Solved

Setting up VLAN with 2 Netgear Switches, APs, and TZ210

Posted on 2014-10-31
3
672 Views
Last Modified: 2014-11-12
I am in the process of setting up 5 Access Point Internal and Guest Wireless with 5 Netgear WNDAP360 Access Points, 1 Netgear GS752TP 52 port Switch, and 1 Netgear GS728TP Switch and an existing SonicWall TZ210 Firewall.

I am having trouble with setting up the VLANS so all wired and wireless Internal traffice works and the Guest Access gets sent out to the Internet directly. This is not in production yet so I have a little time to play with it. My main thing is that I can get one network or the other working but not both consistently.

The physical setup is the TZ210(Port 4) will be connected to the GS752TP on (port 45)
The GS752TP (Port 47) will be connected to the GS728TP (Port28) as the Trunk port for communication between the switches.

3 Access Points will be connected to the GS752TP (Ports 1, 2 and 3)
2 Access Points will be connected to the GS728TP (Ports 1 and 2)  

The Access Points have 2 Internal network SSID's (Setup for VLAN10) and 2 external SSID's(Setup for VLAN20)

The firewall does not have VLAN settings so in order to do this, I believe I have to have separate physical ports being used for Internal and Guest communication out to the Internet.  The internal network has a WIndows 2008 Server running DHCP and DNS.  On the firewall I setup a zone (named VLAN20 just to know why it is there later), a DHCP Server entry and interface specifically for for the Guest Access to get out to the Internet.

The GS752TP and GS728TP switches have the natural VLAN 1 and on all the Access Points and Switches, I have configured their IP Addresses as a 192.168.254.x so that they are off of the primary LAN for administration. Not sure if this is necessary.

VLAN10 - Internal Network is 192.168.10.x with a gateway of .1
VLAN20 - Guest Wireless and Network is 192.168.254.x with a gateway of .1

SO

In the Switches I have ports 1,2,3 tagged for both VLAN 10 and VLAN 20, and VLAN 1(default) shows as Untagged. So ports 1,2, and 3 are my Tagged Interfaces for Trunking between the AP's and the switches they are connected to.

On the GS728TP Port 28 and on the GS752TP Port 48 are Tagged  in both VLAN 10 and VLAN 20 so that Trunks one switch to the other. Since the Primary use of the wired network is for Internal Business, I have tried to set all other ports to VLAN 10 except one port 45 for management of the 192.168.254.x VLAN1 network, and one port 46 on the GS752TP for Guest Wireless to connect to port 5 of the TZ210.

When I set all the unused interfaces on the switch to Untagged for VLAN10, I am no longer able to access my internal DHCP server on the primary network with address 192.168.10.x so I can't get an IP Address.  With this configuration, VLAN20 (Guest Access) works flawlessly and the connected devices get their IP address from the TZ210's VLAN20 zone.  

If I switch all unused ports back to VLAN1 which is the out of the box default setting, My Internal Network starts to work without issue, but I break the Guest LAN.

So in a nutshell, I am having problems with the VLAN settings to allow both traffic to where it needs to go. Wind PVID set to VLAN

TZ210 LAN to Untagged port(25) in GS752TP VLAN1 For Internal Network Access to Internet.
TZ210 VLAN20(OPT) to Untagged port(46) for VLAN20

GS752TP ports 1,2,3 all Tagged in VLAN10, VLAN20, for Trunking to Access Points In VLAN1 they still show as U which is set by the VSID. (Should this Change to VLAN10).
Port 48 tagged and connected to GS728TP port 28.
How should I configure all other ports for VSID? VLAN10?

GS728TP ports 1,2,3 all Tagged in VLAN10 & VLAN20 for Trunking to Access Points
Port 28 tagged and connected to GS752TP port 48.
How should I configure all other ports in VSID? VLAN10?

Last thing is their is a VLAN Routing and every time I enter an IP and Subnet in here, the switch says that it already exists.

Hopefully I explained the problem good enough to understand.
0
Comment
Question by:INCITE-TM
  • 2
3 Comments
 
LVL 10

Expert Comment

by:tmoore1962
Comment Utility
all other ports should be in the wired lan vlan10 as untagged tz210 tag both vlan on lan port and config to do dhcp on vlan 20 at least assuming you have server to handle vlan 10 scope.
0
 

Accepted Solution

by:
INCITE-TM earned 0 total points
Comment Utility
The problem appeared to be that I connected the switches to the network while I was configuring them. The VLAN1 appeared to link to the Networks business IP scheme, and when I manually changed that to a different IP address for management, something was still relating the business IP address to VLAN1 which seemed to be messing up the internal routing of DHCP for the rest of the VLANS.

I reset the two switches to the factory defaults, programmed them off line (No DHCP Servers to configure IP addresses), set the VLAN1 IP addresses manually and configured VLAN10 and VLAN20 and all tagged and un-tagged ports and everything worked perfectly in 15 minutes.

So my solution to my problem is not to connect the Netgear switched to the network until after the VLANs are configured.  I am not going to figure out the why, but this did resolve the issue in 15 minutes after wasting hours saying why isn't this working correctly.
0
 

Author Closing Comment

by:INCITE-TM
Comment Utility
This is what solved the issue.
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Join & Write a Comment

If you are thinking of adopting cloud services, or just curious as to what ‘the cloud’ can offer then the leader according to Gartner for Infrastructure as a Service (IaaS) is Amazon Web Services (AWS).  When I started using AWS I was completely new…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now