VLANs and subnets...?

esuhl

I want to use my ISP's router ONLY for internet access, and connect it to my DrayTek router. But I'm a bit confused as to how I'd set that up...

Should I connect the ISP router to the WAN port on the Draytek, or to one of its LAN ports?

Presumably, I'd want the two routers on separate subnets:
192.168.1.x - ISP router only
192.168.2.x - LAN devices

Would it make sense to put the ISP router in the DMZ?

Is it best to let the ISP server provide DHCPv6?

Can anyone explain the general principles I need to know to figure this out?
:beer:

arciere

What type of connection do you have? ADSL or something like VDSL? Also, do you have a ISP router or modem? Model of the Draytek?

If you have ADSL:
Connect the ISP's router/modem to the WAN port on the Draytek. If the ISP's is a router, the WAN port on the Draytek will automatically acquire its IP address. From the swith-ports point of view, nothing will change. If, on the other hand, the ISP's device is a modem, you need to set up a different connection on the Draytek (PPPoE for example).

In regards to DMZ: no, DMZ is only useful if you want to isolate one single device and make it visible to the internet. Since the ISP router will not be part of your LAN, it can't be put in a DMZ (it wouldn't make sense anyway).

IPv6: yes, leave it enabled, it may not work if you disable it and you don't have any advantages in having it disabled.

VLANs: not required for this setup. You need VLANs if you want to segregate parts of your own network (LAN side, not WAN) so that they cannot communicate with each other (example: guests and private network using same the same network devices, but completely separated).

AndyPix

What is it that you are trying to achieve ?


Normally, if you were using an ADSL modem 'just for internet access' then you would have it set in "transparent mode" .. But then you would need to define a new default gateway in your network , normally a hardware firewall.
But then what is going to provide DHCP ? ..


Why do you want different subnets ? And all this talk of vlans and dmz .. again , if you tell us exactly what you are trying to achieve - we can advise more

onomatopoeia99

You seem to be jamming together some relevant words into questions in a way that suggests you don't know what you are asking.

As AndyPix says above, state what you want to achieve and it will be possible to provide some guidance. At the moment, I doubt anyone has any idea what you want to end up with, so they can't help you achieve it.

arciere

AndyPix wrote: »

What is it that you are trying to achieve ?


Normally, if you were using an ADSL modem 'just for internet access' then you would have it set in "transparent mode" .. But then you would need to define a new default gateway in your network , normally a hardware firewall.
But then what is going to provide DHCP ? ..

That's not accurate, a modem is just that, a modem. By definition does not have any routing or DHCP capabilities.
When you use a 'modem', you still need a router. With the Draytek (or any other router with a WAN port), the gateway is always the router itself (the devices in the network don't know anything and don't care about a modem).

With ADSL, you have pretty much 3 options, when it comes to setting up the WAN port on the router: PPPoE, PPPoA or client mode. Client mode is used when you connect your router to another device (another router for example) that has DHCP capabilities. This gives you an IP address to use to communicate with the ISP router. From an internal point of view nothing changes: your computer will always have your Draytek as its DHCP client. The internet access is the router's (Draytek) responsibility.

In regards to the firewall, nothing needs to change. Since the ISP's router/modem is on the WAN-side of things, it is by definition already NOT part of the LAN, therefore any default firewall rules apply automatically.

The scenario presented by OP is very frequent, for example when your router is not a modem, therefore cannot connect to an ADSL or VDSL signal, requiring an external device (the ISP's modem) in order to get access to the outside world.

Since a router (again, by definition), routes between different networks, any device connected to its WAN port will be treated like a different network. That means that no VLAN is required (you can't have VLANs on WAN connections, apart from special cases).

What may affect OP would be port redirection, if he uses it. Again, it depends on what type of devices he's using. With a modem, it's all pretty much straight-forward. If the ISP's device is another router, he may need to set up double NAT.

AndyPix

^^ Yes I know how networking works .. And you know very well that when I said 'modem' I meant 'router' ..


Which IPS's send out modems these days ??


All my original questions still apply

AndyPix

After reading again, It seems that what you are asking is answered simply by you need to but the ISP router in transparent mode, connect it to your WAN port and just configure and let the Draytek handle DHCP etc ..


To do this though, you will have to ask your ISP what settings to use for the default gateway etc of the draytek (WAN side), the draytek will become the default gateway for the LAN side

Speaking from experience , the first (or even second or third) person that you get to speak to at your ISP will have no idea what you are talking about - you have to persist


Vlans , subnets and de-militarised zones don't factor into what you are trying to do

arciere

AndyPix wrote: »

Which IPS's send out modems these days ??

Well, until very recently, if your original connection was ADSL with your ADSL router/modem, and you decided to switch to fibre (VDSL) or even coaxial, your ISP (Plusnet, BT) would send you a modem that would connect to your existing router.

Actually, even for recent new installations, you would still get the two devices (modem+router), because it was easier and cheaper for ISP companies to send you an (additional) compatible modem to connect to your existing equipment, rather than a (more expensive) new router capable of connecting to a VDSL or coaxial socket.

We did what OP is trying to do a lot of times, after switching from ADSL to VDSL: since the router we were using were quite expensive and replacing them would have cost a fortune, because they only had ADSL modems inside, it made sense to use the ISP modem/router (with the capabilities to connect to the VDSL signal) and connect it to the WAN port on our own routers.

AndyPix

arciere wrote: »

Well, until very recently, if your original connection was ADSL with your ADSL router/modem, and you decided to switch to fibre (VDSL) or even coaxial, your ISP (Plusnet, BT) would send you a modem that would connect to your existing router.

Actually, even for recent new installations, you would still get the two devices (modem+router), because it was easier and cheaper for ISP companies to send you an (additional) compatible modem to connect to your existing equipment, rather than a (more expensive) new router capable of connecting to a VDSL or coaxial socket.

We did what OP is trying to do a lot of times, after switching from ADSL to VDSL: since the router we were using were quite expensive and replacing them would have cost a fortune, because they only had ADSL modems inside, it made sense to use the ISP modem/router (with the capabilities to connect to the VDSL signal) and connect it to the WAN port on our own routers.

I didn't know that - I have never been in in that scenario ..


But whilst we are being pedantic , lets not confuse people by saying that VDSL is fibre .. It isn't

onomatopoeia99

AndyPix wrote: »

Speaking from experience , the first (or even second or third) person that you get to speak to at your ISP will have no idea what you are talking about - you have to persist

Depends on the ISP. The one I use sends out all the customer PPPoE configuration information required to run your own router in a PDF to new customers, and to existing ones on request. And the first person you speak to in support will know what "PPPoE" means, without having to bump you up to the level 3 team or whatever to find a person in technical support that can actually answer technical questions.

arciere

AndyPix wrote: »

After reading again, It seems that what you are asking is answered simply by you need to but the ISP router in transparent mode, connect it to your WAN port and just configure and let the Draytek handle DHCP etc ..


To do this though, you will have to ask your ISP what settings to use for the default gateway etc of the draytek (WAN side), the draytek will become the default gateway for the LAN side

I don't understand why you keep saying 'transparent mode' (what is it?).
Whatever OP is using, he doesn't need to change anything at all.
If it'is another router, just connect it to the WAN port on the Draytek, tell the Draytek to acquire its own address in client mode and the job is done.

Devices on the network don't need to know anything about the ISP's router. Their 'visual spectrum' ends with the Draytek.