- (1) Cisco SG250 26P PoE switch
- (2) Ruckus WiFi ZoneFlex R610 access points (using their Unleashed setup)
I'm about to create/implement my first VLAN's, I'm pretty stoked I finally get to play with VLAN's. I've been doing IT/networking since 1991 but never did VLAN's. I've configured Sonicwall firewalls from scratch but this is my first Cisco device I get to admin; thankfully it has a GUI. I've already researched the heck out of VLAN's, trunk ports, tagging, & more, & I feel I'm ready to do it. I have the freedom to create this new network as if it were the original network built for this office. Almost all the employees are out of town for next week so it's an ideal time to build a new network. There are no Windows servers or any network services on this WiFi network; all that stuff is on the "corporate" network. This WiFi network I'm replacing/upgrading is what could be referred to as a "rogue" network that this department installed themselves just so they'd have faster Internet.
I'm creating VLAN's so our business can separate the Guest WiFi traffic to its own VLAN but also allow some inter-VLAN routing to allow our screen-sharing solution (Airtame) that guests will be using to talk to our big screens in the conf rooms, which will remain on our internal/business VLAN.
We currently have a Netgear Orbi Pro WiFi network setup but that's not quite robust/sophisticated enough for what we need to do. I'm keeping this existing Orbi WiFi network hardware as-is so I have a safety net I can go back to in case I have problems creating our new WiFi network.
So, what I need is to know all the little things I need to make sure I do & don't do. For example, in my research on VLAN's, I came across one guy who talked about making sure one VLAN (or maybe it was a port?) was untagged, otherwise you'd have no admin access to the AP. I don't know enough about VLAN's to know if he is correct about that. So I'm asking the Experts here to toss me some guidance please.
My plan is to:
1) Create VLAN20 (business VLAN) & VLAN30 (Guest VLAN) on the Cisco switch (this switch does inter-vlan routing too)
2) Configure the Guest WiFi traffic on the AP's to be tagged for VLAN30 (I'm assuming the "master" Ruckus AP will act as the network's DHCP server(s))
3) Configure any inter-VLAN routing needed to make the Airtame work ( https://help.airtame.com/install-and-setup/deployment-guide/network-integration-setup
Some specific things I'm wondering about:
- DHCP: do I need multiple DHCP servers, one for each VLAN?
- IP addressing: does it matter what IP addressing I use? Can I use 192.168.20.0 for VLAN20 & 192.168.30.0 for VLAN30 for example? We're currently using 192.168.1.0 addressing on our WiFi network but I can use whatever I want; not worried about existing printers or other things on the network - I'll reconfigure them as needed once I get the new network operational. We'll probably never lease out more than 80 IP addresses at any given time, it's a small group here, only 20 employees currently.
- Do I need a firewall for any reason to allow/restrict specific access between the VLAN's?
- Do I need a router to handle the inter-VLAN routing? (not if the switch does inter-VLAN routing, right?)
I'll stop here. I'm sure I'll have more questions but this will help me tremendously for the moment. Thanks for your help!