Inter VLAN routing with a wireless twist (Cisco SG300, Engenius EAP600)
I have two Cisco SG300 switches (which I am configuring with the GUI). I also have an Engenius EAP600 WAP that has two VLANs setup (1 and 2).
I need to make it so that VLAN 1 can access VLAN 2, and the internet (router local interface on VLAN 1).
I also need to make it so that VLAN 2 can access VLAN 1, but not the internet (I can configure the router to block VLAN 2 IPs outbound)
Current setup:
Windows SBS 2008 with two DHCP scopes: 172.16.10.0/24 (VLAN 1), 10.1.1.0/24 (VLAN 2)
Cisco 1941 ISR: 172.16.10.1
Cisco SG300-52 Layer 3 Switch: 2 of them connected via LAG 1 [four gigabit ports]
Engenius EAP600: 3 of them configured with VLAN 1 and VLAN 2 (untagged, not currently isolated)
I have tried to configure this numerous ways, and have followed numerous instructions. I'm about to slam my head in the door on this one. When I connect via the SSID on VLAN 2, I get no IP address (if the profile is isolated). If I do get an IP (when the profiles are not isolated), I get a VLAN 1 IP address. I have tried connecting directly to the switch via cable (to a port that is assigned to VLAN 2), and received no IP address.
I'm obviously doing something wrong. Is there someone that would be willing to treat me like I don't know anything and help me through this?
I need to make it so that VLAN 1 can access VLAN 2, and the internet (router local interface on VLAN 1).
I also need to make it so that VLAN 2 can access VLAN 1, but not the internet (I can configure the router to block VLAN 2 IPs outbound)
Current setup:
Windows SBS 2008 with two DHCP scopes: 172.16.10.0/24 (VLAN 1), 10.1.1.0/24 (VLAN 2)
Cisco 1941 ISR: 172.16.10.1
Cisco SG300-52 Layer 3 Switch: 2 of them connected via LAG 1 [four gigabit ports]
Engenius EAP600: 3 of them configured with VLAN 1 and VLAN 2 (untagged, not currently isolated)
I have tried to configure this numerous ways, and have followed numerous instructions. I'm about to slam my head in the door on this one. When I connect via the SSID on VLAN 2, I get no IP address (if the profile is isolated). If I do get an IP (when the profiles are not isolated), I get a VLAN 1 IP address. I have tried connecting directly to the switch via cable (to a port that is assigned to VLAN 2), and received no IP address.
I'm obviously doing something wrong. Is there someone that would be willing to treat me like I don't know anything and help me through this?
Is the Windows server connected to a port that is configured as a trunk? If so, is VLAN1 and VLAN2 both tagged?
It sounds like the BOOTP requests are not getting to the Windows server "correctly." Like the Windows server is setup to use VLAN1 untagged and the WAP is sending VLAN2 traffic untagged.
It sounds like the BOOTP requests are not getting to the Windows server "correctly." Like the Windows server is setup to use VLAN1 untagged and the WAP is sending VLAN2 traffic untagged.
I am so sorry I have not responded. We were so busy that night trying to get things resolved that I forgot I had a question posted.
It turned out that the EnGenius units, though they say they can handle VLAN tagging -- were not tagging traffic correctly so the switch port setup was not working. We abandoned the EnGenius units and moved on to new hardware.
It turned out that the EnGenius units, though they say they can handle VLAN tagging -- were not tagging traffic correctly so the switch port setup was not working. We abandoned the EnGenius units and moved on to new hardware.
Premium Content
You need an Expert Office subscription to comment.Start Free Trial