Cheap VLAN Routing

AD7UF, Sep 2025

The traditional way to connect multiple AREDN radios together and connect them to other devices to provide services or access to the mesh network is to use a MikroTik hAP or similar router running the AREDN firmware. Usually there's not a need to run services directly on the router itself (they can be run on one of the other radios that has enough RAM) and the hAP is a fairly expensive way to provide the same services that an VLAN-enabled managed switch can, especially now that the hAP Lite is deprecated for AREDN.

Fortunately, there are now very inexpensive Ethernet smart switches on the market with the capabilities we need that were once only available on managed switches costing hundreds of dollars.

An example of these switches is a series labeled STEAMEMO, available on Amazon in Aug 2025 for $10 for a 5-port version or $13 for the 8-port version. This article will show an example of how to configure this switch to serve an AREDN station with several devices.

Let's talk a little more about this switch.

First off, yes it's a cheap Chinese switch, so it has a few quirks and lacks features of a more expensive switch -- but at $10 each you can buy more than one if you need more complex VLAN handling than it will do.
Don't let the "cloud managed" bit scare you; while it can do the whole "manage via a smartphone app over the Internet" thing and I'd never trust it 100% not to "phone home" or do other goofy things, but:
- The current firmware is set to a sane default of conventional management via a web browser on the LAN, and
- I've never see any misbehavior (aside from overly-exuberant "Hey, I'm at this IP address" replies to ARP inquiries for other devices) in many hours of operation and packet traces.
- On my own networks, I also set firewall rules prohibiting Internet access from the switch as well as unknown devices, so unless it spoofs something that's attached to it, it's not getting out. Call me paranoid. Professionally, I manage a lot of sensitive data for large companies; I'm paid to be paranoid.
Power supply: Very flexible. It comes with 12V wall wart, but it will run on anything 9-55VDC through the barrel connector. It also accepts standard 48V 802.3af PoE. (Do not try to feed it Ubiquity-style passive POE; if you want to give it 24V, split it out and send it to the barrel connector.

Sample Configuration

Our hypothetical network uses these VLAN assignments on the AREDN devices:

0 (untagged) = WAN
2 = DtD (hardcoded)
5 = LAN (Configurable in the Web UI in Aug 2025 daily builds)

An 8-port switch has ports connected to devices thus:

AREDN LAN (untagged -- VLAN #5 tag removed on exit from port, added on entrance)
House: home LAN / Internet access (trunk; also allows linking LAN and DtD devices via 802.1Q VLAN tags)
IP camera (untagged; accessible from home PCs and a VM serving the mesh)
Meshtastic node (untagged; network provides fast client access and mgt., and MQTT)
AREDN radio running applications and LAN DHCP server (trunk)
AREDN radio #2 (trunk)
AREDN radio #3 (trunk)
AREDN radio #4 (trunk)

Here's what the 802.1Q VLAN configuration looks like in the web UI:

The UI used to set those takes a little getting used to, and the version I've used has display bugs. If you made a change and it did funny things, refresh the page and see if the table redraws correctly. Actually, it's not a bad idea to refresh it after any changes before you leave.