DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
Configuring LAN ports
- tobiasjn1
- Topic Author
- Offline
- New Member
Less
More
- Posts: 1
- Thank you received: 0
08 Jul 2024 19:25 #103459
by tobiasjn1
Configuring LAN ports was created by tobiasjn1
Hi Everyone. This will probably be a very basic question and reveal my lack of understanding. I am setting up the 2927 router to replace my existing router. I have a few wired AP's and a wired switch plus a couple of sky boxes that only seem happy if they are wirred direct into the main router. All the previous reuters I have owned, just have one DHCP server. I have several items with fixed IP address and ports forwarded to cameras etc so I want to avoid having to change static IP address. I have sorted all the bind to IP and port redirection but am strugging with LAN port setup
This Vigor router seems to allocate a different IP address to each LAN port 192.168.x.1 (x=1-8). How do I set the router so I just have every wired and wireless device using 192.168.1.x ? Should the Network Config page for each LAN port be set to enable or disable, and should the DHCP server on each LAN port be enabled, disabled or used as a RELAY AGENT pointing to 192.168.1.1
Thanks for you help
This Vigor router seems to allocate a different IP address to each LAN port 192.168.x.1 (x=1-8). How do I set the router so I just have every wired and wireless device using 192.168.1.x ? Should the Network Config page for each LAN port be set to enable or disable, and should the DHCP server on each LAN port be enabled, disabled or used as a RELAY AGENT pointing to 192.168.1.1
Thanks for you help
Please Log in or Create an account to join the conversation.
- HodgesanDY
- Offline
- Member
Less
More
- Posts: 215
- Thank you received: 19
09 Jul 2024 01:41 #103460
by HodgesanDY
Replied by HodgesanDY on topic Re: Configuring LAN ports
Hi Tobiasjn1,
Those aren’t network config pages for each LAN “Port”, those are the config pages for each LAN (Subnet). A subnet being 192.168.x.1 (x=1-8).
If you’re experiencing different subnets on different LAN ports, then you must have VLAN enabled. That’s the only way you’ll be getting those different IP addresses from different ports.
Look at the VLAN page, and it will most likely have a tick box correlating to P1 & VLAN0, P2 & VLAN1, P3 & VLAN2 etc.
If you want just one LAN (subnet) on all your ports, disable the VLAN completely. That will return all your ports, and SSIDs, back to the LAN1 subnet (the default subnet, most likely 192.168.1.1).
Your static IPs will hopefully be on this default LAN subnet anyway, and all will start working how you had hoped.
If you have ports forwarded to your cameras, you should really revisit the VLAN setup at some point soon. As the VLAN(s) will allow you to separate your cameras from all your other devices on your premises and help protect you if one of the cameras gets compromised because you forwarded ports to them. You have a really good VPN service available to you on your 2927, you should really use that and close those forwarded ports, or any ports open or forwarded for that matter.
It’s like leaving a side gate open for someone to enter and use your shed, but then they spot your shed is attached to your house and there’s an internal door from your shed directly into your house; it’s got a lock on it, but that won’t take long to pick!
(Just an extra note, yes, each LAN (Subnet) has its own DHCP server, but that only applies when you’re using the VLAN feature. Once you turn that off (VLAN not enabled) you will only be using the default LAN’s DHCP server, so just one, as you have been used to in the past)
Should the Network Config page for each LAN port be set to enable or disable, and should the DHCP server on each LAN port be enabled, disabled or used as a RELAY AGENT pointing to 192.168.1.1
Those aren’t network config pages for each LAN “Port”, those are the config pages for each LAN (Subnet). A subnet being 192.168.x.1 (x=1-8).
If you’re experiencing different subnets on different LAN ports, then you must have VLAN enabled. That’s the only way you’ll be getting those different IP addresses from different ports.
Look at the VLAN page, and it will most likely have a tick box correlating to P1 & VLAN0, P2 & VLAN1, P3 & VLAN2 etc.
If you want just one LAN (subnet) on all your ports, disable the VLAN completely. That will return all your ports, and SSIDs, back to the LAN1 subnet (the default subnet, most likely 192.168.1.1).
Your static IPs will hopefully be on this default LAN subnet anyway, and all will start working how you had hoped.
If you have ports forwarded to your cameras, you should really revisit the VLAN setup at some point soon. As the VLAN(s) will allow you to separate your cameras from all your other devices on your premises and help protect you if one of the cameras gets compromised because you forwarded ports to them. You have a really good VPN service available to you on your 2927, you should really use that and close those forwarded ports, or any ports open or forwarded for that matter.
It’s like leaving a side gate open for someone to enter and use your shed, but then they spot your shed is attached to your house and there’s an internal door from your shed directly into your house; it’s got a lock on it, but that won’t take long to pick!
(Just an extra note, yes, each LAN (Subnet) has its own DHCP server, but that only applies when you’re using the VLAN feature. Once you turn that off (VLAN not enabled) you will only be using the default LAN’s DHCP server, so just one, as you have been used to in the past)
Please Log in or Create an account to join the conversation.
- markhawkin
- Offline
- Junior Member
Less
More
- Posts: 44
- Thank you received: 12
13 Jul 2024 11:32 #103468
by markhawkin
Replied by markhawkin on topic Re: Configuring LAN ports
@Tobiasjn1
The starting point is the VLAN page under LAN -> VLAN
I suggest enabling VLAN configuration and then putting all ports in VLAN0 and subnet LAN1.
That will be a good start.
Ideally then use "Bind IP to MAC" to make devices that you want to have static IP addresses (rather than setting on the device).
What to do next depends on the details of the setup and capabilities of the devices.
There is merit in "suspect" wireless devices having their own SSID and potentially isolating devices and similarly any "suspect" wired devices having their own VLAN.
The Draytek 2927 is extremely capable but understanding what you need it to do and then configuring it that way can take some time.
The starting point is the VLAN page under LAN -> VLAN
I suggest enabling VLAN configuration and then putting all ports in VLAN0 and subnet LAN1.
That will be a good start.
Ideally then use "Bind IP to MAC" to make devices that you want to have static IP addresses (rather than setting on the device).
What to do next depends on the details of the setup and capabilities of the devices.
There is merit in "suspect" wireless devices having their own SSID and potentially isolating devices and similarly any "suspect" wired devices having their own VLAN.
The Draytek 2927 is extremely capable but understanding what you need it to do and then configuring it that way can take some time.
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek