I have
2 Edgeswitch 48Port POE 500W
1 ES-24-LITE switch.
1 TZ400 Sonicwall firewall.
1 Edgewater EdgeMarc 200AE2 Firewall
28 UAP-Pro APs.
15 VOIP Polycom Phones.
Windows Server 2012 Domain, DHCP Server
1 Network Jack by each computer
Currently im on a Class C Subnet and running out of IPs. I would like to have 2 wireless networks 1 for Corporate and other for Guests/CellPhones.
I want the VOIP Phones to be on their own subnet and to route through the EdgeMarc.
I would like to force all phones to use the Guest Wireless Lan.
I would like all Desktops to be on the Corporate LAN and get IPs from Server.
Can someone guide me on how the Switches, Sonicwall and APs need to be configured?
* VLANWindows Server 2012* subnetting* ubiquity
Last Comment
Cliff Galiher
8/22/2022 - Mon
Cliff Galiher
I can tell you that everything you want can be done with the equipment you have...except perhaps the Edgewater. I am not familiar with its VLAN support. "FORCING" phones to the guest is also going to be a bit tricky. Since you want the VOiP phones on their own VLAN, I assume you meant you wanted to force personal cell phones onto the guest.
Ideally, you'd set up WPA-Enterprise and use certificates. If only corporate devices, only they can get on the corp network.
The *how* is a ton of documentation. Every piece of equipment you listed does it differently, and often has multiple ways of configuring these things depending on your preferred behavior. There is no good way to cut and paste that much information here.
My recommendation is to start with your product documentation and then ask specific questions when you get stuck.
noclav
ASKER
Your correct lets break this down a bit.
Lets use this setup
Vlan 10 - management
Vlan 20 - Wireless Lan Guest/Cellphones
Vlan 30 - Wireless Lan Private
Vlan 40 - Desktops Private
Vlan 50 - Voip Desk Phones
(Not sure if this is the correct way) On the first 48 Port Switch I would Tag ports 2-30 (APs connected to these Ports) to be Vlan 20 and 30 and make them trunk ports.
On the Second 48 Port Switch i would tag ports 2-20 (Phones will be connected to these ports) Vlan 50
So from just this info my question would be how should the uplink ports between the switches be setup?
Your right probably better to have both vlan 30 and 40 the same. I have never done a setup like this so i would like to know really what the best way to do this. I dont want to have to redo this network in the future. I am laying this out on visio as we communicate.
noclav
ASKER
Here is a drawing. The VOIP Phones will connect to the jack and the computers will connect to the phones. I would like to be able to plug the phones in any of the two 48 port switches since they have POE. I would like the phones to get DHCP from the Edgemark and the computer to get Ips from the Server. As for the APs i would like the wlan-private to get ips from the server and the wlan-guest get ips from the Sonicwall. If there is a better configuration let me know? Vlan-diag.pdf
noclav
ASKER
purchased an ES-24-LITE switch and a UAP-AC-PRO. I have the AP connected to port 13 and made that port a trunk port. I setup two SSIDs on the AP with VLan 20 and 30. I have my sonicwall connected to port 23 on the ES and made that port a trunk as well. I have a windows server connected to port 5 and a pc connected to port 1. I created 3 vlans on the EdgeSwitch. VLan 10 -Voip, Vlan 20 for Guest Wifi, Vlan30 for Private Wifi. For VID 1(default) all ports are Untagged. VID10(Voip) All are Excluded. VID20 (Guest) 13 and 23 are Tagged. VID30 (Private) 13 and 23 are Tagged.
On the sonicwall i have a Virtual Port VlD20 (X0:V20) on a different subnet and dhcp enabled for that Interface. When i connect to the guest wifi i get an ip from the sonicwall. So guest wifi works ok.
I would like when i connect a network device to any other port or an unmanaged switch port i want it to get an ip from the server. Also i would like wireless clients that connect to VID30 to get an ip from the server because some of the wireless clients on VID30 are part of the domain. (or is there a better method.)
I would like when i connect a network device to any other port or an unmanaged switch port i want it to get an ip from the server. Also i would like wireless clients that connect to VID30 to get an ip from the server because some of the wireless clients on VID30 are part of the domain. (or is there a better method.)
What needs to be done to accomplish this part?
Cliff Galiher
You need to configure those ports (and any port that connects to an unmanaged switch) to be on the VLAN you want. Note that unmanaged switches will ONLY be able to participate on that VLAN.
Im trying to see how Tagged, Untagged and Exclude work. So I have a Server that gives out IPs of .168.x that is connected to the unmanaged switch which that switch is connected to port 24. I have my sonicwall that has a Vlan 30 Configured with DHCP to give out address of .169.x on port 23. When i connect a laptop to port 7 i should get the ip from the sonicwall but instead i get an ip of the Server range of 168.100
i tagged port 23 for VLan 30 i saw that in the pic it was untagged.
Cliff Galiher
This is where my previous suggestion of mapping out your network logically (not necessarily physically) helps.
If you have a DHCP server on your SonicWALL with a VLAN 30 range, and you have a server with DHCP on VLAN 30...DHCP is broadcast. You'll get an IP address from whichever answers first. That isn't really anything to do with VLANs...if you had *just* an unmanaged switch and set up DHCP on both devices, you'd have the same result. Your VLAN is just a "virtual" network and has to be thought of the same way. If you re-read what you described (so far), that's the problem. Unless you left something out.
sorry for the confusion.
If i connect a laptop in a port that is tagged 30 and connected another device in another port tagged 30 then in theory they should not see the other vlans. (I dont have routing enabled on the switch.) I think what is happening is that the sonicwall is routing between the 2 vlans. This is why im getting an ip from the server connected to the default Vlan(1)
Can this be true?
noclav
ASKER
i got it now. i had to exclude the port from the default vlan
Cliff Galiher
Sounds like you need to read more about how VLAN tagging works. You'll definitely have problems getting DHCP and outbound traffic to work if your packets aren't getting on the right VLAN. For ports that are on multiple VLANs, that does mean that *something* has to identify which VLAN a particular packet belongs to. That's where "tagging" comes in.
Ideally, you'd set up WPA-Enterprise and use certificates. If only corporate devices, only they can get on the corp network.
The *how* is a ton of documentation. Every piece of equipment you listed does it differently, and often has multiple ways of configuring these things depending on your preferred behavior. There is no good way to cut and paste that much information here.
My recommendation is to start with your product documentation and then ask specific questions when you get stuck.