Networking – Multi-apartment network

home-networkingnetworking

I'm helping out my landlord with setting up the Internet in our shared apartment building. I'm sure this has been tread out before but I don't know enough about networking to make a reasonable decision, so I thought I'd ask here; please let me know if there's a better place to ask questions like these.

We currently have shared internet throughout the apartment building, going through a typical home modem. No fancy features – but we would like each individual apartment to have their own network.

Does this setup make sense? Or is there a better way:

Modem -> wired router -> one wired router per apt to partition the network behind NATs -> one switch per apt to hook up the wired jacks for that apt, and a wifi access point

I don't know about the features that commercial networking hardware provides but this solution makes sense to me if we're using only consumer hardware. Let me know if there's a better way….

EDIT: slightly more detail: there's only 4 apartments so this wouldn't be super complicated.

Best Answer

  • The outline you posted makes sense, and is similar to what I'd do if I was the one setting it up: One switch per apartment with its own subnet (192.168.xxx.0/24, for example), and each of these switches connected to a router that provides DHCP on all of these subnets. The router would then connect to the modem.

    An advantage of doing it this way is that the router can also function as bandwidth throttler, so that one apartment can't hog all the available bandwidth, or simply ensuring that the landlord's outlook session is prioritized over the Quatar Camel Race the guy in apartment 3 likes to torrent.

    If the router doesn't have enough physical ports, an alternate sollution could be to have a 5th switch connecting the apartment switches, and this "master switch" uses VLAN (802.1Q) to allow the router to work on multiple subnets with only one physical network port connected.


    Example 1 - Subnetted

                      /------Switch1
    Modem----Router--|-------Switch2
                      \------Switch3
    

    Each apartment has its own switch. This requires that the router has enough ports to cater for this, so that no VLANs are required. Each apartment has its own subnet, with the apartment number being the 3rd octet:

    Apartment 1: 192.168.1.0/24, Router reachable as gateway on 192.168.1.1
    Apartment 2: 192.168.2.0/24  Router reachable as gateway on 192.168.2.1
    Apartment 3: 192.168.3.0/24  Router reachable as gateway on 192.168.3.1
    

    By subnetting them this way, each apartment will be separate as per a 24 bit network mask (255.255.255.0) while still allowing the router to serve DHCP to each apartment separately. If desired, you can also set up any firewalling and whatever you want on the router. Note that this is not the same as VLAN, as the separation is achieved only by using IP and Routing fundamentals.

    Example 2 - Subnetted with VLAN

    If your router doesn't have enough ports, you rely on the ability of your router to have multiple IPs and VLANs on the same physical port.

                               /------Switch1
    Modem----Router--SwitchM--|-------Switch2
                               \------Switch3
    

    Note the master switch, "SwitchM" between the router and the apartments. This switch has port-based VLAN-tagging, assigning each apartment switch (and therefore anyone connected to those switches) their own VLAN.

    Apartment 1: 192.168.1.0/24, VLAN 1, Router as gateway on 192.168.1.1
    Apartment 2: 192.168.2.0/24, VLAN 2, Router as gateway on 192.168.2.1
    Apartment 3: 192.168.3.0/24, VLAN 3, Router as gateway on 192.168.3.1
    

    Now, the trick is to configure your router with multiple IPs, one for each VLAN. This way, the router will be able to work with each apartment independently despite all of the traffic being funnelled to the same physical port on the router. Note that if you're on a budget, only SwitchM needs to support VLANs. The other switches don't need to know about that aspect, as it is only pertinent to the communications between SwitchM and the router.

    Port based VLAN (IEEE 802.1Q) is an extension to the Ethernet standard, and works independently of whatever protocol is used higher up in the model.

  • Related Question