Home Lab VLAN Help

[renxwar]

I'm looking to get my hands dirty with the networking side of things and I would like to start playing with VLANs.

I have:
Cisco SG300 20 Port Switch (L3)
Asus RT-N66U with ASUSWRT-Merlin (Allows static routes, should be all I need?)
Server with 1 integrated NIC and 1 4-port Intel i350 NIC with 5+ Virtual Machines

What I would like to do would be:

192.168.1.x/24 VLAN 1 for networking equipment, I.E. routers and switches
192.168.2.x/24 VLAN 2 for Servers
192.168.3.x/24 VLAN 3 for Production DHCP (provided by the Server on 192.168.2.x/24 VLAN 2)
192.168.4.x/24 VLAN 4 Guest network
192.168.5.x/24 VLAN 5 Test network

Ideally, I would need VLAN 1-3 to communicate openly, with VLAN 4-5 only receiving DHCP from the Server on VLAN 2.

I think I'm understanding this somewhat, but my questions are:
1. Because the Cisco SG300 is a Layer 3 switch, does my router need to be involved at all, or can the switch do this all on its own?
2. If the router does need to be involved, what would the wiring be for this type of configuration? Switch to Router cable per VLAN?
3. Does a port need to be assigned to a VLAN? For example, could I just statically assign 192.168.2.1/24 to one of the Servers and not need to have it physically cabled?

Thanks in advance.

 

[phibertron]

Ideally, I would need VLAN 1-3 to communicate openly, with VLAN 4-5 only receiving DHCP from the Server on VLAN 2.

once a switch is in L3 mode for intervlan routing,
preventing L3 routing/traffic between vlans
will have to be done with ACL's on the switch

you will either have to implement dhcp relay on the switch to the dhcp server
or put the dhcp server on a trunk of all needed vlans
or use a combination of switch dhcp for vlans, and dhcp server for the others

1. Because the Cisco SG300 is a Layer 3 switch, does my router need to be involved at all, or can the switch do this all on its own?

The switch would need to have a default route to the router

for example: (assuming that is the router ip)
0.0.0.0 0.0.0.0 192.168.1.254

The router would need routes back to switch for networks not on the router

for example: (assuming that is the switch ip)

192.168.2.0 255.255.255.0 192.168.1.1
192.168.3.0 255.255.255.0 192.168.1.1
192.168.4.0 255.255.255.0 192.168.1.1
192.168.5.0 255.255.255.0 192.168.1.1

note, the above routes are based on the switch and router
being connected on one port using an untagged vlan on 192.168.1.0

2. If the router does need to be involved, what would the wiring be for this type of configuration? Switch to Router cable per VLAN?

it doesn't need to be vlan aware, but does limit use case scenarios

outside of the default route on the switch and the routes on the router
all clients/networks would/should be connected to the switch
with the switch as there gateway, allowing the switch to do L3 routing

what I am trying to prevent you from doing, is the following

The problems with asynchronous routing
http://networkguy.de/?p=409

3. Does a port need to be assigned to a VLAN? For example, could I just statically assign 192.168.2.1/24 to one of the Servers and not need to have it physically cabled?

If the port is to have more than one vlan assigned,
then only General or Trunk types can be used

If it is going to just be one device connected, it could be any port type
or you could assign an ip to it directly

It is really up to what you are trying to accomplish, simple is better usually

 

[renxwar]

Awesome response, that helped a lot. I have everything up and communicating with each other except for the DHCP. I'm not actually home so I can't test the DHCP just yet, I just want to make sure my theory is sound on this one.

VLAN 1 is the network, wireless router Asus N66U 192.168.1.1
VLAN 2 has the DHCP server (192.168.2.11)
VLAN 3 is DHCP (Scope: 192.168.3.1 - 192.168.3.200)
Cisco SG300 has DHCP relay enabled

So in theory, the clients will connect to the wireless (VLAN 1) but will communicate with the DHCP server (VLAN 2) and get an IP address (VLAN 3). I have tested that the DHCP works by putting one of my hard-wired computers on VLAN 3 and having it pull an IP. Will these wireless clients work the same way?

 

[phibertron]

your welcome

I don't think the dhcp idea is going to work, for 2 reasons
1.
the access point is not on the 192.168.3.0 network
2.
even if somehow the dhcp request did go through and an ip was assigned
the client would not be able to communicate because of reason 1.

you would have to create a scope for 192.168.1.0 network on the dhcp server
so that they could get an ip on that network

depending on the Asus N66U vlan abilities, not sure how much is possible,
it might be possible to add a vlan 3 to it
and trunk vlan 1,3 on the switch and router

 

[renxwar]

So to make sure I'm understanding the process of it, what about this hypothetical network:

Router (VLAN 1, 192.168.1.1) to Switch
Wireless Access Point plugged into the switch on a port on VLAN 3

Because the AP is on VLAN 3 on the switch, would it by default put the clients on VLAN 3 (and from there, be picked up by the DHCP server?)

 

[phibertron]

Router (VLAN 1, 192.168.1.1) to Switch
Wireless Access Point plugged into the switch on a port on VLAN 3

are we talking about the wan port or a lan port on the router, for vlan 1?

Because the AP is on VLAN 3 on the switch, would it by default put the clients on VLAN 3 (and from there, be picked up by the DHCP server?)

It might/should work

 

[renxwar]

LAN port (Port 1 on router, port 19 on switch) on VLAN 1.