Setting up first VLAN
I am looking to split my network into several smaller vlans. I have never used vlans fully before however I understand the concept and the terminology.
So here goes - my setup includes, 5 dell 3448p switches. (can only stack 4 so they are all in standalone mode).
These 5 switches plug into a Netgear Prosafe GS724T which then plugs into a SonicWALL NSA2600.
I am using port 3 on 1 switch to test at the moment.
On my 3 devices I have created 2 VLANs, Phones VLANID:2 and PCs VLANID:4
On my SonicWALL I have added the VLANs to interface 0 which is where the netgear plugs in to and everything currently talks on a normal subnet.
On the 3448p I have set up the port as "General" with a PVID of 2, under the VLAN membership settings I have 2 as untagged and 4 as tagged.
Now i think i am heading in the right direction here, however i don't know what to change on my netgear. As all the ports from the 3448p will be forwarded through it, and i don't want to kick all the computers on that switch off the network fiddling around with it.
I will also have a VLAN with an ID of 5 which other ports from the same switch could use.
any suggestions or feedback is appreciated.
So here goes - my setup includes, 5 dell 3448p switches. (can only stack 4 so they are all in standalone mode).
These 5 switches plug into a Netgear Prosafe GS724T which then plugs into a SonicWALL NSA2600.
I am using port 3 on 1 switch to test at the moment.
On my 3 devices I have created 2 VLANs, Phones VLANID:2 and PCs VLANID:4
On my SonicWALL I have added the VLANs to interface 0 which is where the netgear plugs in to and everything currently talks on a normal subnet.
On the 3448p I have set up the port as "General" with a PVID of 2, under the VLAN membership settings I have 2 as untagged and 4 as tagged.
Now i think i am heading in the right direction here, however i don't know what to change on my netgear. As all the ports from the 3448p will be forwarded through it, and i don't want to kick all the computers on that switch off the network fiddling around with it.
I will also have a VLAN with an ID of 5 which other ports from the same switch could use.
any suggestions or feedback is appreciated.
Sounds like you have a "router on a stick" topology, where int0 of your SonicW is the intervlan router, and the Netgear switch is the distribution switch. You would need a trunk port for each of the Dell switches so that all VLANs traffic pass back and forth, and another trunk port toward the SonicWall
1. Separate your vlans a bit, 10, 20, 30 is common. That was if 20 is phones and you need more space you can use 21.
2. I recommend using /24 for each vlan and using the vlan number in the ip. So 10.10.30.x is Vlan 30. It really helps organize things.
every switch needs to know about all the vlans and every port from switch to switch and to router needs to have all vlans tagged (usually called a trunk port).
The sonicwall needs to have all the sub interfaces added, I'd suggest .1 for each subnet. That will be the gateway for each vlan.
If you are using dhcp on anothe box, make an address object for your dhcp server and use ip helper In the sonicwall to forward dhcp packets from each vlan. Then add the scopes to the dhcp server. If the sonicwall is doing dhcp you can just add multiple scopes.
If you dont have much vlan to vlan traffic, each vlan is just going out to the Internet, this isn't a bad setup.
2. I recommend using /24 for each vlan and using the vlan number in the ip. So 10.10.30.x is Vlan 30. It really helps organize things.
every switch needs to know about all the vlans and every port from switch to switch and to router needs to have all vlans tagged (usually called a trunk port).
The sonicwall needs to have all the sub interfaces added, I'd suggest .1 for each subnet. That will be the gateway for each vlan.
If you are using dhcp on anothe box, make an address object for your dhcp server and use ip helper In the sonicwall to forward dhcp packets from each vlan. Then add the scopes to the dhcp server. If the sonicwall is doing dhcp you can just add multiple scopes.
If you dont have much vlan to vlan traffic, each vlan is just going out to the Internet, this isn't a bad setup.
So to try and simplify things I pulled all of the ports out of the 3448p last night and only connected test ones. Still not having much luck though, so what I have is.
192.168.11.1 - vlan2 gateway on SonicWALL - connected to 3448p port 14
192.168.11.2 - phone - Plugged in to port 14 on 3448p
192.168.12.1 - vlan4 gateway on SonicWALL - - connected to 3448p port 14
192.168.12.2 - PC connected through phone
here are some screenshots of my configuration, all this setup is temporary and I will use different IP's and Vlans etc once I get it all working.
At the moment neither my pc or phone is connecting.
pcvlan.png
phonevlan.png
portinuse.png
port-to-sw.png
sonicwallconfig.png
192.168.11.1 - vlan2 gateway on SonicWALL - connected to 3448p port 14
192.168.11.2 - phone - Plugged in to port 14 on 3448p
192.168.12.1 - vlan4 gateway on SonicWALL - - connected to 3448p port 14
192.168.12.2 - PC connected through phone
here are some screenshots of my configuration, all this setup is temporary and I will use different IP's and Vlans etc once I get it all working.
At the moment neither my pc or phone is connecting.
pcvlan.png
phonevlan.png
portinuse.png
port-to-sw.png
sonicwallconfig.png
So, managed to get this working on my PC/phone and it can connect to my internal LAN fine. the problem was that i had to TAG both networks on the trunk from the 3448 to the SW, something i didn't think of as i thought being a trunk it would just relay whatever the other ports sent through.
Vlan1 is native and should Be used only for management interfaces on switches and routers and access points, etc...
All ports to computers should be Untagged with their vlan and also set the pvid to that vlan. The pvid is what tag gets applied to Untagged incoming packets.
All ports to switches and routers should be either tagged all, or for the sonicwall most setups use Untagged 1 tagged all the rest.
Be careful not to lock yourself out. One of the first things I do to a switch is make a port Untagged vlan1 pvid 1 so I can plug a laptop into it and get to the management interface.
All ports to computers should be Untagged with their vlan and also set the pvid to that vlan. The pvid is what tag gets applied to Untagged incoming packets.
All ports to switches and routers should be either tagged all, or for the sonicwall most setups use Untagged 1 tagged all the rest.
Be careful not to lock yourself out. One of the first things I do to a switch is make a port Untagged vlan1 pvid 1 so I can plug a laptop into it and get to the management interface.
Premium Content
You need an Expert Office subscription to comment.Start Free Trial