Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Networking Networking
Search Search
Search for:
Tech Support Guy > > >

VLAN for Private / Public Networks - How To..


(!)

jc-pro's Avatar
jc-pro jc-pro is offline
Member with 2 posts.
THREAD STARTER
 
Join Date: May 2012
Experience: Advanced
10-May-2012, 04:24 PM #1
VLAN for Private / Public Networks - How To..
Hi all, new to the forums and I'm looking for some friendly suggestions on how I can achieve this:

1) Segregate private network from public wireless network using VLANs?
2) Allow public wireless network clients on a VLAN to get DHCP info from a server?

Basic diagram of physical network layout:


I have a couple questions:

  1. I want to create a VLAN just for the public wireless network and leave the rest of the network traffic alone. Can I tag/untag all ports on all switches with the VLAN created specifically for the public wireless network?
  2. What happens to traffic that is not tagged with a VLAN ID?
  3. I'm a little confused as to what the default VLAN actually does and how it works into my scenario above. Any light on that would be great!
I have a combination of various switch brands and wireless AP's from Cisco SG30028P, Netgear FS752TPS to Dlink DAP-2553 in place, everything supports VLAN's, I know its disparate technology but budget to replace everything is non existent, as much as that would be a smooth solution I have to work with what I've got. The Cisco and Netgear switches are both Layer 2 capable.


Any input would be appreciated.

Last edited by jc-pro; 10-May-2012 at 04:29 PM..
zx10guy's Avatar
zx10guy has a Photo Album
Computer Specs
Trusted Advisor with 3,995 posts.
 
Join Date: Mar 2008
11-May-2012, 09:31 AM #2
What are you using as a router and where is it in your topology?
jc-pro's Avatar
jc-pro jc-pro is offline
Member with 2 posts.
THREAD STARTER
 
Join Date: May 2012
Experience: Advanced
11-May-2012, 11:58 AM #3
I have a Sonicwall as the firewall. The main switch plugs into it.

Going a bit deeper into this it seems my issue here is really understanding the implementation of VLAN's using a Cisco SG300, I'm sure once I figure out their interface/terminology I'll get this resolved.

I'll also need to configure the appropriate VLAN on the Sonicwall and setup the built-in DHCP server to hand out IP's to that VLAN.

Great learning experience.
zx10guy's Avatar
zx10guy has a Photo Album
Computer Specs
Trusted Advisor with 3,995 posts.
 
Join Date: Mar 2008
12-May-2012, 11:44 PM #4
You would need to create sub-interfaces for each VLAN you configure to route traffic out to the internet or possibly between each subnet. You would also need to define objects and security zones on the Sonicwall. I recently swapped out a Juniper SRX210 from being my edge firewal to a Sonicwall TZ215W (originally a TZ210W).

You'll need to define your VLANs and ensure the IDs for which subnet and security enclave is consistent across all switches and your network. The concept of tagged and untagged traffic stems from how IEEE 802.1Q VLANs work. SMB web managed switches typically make configuration of VLANs more complicated than necessary. These switches have a concept of PVIDs or port VLAN IDs. This is a definition set on the switch to tell the switch which VLAN to associate untagged/naked frames received on that port....ingress. The configuration on the switch for egress traffic would be to define whether frames leaving that port are from a particular VLAN and if they are tagged or untagged.

Tagging frames allows a frame to carry an identifier in the frame header stating which VLAN that frame belongs to. Tagging of frames allows frames from multiple VLANs to be carried over what is called a trunk. This allows a huge amount of scalability and flexibility in how a switche network is set up. But because the header of the frame is modified, a device has to be able to understand 802.1Q tagging or the frame gets dropped. This is why unmanaged switches can never pass tagged traffic. It just doesn't know how to read the frame. On trunk ports set up to carry multiple VLAN traffic, another concept of native VLANs comes to play. Native VLANs is basically the same as the PVID mentioned above. But the difference is that on trunk, any untagged/unassigned traffic will automatically be dropped into this native VLAN and sent across the trunk link. Other communications are sent between switches over this native VLAN as part of various management overhead so the native VLAN is pretty important in switch operation and also in security design as there are various exploits that take advantage of how native VLANs operate.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Tags
networking, switches, vlan, wireless

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑