VLAN Setup question

R

randyc

Best Person
Joined
Jun 17, 2003
Messages
1,581
network%20layout.gif


Network Layout is like that...

except the red part does not exist -- it is my goal.

I want it to replace the green box on the right side (Training Center).


I'm stuck on how to actually go about doing this:


As far as I know
1. enable two VLANs on the port that is connecting training center and core switch. make that port 101 and 102 using 802.1q VLAN Tagging right?

2. do the same for the downstairs/training center setup

3. do the normal stuff
a. setup DHCP helpers on core switch
b. setup DHCP stuff on the actual DHCP server
c. setup the SSID's with the proper security


I've added simple VLAN's before by adding switches to the network and then do the normal add a vlan/setup helpers/ get it going process, but I have never gone to the point of putting two vlans in one area, and then trying to route the data back up to the other parts of the network.

I know it is possible, I'm just not 100% sure on how to implement it. Am I right in saying I will need to setup VLAN Tagging?

FYI:

Training Center - HP ProCurve
Core - Foundry SuperX
Secondary - Foundry FastIron

I'll be constantly checking this post if anyone has any suggestions.

If HardForum is the wrong place for this type of question, anywhere else where I might find some good advice?
 
What do you have for an AP? I know the Cisco APs support VLANs per SSID.

Let's say SSID Employees is assigned to the internal VLAN and SSID Guest is assigned to VLAN 102.

What is doing routing on your network? If there is a single connection you don't have to worry about route maps.

As long as the Core Switch is doing routing just put access lists on the VLANs.

Employees Wireless can receive a .101 address.
Guests Wireless can receive a .102 address.

The switches should be trunked, likely via dot1q to allow all VLANs.

VLAN 101
allows access to internal VLAN subnets

VLAN 102
deny access to internal VLAN subnets
 
cb9fl said:
What do you have for an AP? I know the Cisco APs support VLANs per SSID.

Let's say SSID Employees is assigned to the internal VLAN and SSID Guest is assigned to VLAN 102.

What is doing routing on your network? If there is a single connection you don't have to worry about route maps.

As long as the Core Switch is doing routing just put access lists on the VLANs.

Employees Wireless can receive a .101 address.
Guests Wireless can receive a .102 address.

The switches should be trunked, likely via dot1q to allow all VLANs.

VLAN 101
allows access to internal VLAN subnets

VLAN 102
deny access to internal VLAN subnets
Click to expand...

I'm actually not getting this far...


after extensive reading I have determined I must use the dot1q trunking as I thought...

simply making a port 'tagged' makes it a dot1q trunk in most situations right?

Here is what I have done and failed at:

Port 1/4 on the Foundry/Core Router is:
-Tagged for VLAN 101
-Tagged for VLAN 102
Port G1 on the ProCurve
-Tagged for VLAN 101
-Tagged for VLAN 102
-Untagged for VLAN 1

They are connected by a Cat5 cable between the floors.

on the core router i've got the udp-dhcp helper setup along with the virtual port for routing so the packets move around properly.

I have done this, and I still can't access the other story.

And yes, the access point is an aironet, which I have verified supports tagged VLANs, though I'm not going to start working on that until I get a simple connection between the two switches.


Am I missing something really obvious here?

post script:
the routing ... like for what? the gateways? Each subnet is assigned a xxx.xxx.xxx.1 address which is really just the big super-x switch (Core/foundry) and that is the gateway. then it goes to the pix -> accessiron (DS3) (on vlan 2)
 
You must log in or register to reply here.
Back
Top