Setting up VLAN to place access point on separate network
My current office LAN is setup as such:
Internet --> Router --> Switch --> Mulitple Computers & Access Point
I would like to put the Access Point on it own VLAN however I'm new to setting up VLAN's and I'm not sure of the terminology.
Procurve 1800 Switch setup:
Port 1: Router
Port 2: PC1
Port 3: PC2
Port 4: PC3
Port 5: PRINTER
Port 6: Unused
Port 7: Unused
Port 8: Access Point
I would like to setup ALL PC's + Printer (Ports 2-5) and Router (port 1) on VLAN1 & the Access Point (Port 8) and Router (Port 1) on VLAN2.
I have created VLAN2 and checked boxs for ports 1 & 2.
The part I dont understand is setting the Port Config Options: The config menu allows me to make each port VLAN aware, Ingress Filtering, and Tagged and Untagged & Allows to the set either PVID 1 or 2.
My goal is to have both VLAN1 and VLAN2 access the internet both not each other. I want to isolate the access point so that the HOTSPOT doesn't have access to OFFICE computeres.
Internet --> Router --> Switch --> Mulitple Computers & Access Point
I would like to put the Access Point on it own VLAN however I'm new to setting up VLAN's and I'm not sure of the terminology.
Procurve 1800 Switch setup:
Port 1: Router
Port 2: PC1
Port 3: PC2
Port 4: PC3
Port 5: PRINTER
Port 6: Unused
Port 7: Unused
Port 8: Access Point
I would like to setup ALL PC's + Printer (Ports 2-5) and Router (port 1) on VLAN1 & the Access Point (Port 8) and Router (Port 1) on VLAN2.
I have created VLAN2 and checked boxs for ports 1 & 2.
The part I dont understand is setting the Port Config Options: The config menu allows me to make each port VLAN aware, Ingress Filtering, and Tagged and Untagged & Allows to the set either PVID 1 or 2.
My goal is to have both VLAN1 and VLAN2 access the internet both not each other. I want to isolate the access point so that the HOTSPOT doesn't have access to OFFICE computeres.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
OK one thing here.
A VLAN trunk is named differently by HP (Procurve is their brand).
So on their switches VLANs are tagged and untagged. If a port is set as tagged for many VLANs, that makes it a VLAN trunk.
A HP Trunk is where you combine 2 or more physical connections into one logical connection. We won't be using that here.
So if you follow my instructions regarding tagged and untagged ports, you should be fine ... when you get an appropriate router.
The router I would suggest is a Cisco PIX/ASA (the cheapest one should do the trick)... however I must warn you that its set-up is for mostly advanced users (if you set it up via the console), it has a web server, but I've never used it.
I guess there are other routers around that do the same for less. I use a Linux router (old machine with 3 network interface cards) at home and my company.
You could also buy a Layer 3 switch ... that's a switch that can also route your packets from one VLAN to the other. But its a bit more expensive and is probably out of the question, since you already have a switch.
A VLAN trunk is named differently by HP (Procurve is their brand).
So on their switches VLANs are tagged and untagged. If a port is set as tagged for many VLANs, that makes it a VLAN trunk.
A HP Trunk is where you combine 2 or more physical connections into one logical connection. We won't be using that here.
So if you follow my instructions regarding tagged and untagged ports, you should be fine ... when you get an appropriate router.
The router I would suggest is a Cisco PIX/ASA (the cheapest one should do the trick)... however I must warn you that its set-up is for mostly advanced users (if you set it up via the console), it has a web server, but I've never used it.
I guess there are other routers around that do the same for less. I use a Linux router (old machine with 3 network interface cards) at home and my company.
You could also buy a Layer 3 switch ... that's a switch that can also route your packets from one VLAN to the other. But its a bit more expensive and is probably out of the question, since you already have a switch.
ASKER
I see, a good alternate would be a L3 switch with my current router.
I'm guessing that the switch would be the gateway for the PC's in that case.
If I keep the L2 switch and update the router:
Do you have any suggestion on what to do with the VLAN aware checkbox and the Ingress Filtering checkbox?
I'm guessing that the switch would be the gateway for the PC's in that case.
If I keep the L2 switch and update the router:
Do you have any suggestion on what to do with the VLAN aware checkbox and the Ingress Filtering checkbox?
VLAN aware checkbox should be enabled only on port 1.
Ingress filtering is for filtering input packets I guess, unless you want to set up network access filters for certain computers I don't think you will need that. For example you wouldn't want PC3 communicating with PC2 so you would enable the ingress filtering (there must be a place to specify the rules though).
Ingress filtering is for filtering input packets I guess, unless you want to set up network access filters for certain computers I don't think you will need that. For example you wouldn't want PC3 communicating with PC2 so you would enable the ingress filtering (there must be a place to specify the rules though).
And to answer your first question, yes and no ... the switch would have to be the gateway only on the VLAN that did not have the router.
ASKER
I supspect the most professional, efficient and modern method of configuring a VLAN would be to use a L3 switch?
Not really. Having a better router is the most efficient solution.
An L3 switch is only used if you really really need it (think ISP or very advanced LAN or you have too much money), which in your case you do not.
As for router, try something along the lines of:
http://shop.a-enterprise.ch/product_info.php?currency=EUR&cPath=31&products_id=29&language=en
or
http://www.applianceshop.eu/index.php/appliances/firewalls/m0n0wall-small.html
I've worked with m0n0wall before, its simple and lots of features. Not really enterprise worthy, but for up to 30 users it should suit you just fine.
Hope it helps
An L3 switch is only used if you really really need it (think ISP or very advanced LAN or you have too much money), which in your case you do not.
As for router, try something along the lines of:
http://shop.a-enterprise.ch/product_info.php?currency=EUR&cPath=31&products_id=29&language=en
or
http://www.applianceshop.eu/index.php/appliances/firewalls/m0n0wall-small.html
I've worked with m0n0wall before, its simple and lots of features. Not really enterprise worthy, but for up to 30 users it should suit you just fine.
Hope it helps
ASKER