon routers also support static routing, so point the subnets on the L3 switch on the Verizon router.
Thanks for the info! Seems odd that IoT access isn't segmented, considering the threat landscape. After reading this I will be adding all IoT devices to the Guest segment and renaming it, so thanks for that!
Currently I only have a layer 2 catalyst, which has some CVE's , but no privilege escalation or anything exploitable on my home network. Guess it is time for a L3 upgrade anyway though.
Curious, do you happen to know what vlan 20/30 are used for?
Start a new topic or ask questions in the open forum.
