troubleshooting Question

Use VLAN to separate WiFi from everything else

Avatar of mark_D74
mark_D74Flag for Ireland asked on
Switches / HubsRoutersNetworkingNetwork ArchitectureCisco
9 Comments1 Solution361 ViewsLast Modified:
This is a problem which has soaked up many hours over the past few days.  Currently, our school's LAN does not utilise VLANs. Now, I want to create a VLAN just for WiFi use.  I've created the following VLAN on the SonicWall NSA 250M router:

sonicwall_vlan1.JPG
which automatically enabled it's own DHCP scope: 192.168.0.2 - 254 on the X0:V100 interface.  On the Cisco SG200 Layer 2 switch to which the WAP is connected, I added the same VLAN. For testing, I have a PC on the future WAP port (no.47). So, apart from that, it now looks like this:

vlans1.jpeg
What I want to do:
I want this PC (future WAP) to exist on this new 192.168.0.x subnet and have clients access only the internet, not any servers, etc. on the existing 192.168.1.x LAN.  

Problem I'm having:
No matter what settings I use on port 47, either nothing changes regarding subnet and access to resources, or, it's completely isolated from everything including the sonicwall router.

What I've tried:
All LAN ports are set to "excluded" for VLAN 100 by default, so I've tried setting port 47 to both tagged and untagged.  For VLAN 1 (where all ports are "untagged" by default) I've tried setting port 47 to both forbidden and tagged as below:
port_to_vlan.JPG
I've also tried setting the "interface settings" for 47 to be trunk (default for everything), General and Access (with the various frame type options).
interface_settings.JPG
I've researched this thoroughly, but can't find where I'm going wrong.  Questions I have would include:
What interface should each involved port be? general, access, trunk or customer?
If general or trunk, what should the PVID be?
If general, should it be Admit All, Admit Tagged Only or Admit Untagged Only and should Ingress Filtering be enabled?
For each of VLANs 1 and 100, what should the settings be for each of ports 47 and 48?
Is there anything else I need to do on the Sonicwall? Firewall settings perhaps?

Any help would be much appreciated as I have very little hair left to tear out.
ASKER CERTIFIED SOLUTION
SIM50

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 9 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 9 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros