The D-Link DSR-1000AC router allows us to configure VLANs both in the Internet WAN (in the two WANs that this router has) as well as in the LAN. The latter is very interesting to correctly segment the professional local network into different subnets, and allow or deny communication between the different subnets that we are going to create. Today in RedesZone we are going to explain to you how we should create these VLANs in the router, so that later you can connect a manageable switch with these same VLANs.
This router allows you to configure VLANs both in the Internet WAN and in the LAN, the configuration process is different and the use also. Configuring a VLAN on the Internet WAN is necessary only in the event that your network operator needs this, if it does not use VLAN ID, then you will not have to configure the WAN. Configuring a VLAN on the LAN is used to create different subnets and segment network traffic in virtual LANs.
Create VLAN for the router LAN
In the main menu of the D-Link DSR-1000AC router we will have all the accesses to the different configurations, we must enter via the web with the following URL: https://192.168.10.1 which is the default IP address, the username is “Admin” and the password is also “admin”, although it will force us to change the access password.
We have to go to the configuration menu of “Network / VLAN / VLAN Settings”, this is where we will create the different VLANs and subnets, then we will apply the VLANs per port through the “Port VLAN” option.
The first thing we have to do in this menu is click on “VLAN Enable” and click on “Save”, in this way, we will be enabling support for VLANs. By default, we have created VLAN ID 1 with the IP address 192.168.10.1/24, without captive portal and without authentication. We will always necessarily have VLAN ID 1 in all networks, but we can additionally create the VLANs that we need.
If we click on «Add New VLAN» we will create a new VLAN ID with its corresponding subnet configuration, the menus that you must complete are the following:
- VLAN ID : you have to put a unique identifier, from 2 to 4093, we have chosen the VLAN ID 100. This ID must also have the manageable switches, if you connect one to the LAN part of the router.
- Name : we give it a descriptive name, “administration”, “guests”, “management” or any other.
- Captive Portal : allows us to enable or not a captive portal for the authentication of wired and wireless clients.
- Activate InterVLAN routing : if we want this VLAN to be able to communicate with another VLAN that also has inter-VLAN routing activated, then we must activate this configuration option. If we do not want this VLAN to communicate with any, we select “OFF”. In the event that we only want certain communication (allow only certain PCs or services), then you will have to activate it with «ON» and later in the «Security / Firewall» section configure advanced rules to allow or deny network traffic.
- Multi VLAN Subnet : the new subnet associated with the VLAN, here we will enter the IP address that the router itself will have as the default gateway, and also the subnet mask.
- DHCP Mode : we may not have a DHCP server (None), a DHCP server from the router itself (DHCP Server) or an external DHCP server that is on another subnet (DHCP Relay). The most normal thing is to have your own DHCP server on the router, so we select this option.
When selecting the “DHCP Server” option, we will have to fill in the following configuration options:
- Domain name : domain name of the router, it is optional.
- Starting IP Address : the first address of the DHCP server that you can provide to clients, it should not be in the range of the router’s IP address that we have put before. In our case, the router’s IP is 192.168.100.1 and DHCP starts with 192.168.100.2
- Ending IP Address : the last address of the router’s DHCP server that it can provide to clients.
- Default Gateway – The IP address of the router on this subnet.
- Primary and secondary DNS Server – The router’s DNS servers.
- LAN Proxy : we enable it, it is the default option.
Once we click on “Save”, this new subnet will be created with VLAN ID 100 as we have explained before.
In the event that we want to reconfigure one of the subnets, we simply right-click on «Edit» to bring up the same menu as before, and we can modify it as we want.
We can even modify the DHCP server, once we have done it we click on save.
If we are connected to the same subnet that we have changed, logically we will lose the connection with the router’s web interface and we will have to re-enter with the new router IP address:
In the case of wanting to create more than one subnet, we can do it without problems by putting another VLAN ID and another private subnet, as you can see:
We will have exactly the same configuration options as before, including everything related to the DHCP server.
Once we have configured all the VLANs, we can apply them to the different LAN ports of this professional router. If we click on each of the ports with the right mouse click and select “Edit”, we can change the PVID and also configure the trunk mode. Next, you can see the four ports of the LAN and the two SSIDs that we currently have configured:
In each of the LAN and SSID ports we can configure different configuration modes, by default all are in “access” mode and in PVID 1. But we can change it depending on our needs. For example, if we want to configure the VLAN ID 100 that we have created on port 4, we will simply have to click on PVID and put 100, save the configuration and it will be applied instantly.
We also have the possibility of configuring the “Trunk” mode with the Tagged VLANs that we want, just below we will get the list of VLANs that we want to be part of this trunk. We must remember that since the VLANs are Tagged, we must put a device on this port that “understands” this, that is, manageable switches, servers that support 802.1Q, etc.
Once we have configured it with the different VLANs, we will get a summary of everything we have done, as you can see here:
In the case of the WiFi configuration, we will also have the same configuration options, but the most normal thing is that in an SSID we configure it in “access” mode always to send the untagged VLAN, and also with the PVID that we want.
As you have seen, it is really easy to create new VLANs in the D-Link DSR-1000AC router, ideal for correctly segmenting the professional local network and isolating or communicating the different teams, but always passing traffic through the router to allow or deny communications based on firewall rules.
Create VLAN for the WAN
Regarding how to configure VLANs in the Internet WAN, we go to the “Network / Internet / WAN 1 Settings” section, enable the “Enable VLAN Tag” option, enter the VLAN ID, and we will be able to connect correctly with our Internet operator without any problem.
We also have this same configuration option available in the router’s Internet WAN 2, both configuration menus are exactly the same. For example, if we have FTTH from Movistar or O2 then we will have to put VLAN ID 6, and if we have FTTH from Grupo Masmóvil we put VLAN ID 20.
So far we have come with this complete tutorial on how to configure the VLANs in the LAN of the D-Link DSR-1000AC router and also the VLANs in the Internet WAN, whenever our operator requires it.