Home Network Design help with L3 Switch

[trpltongue]

Thanks for the explanation and education

Everything now reset with 192.168.10.x.

Everything is also up and running again

 

[trpltongue]

And here is my port setup (Trunk port 3 is where the WAP581 is connected):

 

[coxhaus]

Reconfig your DHCP pool to not include 192.168.10.254 as that IP is already used as your switch default gateway. I would use 192.168.10.30 - 192.168.10.250 for your DHCP pool.

Also use auto for your default gateway on the DHCP pool screen.

Also use 9.9.9.9 for DNS

 

[trpltongue]

Done!

I had listed it out under excluded addresses, but it's easier just to remove it from the pool.

I've also gone back into the ATT gateway and re-enabled IP Passthrough (family is in bed). Everything is still working, even after a reboot and refresh of IP lease

Apparently, adding the DNS IP address was the key to making this all work. I didn't do that last night, and if I remove the DNS IP address now, I lose internet.

I think the next thing I want to do is enable LAG for the WAP, or should I work on VLANS?

Either way, I'm done for tonight. Early baseball games tomorrow

Seriously, I can't thank you enough for all the help so far.

 

[trpltongue]

It is good to hire professionals for the installing and the settings.

I don’t disagree with you at all, however, the only reason I’m stepping up to this level of gear is because of the awesome community here and the chance to play around and learn something new.

I definitely don’t “need” this level of gear, but it’s a fun hobby right

I’ve already learned a bunch!

 

[coxhaus]

Done!

I had listed it out under excluded addresses, but it's easier just to remove it from the pool.

I've also gone back into the ATT gateway and re-enabled IP Passthrough (family is in bed). Everything is still working, even after a reboot and refresh of IP lease

Apparently, adding the DNS IP address was the key to making this all work. I didn't do that last night, and if I remove the DNS IP address now, I lose internet.

I think the next thing I want to do is enable LAG for the WAP, or should I work on VLANS?

Either way, I'm done for tonight. Early baseball games tomorrow

Seriously, I can't thank you enough for all the help so far.

Save LAG for last. So is DHCP on the switch working using the switch as the default gateway?

 

[trpltongue]

Yessiree .

My devices are getting their IP addresses from the switch at 192.168.10.254.

 

[coxhaus]

Reset the wireless on the trunk port. Add VLAN1 for the local wireless. Then we will add the guess network.

 

[trpltongue]

When you say add VLAN1 for the local wireless, do you mean add the WAP to VLAN1?

I currently have everything setup on VLAN1, but I can change it if I need to.

 

[coxhaus]

Yes we will start with VLAN1 and then add the guest VLAN. That is why we are on a trunk port.

You need to be receiving DHCP from the switch on the wireless on VLAN1 for us to move to the next level.

 

[trpltongue]

I've reset the wifi on the trunk port (3).

 

[coxhaus]

I've reset the wifi on the trunk port (3).

View attachment 19758 View attachment 19759

This looks good to me. So are clients on the wireless receiving IPs?

 

[trpltongue]

This looks good to me. So are clients on the wireless receiving IPs?

Yup! Wireless clients are getting IP's from the switch.

 

[coxhaus]

OK, Let's add the guess network VLAN2 or 12. What IP network do you want to use? 192.168.12.0 192.168.3.0

We need to create a VLANX on the switch. Then we need to assign an IP address to the VLAN. We need to create DHCP scope. There should be an IPv4 interface and a IPv4 routing statement after setting up the VLAN. This should make the new VLAN pingable as routing should work on the switch.

Once this works on the switch we need to add the network to the router because the router does not know about this new network. We need to create a route statement on the router for this new network which points to the switch because the switch is going to do the routing. Right now the router is in VLAN1 so it needs to point to switch's IP 192.168.10.254. So create a route statement on the router that points to 192.168.10.254.

One more thing needs to be done on the router is to create an ACL for the new network to allow the firewall to pass the traffic.

The general idea is the router is receiving traffic for an unknown network and passing it on to the switch which knows where the traffic goes.

Once this works we will be able to add this VLAN to the wireless which will be the second step so wireless will work.

 

[trpltongue]

OK, Let's add the guess network VLAN2 or 12. What IP network do you want to use? 192.168.12.0 192.168.3.0

We need to create a VLANX on the switch. Then we need to assign an IP address to the VLAN. We need to create DHCP scope. There should be an IPv4 interface and a IPv4 routing statement after setting up the VLAN. This should make the new VLAN pingable as routing should work on the switch.

Once this works on the switch we need to add the network to the router because the router does not know about this new network. We need to create a route statement on the router for this new network which points to the switch because the switch is going to do the routing. Right now the router is in VLAN1 so it needs to point to switch's IP 192.168.10.254. So create a route statement on the router that points to 192.168.10.254.

One more thing needs to be done on the router is to create an ACL for the new network to allow the firewall to pass the traffic.

The general idea is the router is receiving traffic for an unknown network and passing it on to the switch which know where the traffic goes.

Thanks for the great explanation. I'm going to get working on it now. I think I'll use a nomenclature of:
VLAN1 192.168.10.x
VLAN2 192.168.20.x
VLAN3 192.168.30.x
etc.

I'll get to work on that now.

 

[coxhaus]

Thanks for the great explanation. I'm going to get working on it now. I think I'll use a nomenclature of:
VLAN1 192.168.10.x
VLAN2 192.168.20.x
VLAN3 192.168.30.x
etc.

I'll get to work on that now.

Sounds good. Let me know if you hit a problem. I can go into more detail.

 

[trpltongue]

OK, Let's add the guess network VLAN2 or 12. What IP network do you want to use? 192.168.12.0 192.168.3.0

We need to create a VLANX on the switch. Then we need to assign an IP address to the VLAN. We need to create DHCP scope. There should be an IPv4 interface and a IPv4 routing statement after setting up the VLAN. This should make the new VLAN pingable as routing should work on the switch.

Okay, setup the VLAN2 as Guest:

Then created the IP v4 interface with IP address of 192.168.20.254

Then created the DHCP pool with the following:

I can access 192.168.20.254 from my wireless devices which have an IP from 192.168.10.254.

If that's correct, I'll move onto the router, though I'm not sure what an ACL is or where to define it

 

[trpltongue]

Sounds good. Let me know if you hit a problem. I can go into more detail.

Okay, not sure how to setup a route statement or an ACL. I've been poking around the router gui but can't seem to figure it out.

 

[trpltongue]

Is this correct?

 

[coxhaus]

You were fast on this step. It gets easy once you have done it.

Here are my router screens. I forgot the RV340 does not need firewall statements once you add a routing statement. I have posted the routing statements you just need to substitute your network IPs.

I also included my ACL so you know what I am talking about. You may want to use my ACL. It denies all udp DNS except for 9.9.9.9

I noticed the ACL was cut off so I added another screen