VLAN configured at router or L3 switch?

[Jonny Wright]

I have a Virgin Media Superhub 3 in modem only mode, connected to a DrayTek Vigor 2860 router and finally, a Cisco SG300 managed switch.

 

I have a requirement for using VLAN's to separate my normal network traffic and video over IP traffic.

 

Spoiler

I have some Just Add Power hardware for sending video around the home over IP.

 

You have a transmitter at each video (HDMI) source, and a receiver at each (HDMI) monitor. The transmitters take the HDMI signal and convert it into an IP packet. This is then broadcast across the network for any connected receivers to receive, decode and spit out via HDMI to a monitor. This means I can use existing network infrastructure, including switch instead of a dedicated matrix. 

 

It is great kit, but as mentioned just broadcasts all traffic, so needs separating onto its own VLAN.

2

 

Both the router and switch support VLAN, but I am unsure where to implement it. I will also need to consider InterVLAN routing (for management of the hardware), plus I will also likely have a separate VLAN for my CCTV, which I will need access to.

 

The router will also be used for DynDNS and firewall. With this in mind, can anyone suggest where I should implement VLAN?  

Edited November 11, 2018 by Jonny Wright

[+BudMan MVC]

Where to implement comes down to the routing so depends on if you want to turn your sg300 into a L3 routing or just use it for L2..

 

If you want to make for firewall rules between the networks then would do the routing on your vigor.. Your switch is going to do the actual isolation at L2 no matter where you route the traffic at.. You can route it at the switch or you can route it at your router.. Firewall rules prob going to be way easier at your vigor vs the sg300 via ACLs, etc.

 

Comes down to how much speed do you need for intervlan as well - how many interfaces does your vigor have?  When it comes to new users of vlans I would always suggest you do routing at your router and just leave your switch at L2.. No matter what your going to need to config on both your router and your switch.

 

If your going to turn your sg300 into L3 then nat and such and routes would have to be created on your vigor..  No matter where you route your going to be doing at min the L2 configuration on the switch... Happy to walk you through the whole thing but you need to decide what you want.  I would really suggest you do the routing on your vigor and just use L2 at your sg300... Going to make it much easier for you to understand how the routing is working and creating firewall rules between the vlans..