VLAN & Dell PowerConnect 2816

I

iroc409

[H]ard|Gawd
Joined
Jun 17, 2006
Messages
1,385
I have a question about VLANs and the Dell PowerConnect 2816. Currently, I have a guest wifi/untrusted devices VLAN (128), and my internal/trusted network uses the default untagged VLAN1.

VLAN1 is a default untagged member of all ports, and it can't be changed. If I want to make a tagged VLAN for my internal devices, which I have done, how do I get devices that connect to the switch to be on that VLAN? Do I have to set up the VLAN tag on the devices themselves? What about devices that I can't really configure, like my network printer? Will they always just go to VLAN1?

So far, it seems like devices will just end up on VLAN1, unless they do their own tag, or in the case of the wireless, the access point does the tagging based on what network they attach to. I'd like to be able to force a device to a VLAN based on port.
 
Never use VLAN 1 for anything.

Create a second VLAN for your network. Untag all ports for your internal network on this VLAN.

Untag all needed ports on the Guest VLAN. On the AP, if you have split SSIDs that map to different VLANs, tag the Guest SSID with the Guest VLAN and leave it untagged in the internal SSID or vice versa depending which SSID you want "tagged". (Cisco calls this a trunk port. It just means it has multiple VLANs tagged on it)

If the AP is ONLY for guest access, then just stick it on an untagged port in the guest VLAN.
 
Aha! OK, thanks for the help! The AP has two SSIDs, one for internal access and one guest. The guest VLAN is only allowed on the two ports (WAP & trunk) as tagged traffic, and specifically not allowed on all other ports.

When all else fails, RTFM, amirite? :)

It looks like I need to set the PVID, which is the default VLAN for each port. It is factory set to 1, I just need to change it to my internal VLAN, and that should work. I think that's pretty much all I was looking for.

Unfortunately, to do what I am looking to accomplish, I can't use any untagged VLANs. Setting the PVID though should solve the problem. I will try to get it set up tonight and see if it works as planned.
 
In that case on the AP port, tag the guest SSID with the guest VLAN and set the PVID to your internal VLAN.

You can then set any other port whether guest or internal as untagged on the appropriate VLAN. (Also known as the PVID. Set the PVID on each port to the proper VLAN)
 
I had some issues getting it working, but it seems to be doing fine now. Here's what worked:

-Left port 16 on PVID VLAN 1 for management
-Untagged ports 2-15 for internal VLAN
-Tagged port 1 for router/firewall on internal VLAN
-Tagged ports 1 & 5 for WAP for guest wireless VLAN

Without tagging port 1 for the internal VLAN, I had all kinds of issues. Leaving all ports untagged for the internal network wouldn't allow traffic through to the router (or it would not reply), and tagging the ports would let traffic to the router but not back to the end devices (those that weren't VLAN-aware).
 
Does your APs have "management" VLANs like the Xirrus arrays do?

I know I can't have my ports set to drop untagged traffic on my meraki Z1 to my Xirrus arrays since it uses out of band XMS cloud management so it can sync between the two arrays and I can monitor them on the go. (it also has local configs as well and that's where you manage the VLANs for each array) If I have it set to "drop all untagged traffic" the XMS throws a fit and clients hang.

http://imgur.com/a/NFaRn
 
Last edited:
You must log in or register to reply here.
Back
Top