What Is Fritzbox?
The Fritzbox can already operate a second, independent network; the guest network can be activated on certain router ports. This gives internet access but no access to the main LAN. If you want to operate multiple networks with access to each other, you need additional routers or switches with routing functions – found in professional level 3 switches and some level 2 switches (L2+). It’s not super easy, though.
First, if you still have an old Fritzbox, you can use this to get at least a little more than a guest network – we’ll show you how here.
Now to the big picture: The center is supposed to be the omnipresent Fritzbox, usually referred to as a router; it is a combination of modem, router and switch – but let’s leave it at the router; after all this is primarily about beginners, normal private households and the experimental setup, not basic training for networkers.
By default, the Fritzbox builds a network in the IP range 192.168.178.XXX. The aim of this article is now to set up another network in the 10.0.0.XXX range, within which there is access to the Internet, the standard network, and vice versa.
This second network is set up as a VLAN, i.e., as a virtual LAN. Professional or just very good (combi) routers can set up something like this directly, but the Fritzbox, as a rather limited private user device, cannot. Even the normal 10-euro switches cannot do this since they are nothing more than distribution sockets. So it needs a switch with routing functions connected to the Fritzbox and spans the VLANs. Different VLANs can be assigned to the individual ports of the switch, as can the standard network of the Fritzbox.
An end device is still missing: Here, it should be a Raspberry Pi, connected via WLAN in the standard network (as 192.168.178.100) and via LAN in the VLAN (as 10.0.0.100). But the operating system is more important: Ubuntu.
Of course, it would be nice to design everything from scratch, but this is about the normal initial situation: A Fritzbox is already running, and now the network is to be expanded without having to adapt the existing network and its devices.
Hardware And Process
To the Fritzbox: A Fritzbox 6660 Cable is used here. Since only one standard feature is used on the Fritzbox itself, the model is irrelevant. And the procedure also works with most other home routers!
With the switch, it gets much more difficult. A Cisco SG250-08 is used here, whereby the instructions naturally apply to all sizes of the SG250 series, regardless of whether they have 8 or 16 or even more ports. Other Cisco models can also be configured identically. But beware: The Cisco boxes are very complex, aren’t really aimed at consumers, and the documentation is sometimes cheeky – so you have to have an idea of network basics or be willing to deal with them. However, there are devices from TP-Link, D-Link, Netgear & Co. that are significantly cheaper, also support VLANs and – tend to! – have slightly simpler web interfaces. An advantage of the SG250s: They are extremely widespread, well documented and offer much potential for further work with networks. However, the basic procedure is always the same.
Tools: You don’t need any special tools. The configuration takes place in the web interfaces of Fritzbox and SG250-08 and, of course, on the Raspberry Pi. Although the hardware doesn’t matter, it’s much more about the operating system where Ubuntu is used. Netplan takes care of the configuration there.
Requirement: Your client for testing should either already be connected to the standard network and be accessible via SSH or have its screen, such as a laptop. It is also helpful if it has two network interfaces, i.e., LAN AND WLAN – so that it remains accessible even if the VLAN does not work 😉
But now, finally, to the procedure:
- Set up switch
- — Activate routing
- — Configure VLAN
Switch: Configure IP interfaces
Of course, VLAN 10 also needs information about the network interface. To do this, go to IP Configuration/IPv4 Management and Interface/IPv4 Interfaces. Add an interface via Add: Select your new VLAN 10 as the interface. Then set your IP Address Type to Static IP Address and assign the desired address of the switch in the VLAN, in this case, 10.0.0.1. The network mask comes to 255.255.255.0– which means nothing else, that the first three blocks (192.168.178) are set for the subnet, and then 253 (0 and 255 are reserved) addresses for end devices are available in the fourth block. It is a different one – the correct one! – Notation of 192.168.178.XXX, which I sometimes use here for the sake of clarity. (Alternatively, you could also set the Prefix Length to 24, which means that the first 24 bits are a 1, i.e., 11111111 11111111 11111111 00000000 corresponds to 255.255.255.000.) Whether it’s my Xs or the usual zeros, they’re wildcards.