If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.
Multiple Subnets with VLans
I have
2 Edgeswitch 48Port POE 500W
1 ES-24-LITE switch.
1 TZ400 Sonicwall firewall.
1 Edgewater EdgeMarc 200AE2 Firewall
28 UAP-Pro APs.
15 VOIP Polycom Phones.
Windows Server 2012 Domain, DHCP Server
1 Network Jack by each computer
Currently im on a Class C Subnet and running out of IPs. I would like to have 2 wireless networks 1 for Corporate and other for Guests/CellPhones.
I want the VOIP Phones to be on their own subnet and to route through the EdgeMarc.
I would like to force all phones to use the Guest Wireless Lan.
I would like all Desktops to be on the Corporate LAN and get IPs from Server.
Can someone guide me on how the Switches, Sonicwall and APs need to be configured?
2 Edgeswitch 48Port POE 500W
1 ES-24-LITE switch.
1 TZ400 Sonicwall firewall.
1 Edgewater EdgeMarc 200AE2 Firewall
28 UAP-Pro APs.
15 VOIP Polycom Phones.
Windows Server 2012 Domain, DHCP Server
1 Network Jack by each computer
Currently im on a Class C Subnet and running out of IPs. I would like to have 2 wireless networks 1 for Corporate and other for Guests/CellPhones.
I want the VOIP Phones to be on their own subnet and to route through the EdgeMarc.
I would like to force all phones to use the Guest Wireless Lan.
I would like all Desktops to be on the Corporate LAN and get IPs from Server.
Can someone guide me on how the Switches, Sonicwall and APs need to be configured?
Who is Participating?
Experts Exchange Solution brought to you by ConnectWise
Enjoy your complimentary solution view.
Get every solution instantly with premium.
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
Your correct lets break this down a bit.
Lets use this setup
Vlan 10 - management
Vlan 20 - Wireless Lan Guest/Cellphones
Vlan 30 - Wireless Lan Private
Vlan 40 - Desktops Private
Vlan 50 - Voip Desk Phones
(Not sure if this is the correct way) On the first 48 Port Switch I would Tag ports 2-30 (APs connected to these Ports) to be Vlan 20 and 30 and make them trunk ports.
On the Second 48 Port Switch i would tag ports 2-20 (Phones will be connected to these ports) Vlan 50
So from just this info my question would be how should the uplink ports between the switches be setup?
Lets use this setup
Vlan 10 - management
Vlan 20 - Wireless Lan Guest/Cellphones
Vlan 30 - Wireless Lan Private
Vlan 40 - Desktops Private
Vlan 50 - Voip Desk Phones
(Not sure if this is the correct way) On the first 48 Port Switch I would Tag ports 2-30 (APs connected to these Ports) to be Vlan 20 and 30 and make them trunk ports.
On the Second 48 Port Switch i would tag ports 2-20 (Phones will be connected to these ports) Vlan 50
So from just this info my question would be how should the uplink ports between the switches be setup?
That is a valid configuration. But a VLAN *is* a layer-2 and 3 boundary. That matters because, just to be clear, any device on VLAN 40 cannot directly see any device on VLAN 30 (and vice versa.) But splitting your private networks into wired and wireless, any traffic between them will need to be routed. The SonicWALL can do this, but it'd mean traffic potentially up and back down to the same switch. If that is intended (and there are times when a design calls for this), fine. But if not, you'll want to rethink that.
How you configure the uplink ports really depends on your topology. If each switch is being connected to the SonicWALL, then you'd want the upstream ports to be tagged with any VLAN that needs to route across the SonicWALL. So potentially all 5.
If you are going switch-switch-SonicWALL though, then you may configure them differently. Plus there is that other router in the mix. If that gets a separate uplink port then maybe only VLAN 50 goes on that.
Topology matters here. You're rather designing your network backwards. Start at the higher layers. Figure out your logical design. That'll tell you what VLANs to create. Then figure out your physical design. That'll tell you which VLANs go where. And by the time you've done that, the questions you are asking will be self-answering.
How you configure the uplink ports really depends on your topology. If each switch is being connected to the SonicWALL, then you'd want the upstream ports to be tagged with any VLAN that needs to route across the SonicWALL. So potentially all 5.
If you are going switch-switch-SonicWALL though, then you may configure them differently. Plus there is that other router in the mix. If that gets a separate uplink port then maybe only VLAN 50 goes on that.
Topology matters here. You're rather designing your network backwards. Start at the higher layers. Figure out your logical design. That'll tell you what VLANs to create. Then figure out your physical design. That'll tell you which VLANs go where. And by the time you've done that, the questions you are asking will be self-answering.
Experts Exchange Solution brought to you by ConnectWise
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trial
Your right probably better to have both vlan 30 and 40 the same. I have never done a setup like this so i would like to know really what the best way to do this. I dont want to have to redo this network in the future. I am laying this out on visio as we communicate.
Here is a drawing. The VOIP Phones will connect to the jack and the computers will connect to the phones. I would like to be able to plug the phones in any of the two 48 port switches since they have POE. I would like the phones to get DHCP from the Edgemark and the computer to get Ips from the Server. As for the APs i would like the wlan-private to get ips from the server and the wlan-guest get ips from the Sonicwall. If there is a better configuration let me know?
Vlan-diag.pdf
Vlan-diag.pdf
purchased an ES-24-LITE switch and a UAP-AC-PRO. I have the AP connected to port 13 and made that port a trunk port. I setup two SSIDs on the AP with VLan 20 and 30. I have my sonicwall connected to port 23 on the ES and made that port a trunk as well. I have a windows server connected to port 5 and a pc connected to port 1. I created 3 vlans on the EdgeSwitch. VLan 10 -Voip, Vlan 20 for Guest Wifi, Vlan30 for Private Wifi. For VID 1(default) all ports are Untagged. VID10(Voip) All are Excluded. VID20 (Guest) 13 and 23 are Tagged. VID30 (Private) 13 and 23 are Tagged.
On the sonicwall i have a Virtual Port VlD20 (X0:V20) on a different subnet and dhcp enabled for that Interface. When i connect to the guest wifi i get an ip from the sonicwall. So guest wifi works ok.
I would like when i connect a network device to any other port or an unmanaged switch port i want it to get an ip from the server. Also i would like wireless clients that connect to VID30 to get an ip from the server because some of the wireless clients on VID30 are part of the domain. (or is there a better method.)
On the sonicwall i have a Virtual Port VlD20 (X0:V20) on a different subnet and dhcp enabled for that Interface. When i connect to the guest wifi i get an ip from the sonicwall. So guest wifi works ok.
I would like when i connect a network device to any other port or an unmanaged switch port i want it to get an ip from the server. Also i would like wireless clients that connect to VID30 to get an ip from the server because some of the wireless clients on VID30 are part of the domain. (or is there a better method.)
I would like when i connect a network device to any other port or an unmanaged switch port i want it to get an ip from the server. Also i would like wireless clients that connect to VID30 to get an ip from the server because some of the wireless clients on VID30 are part of the domain. (or is there a better method.)
What needs to be done to accomplish this part?
What needs to be done to accomplish this part?
You need to configure those ports (and any port that connects to an unmanaged switch) to be on the VLAN you want. Note that unmanaged switches will ONLY be able to participate on that VLAN.
Im trying to see how Tagged, Untagged and Exclude work. So I have a Server that gives out IPs of .168.x that is connected to the unmanaged switch which that switch is connected to port 24. I have my sonicwall that has a Vlan 30 Configured with DHCP to give out address of .169.x on port 23. When i connect a laptop to port 7 i should get the ip from the sonicwall but instead i get an ip of the Server range of 168.100
what am i missing?
Capture.jpg
what am i missing?
Capture.jpg
This is where my previous suggestion of mapping out your network logically (not necessarily physically) helps.
If you have a DHCP server on your SonicWALL with a VLAN 30 range, and you have a server with DHCP on VLAN 30...DHCP is broadcast. You'll get an IP address from whichever answers first. That isn't really anything to do with VLANs...if you had *just* an unmanaged switch and set up DHCP on both devices, you'd have the same result. Your VLAN is just a "virtual" network and has to be thought of the same way. If you re-read what you described (so far), that's the problem. Unless you left something out.
If you have a DHCP server on your SonicWALL with a VLAN 30 range, and you have a server with DHCP on VLAN 30...DHCP is broadcast. You'll get an IP address from whichever answers first. That isn't really anything to do with VLANs...if you had *just* an unmanaged switch and set up DHCP on both devices, you'd have the same result. Your VLAN is just a "virtual" network and has to be thought of the same way. If you re-read what you described (so far), that's the problem. Unless you left something out.
sorry for the confusion.
If i connect a laptop in a port that is tagged 30 and connected another device in another port tagged 30 then in theory they should not see the other vlans. (I dont have routing enabled on the switch.) I think what is happening is that the sonicwall is routing between the 2 vlans. This is why im getting an ip from the server connected to the default Vlan(1)
Can this be true?
If i connect a laptop in a port that is tagged 30 and connected another device in another port tagged 30 then in theory they should not see the other vlans. (I dont have routing enabled on the switch.) I think what is happening is that the sonicwall is routing between the 2 vlans. This is why im getting an ip from the server connected to the default Vlan(1)
Can this be true?
Sounds like you need to read more about how VLAN tagging works. You'll definitely have problems getting DHCP and outbound traffic to work if your packets aren't getting on the right VLAN. For ports that are on multiple VLANs, that does mean that *something* has to identify which VLAN a particular packet belongs to. That's where "tagging" comes in.
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
All Courses
From novice to tech pro — start learning today.
Experts Exchange Solution brought to you by ConnectWise
Enjoy your complimentary solution view.
Get every solution instantly with premium.
Start your 7-day free trial.
Ideally, you'd set up WPA-Enterprise and use certificates. If only corporate devices, only they can get on the corp network.
The *how* is a ton of documentation. Every piece of equipment you listed does it differently, and often has multiple ways of configuring these things depending on your preferred behavior. There is no good way to cut and paste that much information here.
My recommendation is to start with your product documentation and then ask specific questions when you get stuck.