VLAN, WVLAN

[ABRAHAM Lilian]

Hello,

I simple draw for less explanation:
Each acces point "emit" 2 SSID:
When connected to private, path to internet is through VLAN1 (default)
When connected to public, path to internet is through VLAN2
Even, i would like the same for switch port 7,8 path through VLAN1 and all other through VLAN2.

I tried to set each port tag/untagger/etc but i have dysfonction:
i can ping a printer connected to port 10 (i.e.) but can not print on
When a PC is connected on private WLAN, DHCP doesn't give IP.
...

I think's it's a bad setting of the switch

If someone's can help, i will be a good practice for the futur (for me )

Many thank's

Lilian.

 

[MichaelCG]

The switch ports will only be tagged ports if the device connected to them is setup for VLAN tagging. Otherwise they will just be access ports assigned to the appropriate VLAN.

DHCP...what is providing DHCP to VLAN1? Is the Educabox providing DHCP services? It is routing or just providing an in-line transparent proxy?

Is the RV130 an open router or does it have Firewall/Filtering features enabled?

 

[ABRAHAM Lilian]

Hello,

on VLAN1, DHCP is provided by Educabox, it's a router.
RV130 is a Cisco router, and it does have Firewall/Filtering/Vlan features.

Many thank's
Lilian

 

[coxhaus]

The way I would setup your diagram is to have one connection (wire) to the RV130 router. I would use a layer 3 switch and keep all the VLAN information away from the router. You can use VLAN 1 the way it is defined since it is the default VLAN. I would setup VLAN 2 as a tagged VLAN public. I would use DHCP on the layer 3 switch and not the RV130 router.

If you are going to use a layer 2 switch then you will need to use the router for routing the VLANs. So I would use VLAN 1 set to default and VLAN 2 as tagged public just like I would above and use a trunked port for the wire feeding the router. You will need to setup the same VLANs on the router since it needs to know them to be able to route them. The input port on the router from the switch needs to defined as a trunk port just like the layer 2 switch. DHCP would need to be on the router.

Wireless devices need to be connected with trunked ports with which ever method used above. Set one SSID to one VLAN and the other SSID to the other VLAN. This way the SSID will pass through the VLAN defined

The filtering or security needs to be done with access lists on the router or layer 3 switch depending which method you used. This is how you share printers and create guest isolated networks.

I use a Cisco SG300-28 switch setup as a layer 3 switch with another switch connected and 3 wireless APs.. I do this same setup at my house. There is a thread here on this site with me setting this up.

Based on your diagram above VLAN 2 needs to be setup as a pass through on the proxy. I would not use VLAN 1 for the kids as that is your default VLAN. Change the kids VLAN to VLAN 2.

 

[ABRAHAM Lilian]

Hello,

Many thank's for your answers.

Devices (Router, Educabox Captive portal, switch and Cisco WAP371 ) are already in place.i have to do with.
Cisco router have4 ports, so i assign a port for each VLAN and exclude others.

For VLAN 1, DHCP provided by educabox
FOr VLAN 2, DHCP provided by Cisco Router

What i tried:
On router:
VLAN1 / port 1 untagged
VLAN2 / port 2 tagged

Switch
VLAN 1 / 2 to 6 Tagged
VLAN 2 / 1 - 3 to 6 Tagged
All ports for Office: untagged VLAN 2
All ports for Kids: untagged VLAN 1

A.P.
SSID for KID on VLAN 1
SSID for Office on VLAN 2

Seem's OK ?

I excluded Educabox from VLAN 2 for to improve perfomance (!)

think's it's more "easy" for me to use VLAN/Tagged/untagged features

Many thank's for your help
Lilian.

 

[coxhaus]

I would want all DHCP located in one place. Create a DHCP server for multiple networks.

You can use a router, layer 3 switch or Microsoft DHCP server for DHCP services for multiple networks. I am sure there are others but this is what I have used over the years.