BeGentleWithMe-INeedHelp
asked on
VLAN basics 101 configure router cisco RV215W and others
I'm trying to do what I thought was simple and a perfect reason to use vlans. But I am stuck.
I am using a Cisco RV215W, but had the same issue with RV110W and likely most any router with vlan capabilities.
The gist is this:
Small business server (192.168.16.0/24) network all connected to a switch.
We want wireless for guests and workers. Guests should not be able to get to the 16.0 subnet. The workers should be able to get to 16.0.
The wireless access points we are using (Engenius Unifi) offer the ability to do 2 SSIDs, each set to their own vlan. The public SSID will be open, the worker ssid will require a password.
That's all easy.
see part 1 drawing. I figure that port 1 will be the private network and port 2 will have the wireless access points.
but then the VLAN settings.
I need at least 2 vlans. 1 is the public vlan, we'll call vlan5, and the router gives out 5.0/24 IP addresses.
Then another vlan for the workers called vlan16 wiith the server giving out 16.0/24 IP addresse (and DHCP on the router turned off).
This is where it starts to fall apart : )
The router has 2 settings for each vlan / port combination.
untagged packets from port 1 have to get to port 2 for admin of the access points and vice versa
vlan5 packets should not get to port 1
vlan16 packets should be allowed on ports 1 and 2.
I set this up a while ago and after a long time got it working with a 3rd vlan - vlan1 with the router giving out 88.0/24 addresses. The WAPs have those 88.0 IP addresses. so the 16.2 server can get to the 88.5 WAP.
I don't understand how I got it working.
Can someone explain?
And can I muddy the water with the 'intervlan routing check box? I had to check that to get things to work. Doesn't that defeat the purpose of the vlan if theres communication between them?
and as a lead in for another question in part 1.... at one location, I don't have an available cat5 data cable where we need a WAP.
Can the above be tweaked to allow a 16.0 untagged PC AND a WAP connected together on a switch, with the wap giving out the 2 different SSIDs? Using port 3?
So on the router, the question is:
how to set the port / vlan combinations?
intervlan routing port 1 port 2
vlan1 yes / no? untagged/tagged/excluded untagged/tagged/excluded
vlan5 yes / no? untagged/tagged/excluded untagged/tagged/excluded
vlan16 yes / no? untagged/tagged/excluded untagged/tagged/excluded
thanks!
VLAN-part-1.jpg
VLAN-part-2.jpg
I am using a Cisco RV215W, but had the same issue with RV110W and likely most any router with vlan capabilities.
The gist is this:
Small business server (192.168.16.0/24) network all connected to a switch.
We want wireless for guests and workers. Guests should not be able to get to the 16.0 subnet. The workers should be able to get to 16.0.
The wireless access points we are using (Engenius Unifi) offer the ability to do 2 SSIDs, each set to their own vlan. The public SSID will be open, the worker ssid will require a password.
That's all easy.
see part 1 drawing. I figure that port 1 will be the private network and port 2 will have the wireless access points.
but then the VLAN settings.
I need at least 2 vlans. 1 is the public vlan, we'll call vlan5, and the router gives out 5.0/24 IP addresses.
Then another vlan for the workers called vlan16 wiith the server giving out 16.0/24 IP addresse (and DHCP on the router turned off).
This is where it starts to fall apart : )
The router has 2 settings for each vlan / port combination.
untagged packets from port 1 have to get to port 2 for admin of the access points and vice versa
vlan5 packets should not get to port 1
vlan16 packets should be allowed on ports 1 and 2.
I set this up a while ago and after a long time got it working with a 3rd vlan - vlan1 with the router giving out 88.0/24 addresses. The WAPs have those 88.0 IP addresses. so the 16.2 server can get to the 88.5 WAP.
I don't understand how I got it working.
Can someone explain?
And can I muddy the water with the 'intervlan routing check box? I had to check that to get things to work. Doesn't that defeat the purpose of the vlan if theres communication between them?
and as a lead in for another question in part 1.... at one location, I don't have an available cat5 data cable where we need a WAP.
Can the above be tweaked to allow a 16.0 untagged PC AND a WAP connected together on a switch, with the wap giving out the 2 different SSIDs? Using port 3?
So on the router, the question is:
how to set the port / vlan combinations?
intervlan routing port 1 port 2
vlan1 yes / no? untagged/tagged/excluded untagged/tagged/excluded
vlan5 yes / no? untagged/tagged/excluded untagged/tagged/excluded
vlan16 yes / no? untagged/tagged/excluded untagged/tagged/excluded
thanks!
VLAN-part-1.jpg
VLAN-part-2.jpg
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.