Setting up a trunk port on a Cisco switch?

Sir Johnston, thank you for responding back. I've confused myself and others recently.

I've attached a diagram of what my set up looks like. We have an AP. This AP gives two SSID's. One for guests, one for staff.

Staff wifi SSID is associated with VLAN ID3.
Guest Wifi SSID is associated with network 10.0.5.0/24 that is connected directly to our firewall.

Our firewall which provides DHCP for the 10.0.5.0 network is connected to our Draytek P1100 switch.
Our Access point is connected by one cable to the Draytek P1100 switch.
One ethernet cable is connected from Draytek P1100 to VLAN3 on our Cisco switch.

The Cisco switch VLAN3 is set for untagged traffic at the moment. I got help from one of the EE's, Mas, in the last post I made that in order for people to be able to connect to both staff wifi and guest wifi, I have to trunk the port on the Cisco.

Now, one thing I wanted to understand is if people connect to the Guest-Wifi, the Draytek P1100 will need to route that traffic to our firewall directly. If someone connects to the Staff-Wifi, they will need to be routed directly from the Draytek P1100 to VLAN3, right?

Sorry if I have written more than the initial subject. I've been recently baffled by the whole VLAN stuff, that's all.
VLAN.jpg

Also by default, all VLANs are allowed on the trunk port. So if you ever have a future need to not allow one of more VLANs on the trunk port, you would have to specify to remove that particular VLAN from the trunk port.

How is your Cisco switch configured right now?

What VLAN is the guest WiFi (10.0.5.0/24) on?

Hey guys,

Mas - what would be the best way for me to show that config?

Don - the guest-wifi is not configured on a VLAN. So it is setup directly on our Watchguard port, which leases out the IP's. That port is connected to just a flat vanilla switch. Then a cable from there is then connected directly to a port on our Draytek P1100 .

Guys, so just to update, I made one tiny mistake on the picture. Firewall is plugged into port 3 of the Draytek Switch. Access point is plugged into Port 2 of the Draytek switch. Port 8 of the Draytek Switch is plugged into the VLAN3.

So here's the question:

What type of link do you need from the Draytek to the Cisco switch?  

Or put another way, how many (and which) VLANs are carried on the link from the Draytek to the Cisco switch?

There's just one link from the Draytek Switch over to the Cisco. It is supposed to be the VLAN3 traffic only. So I'm assuming I don't have to do anything on the Cisco side, but instead on the Draytek Switch side?

I've got a PDF attached of the Draytek port configs. It has similarities to the Cisco GUI with port memberships.
Info.pdf

If that link only carries one VLAN, there is no need for a trunk.

Hey Mas,

I'm sitting trying here. There's all sorts of meanings with this PoE switch. Like if I create VLAN3 and go to port membership, there's things like 1UP and 2T or 2U which I'm trying to understand what they mean whilst I try to make it work.

Thanks for helping out guys. Much appreciate this.

Well, an option would be to use the Live assistance feature if it comes down to it. I'd gladly do with you in the evening if that would be more help for you (just note that isn't free).

Happily my friend, happily. If it comes down to that, where do I find out about charges etc?

If you click on live consultants, and you click on the person, it will show you their rate. (There's no one set rate, varies by the person)

I can't see you on live consultants?

I just updated, so hopefully you should see me now.

T is tagged, U is untagged.

Thanks Don for that.

Mas - I only started working on this again today, so I'll keep you posted.

I managed to get it working on just one network, which is the one on the VLAN3. The reason being is that our Cisco switch has a VLAN1 set up and the Draytek PoE also has a VLAN1 as default. Some sort of conflict is occurring here. So I'm going to need to change the VLAN1 (i.e. default) on the Cisco to another VLAN ID for these conflicts to not happen. Thanks so much for your help:).

Guys, managed to get both networks working! I followed Mas' instructions, but only restarted that Draytek PoE. That reboot, somehow kicked things in. All working.

Now, I need to post again to understand this whole trunking, tagging, untagging business:).