184

802.1Q VLAN Trunking

In addition to the ability to add multiple SSIDs and assign VLANs to each, 802.1Q trunking for these vlans would be required to allow the EERO to tag traffic that is being sent out. 

107 replies

null
    • Max
    • 3 yrs ago
    • Reported - view

    OK thanks md. I also (I guess like many others) am aiming to isolate my IOT but share single incoming WAN with my main network using VLANs from my managed switch. I have two separate sets of Eero if necessary so I guess if no VLAN support on Eero anytime soon I will just need to do it that way.

      • Eeromn2020
      • 3 yrs ago
      • Reported - view

      Max Yup, you should be able to use your managed switch's VLAN support, with the separate wifi networks terminating at two separate wifi 'gateway nodes', each of which is physically plugged via Ethernet into a separate port on the switch, and those switch ports assigned to separate VLANs. Then you can do whatever you need, based on your specific network topology and hardware.

      In my case I defined a single physical ethernet port on my firewall as a VLAN parent interface, connected it to a trunk port on my managed switch, and set it up to read VLAN tags in the Ethernet frames and apply the appropriate policy. You could setup two RFC 1918 /24 subnets, one for IoT and one for the rest. The VLAN config takes care of separating the traffic 'into' the correct subnet, and then you can apply regular firewall rules as you need.

      Very, very simple, assuming your switch/router/firewall/etc all properly support VLANs.

    • Max
    • 3 yrs ago
    • Reported - view

    Yes, I am sure it will. It is Firebrick 2700. Many thanks for the information.

    • Scott_Chapman
    • 2 yrs ago
    • Reported - view

    omg. this is horrible. Getting a firewalla gold soon to give me better visibility/control. But without VLAN support with Eero, that really ties my hands.

    • beej
    • 2 yrs ago
    • Reported - view

    My eeros seem to have updated last night to eeroOS 6.3.0 and the release notes include:

    Support for Internet uplink VLAN tagging on eero Pro 6 and eero 6

      • Eeromn2020
      • 2 yrs ago
      • Reported - view

      beej That is only for a WAN link that needs VLAN support for whatever CPE the ISP requires. It unfortunately doesn’t add any type of VLAN support to the LAN.

    • Mdam1921
    • 2 yrs ago
    • Reported - view

    WOW. What brought me here was originally https://community.eero.com/t/q5rnf6/block-devices-from-internet-but-allow-local-lan this topic where I just wanted to block outbound traffic from certain devices. I realized EERO will probably never support any kind of simple user-managed firewalling so I decided to implement my own and place EERO in bridge mode. Now I'm finding this topic which means even if I get a great router upstream from EERO i still won't be able to isolate devices in this way. Kind of infuriating that a "pro" device (and "pro" pricing) has almost zero pro features.

      • txgunlover
      • 2 yrs ago
      • Reported - view

      Mdam1921 you also lose a lot of wireless features in Bridge mode such as automatic channel switching (You only get fixed default channels regardless of your environment) in bridge mode.

      • Mdam1921
      • 2 yrs ago
      • Reported - view

      txgunlover surely that means I can manually change channels.. right?

      • swinster
      • 1 yr ago
      • Reported - view

      Mdam1921 you would think that, wouldn't you 🤬

    • neildotwilliams
    • 1 yr ago
    • Reported - view

    Hello and welcome to 2022. Any updates on this feature request?

    • andy.2
    • 1 yr ago
    • Reported - view

    Interested as well...Eero, you have a great product and are not cheap.  I honestly expected this as a standard feature at the pricepoint.  

    • nlz
    • 1 yr ago
    • Reported - view

    Can't believe this still hasn't been addressed :(

    • SeedyRom
    • 1 yr ago
    • Reported - view

    This would be a great feature for several reasons.  I would be happy with even a limited release that allowed 2 VLAN tags. 

    Some reasons this is needed are:

    • Security against vulnerabilities in smart home devices
    • Reduce broadcasts and limit multicasting
    • Better control of guest devices on the network (like not allowing guests to access your network shares)
    • More options for QoS and rate-limiting
    • Unlocks downstream firewall features to better manage devices

    Every AP in the eero6 price range has this feature already.  I bought the "pro" version because I foolishly assumed this was a basic feature of any "pro" AP.  I am now sadly regretting not going with Netgear or Linksys.  Even worse, this feature request has been sitting with no response for 5 years so it seems like I'm wasting my time asking for this most basic "pro" feature.

    • defn
    • 1 yr ago
    • Reported - view

    I literally made an account on this just to upvote and comment on this issue. I'm getting ready to upgrade to wifi6+ nodes and it is a hard sell without this feature especially when the competitors have it.

    Is this even on the roadmap has there been a response from eero/amazon?

    • Lhpham
    • 1 yr ago
    • Reported - view

    Eero if you want to know what it looks like, this is what we want:

    https://www.tp-link.com/us/support/faq/418/

    Please consider it.  I'm trying hard not to move away from Eero, but TP-Link and Ubiquiti are offering this!

    • MThornback
    • 1 yr ago
    • Reported - view

    I use an ISP that has different VLANs for their Internet and TV Services. Not having multiple VLAN support means that I cant use my PVR. Please implement this Eero! 

    • swinster
    • 1 yr ago
    • Reported - view

    Ahhh - I see this is repeated in https://community.eero.com/t/q5tpsm/implement-vlan. This is, IMHO, an absolute must as home automation becomes more and more commonplace. I certainly don't want all my wireless devices on the same network. Whilst it is possible to tag the Ethernet port an Eero plugs into, it is a bit of a sledgehammer approach.

    • APNetWiFI
    • 1 yr ago
    • Reported - view

    Eero should support should include at least four home VLANs each with independant access to the internet.   They should be 1) your primary home network,      2)  A guest network offered to visitors,  3) your IoT network for modern gadgets that need access to the internet.... Firewall rules should grant them access to the internet  only as they can be  easy targets for network exploitation and 4) a separate network for your home office providing a secure VLAN used for work from home corporate PCs and printers using their company VPN. 

    These VLANs should be 802.1q trunked on the inside wired ethernet port allowing you to connect them to a managed switch.

    • VirtualWatts.1
    • 9 mths ago
    • Reported - view

    Yes what APNetWiFI said, we have security cameras, TV's, gym equipment, door and gate security, eero guest doesn't work because users cannot connect to gym equipment (casting and audio), vlans would allow segmentation and trunked ability to allow connections

    • davidandrew
    • 6 mths ago
    • Reported - view

    Why not? 

      • VirtualWatts.1
      • 6 mths ago
      • Reported - view

      davidandrew  if that question is for me, the Eero 6 Pro creates a guest network and second SSID, however, all connections on that SSID only route out to internet, you cannot see or interact with other devices also connected to guest wifi.  That is a security feature of the Eero. It is different that having a second vlan which is what I thought it would be.

      • davidandrew
      • 6 mths ago
      • Reported - view

      VirtualWatts sorry, my vague (and useless) comment was just questioning the Ring Developers "Why Not?" enable this feature. This is supposed to be a top quality consumer network, but at times it seems dumbed down to the least common denominator. Give more sophisticated users a reason not to go somewhere else. It's fine if the options are buried somewhere relatively inaccessible, we'll figure it out. Eero doesn't need to make it more complicated for the people who just want a simple network and simple user experience. 

      • netsecguru
      • 2 wk ago
      • Reported - view

       I wish Eero would offer an "Advanced Mode" with a warning that their support staff will not support if that option is checked.  Simple.

    • maxwlang
    • 6 mths ago
    • Reported - view

    I have just left the Eero ecosystem for Unifi 6 Pro access points since eero continues to neglect this feature. Unifi APs allow up to 4 SSIDs/VLANs per access point, and access points may be used independently, without an investment into all of Unifi.

Login to reply

Content aside

  • Status Under Consideration
  • 184 Votes
  • 2 wk agoLast active
  • 107Replies
  • 6554Views
  • 108 Following