Jeff Brubaker
asked on
VLAN setup on a Netgear L2 Switch
Hello,
I am trying to setup a VLAN on a Netgear Smart Managed Pro Switch (GS728TPPv2)
The sole purpose of this VLAN would be to isolate my guest Wi-FI which happens to be broadcast by Ubiquiti access points.
I've come across several KB articles on Netgear's website but they are not consistent with the model switch I am working with. So the one that closest resembles what I'm working with is this:
https://kb.netgear.com/29997/How-to-create-Layer-2-VLANs-on-NETGEAR-ProSAFE-Switches
Here are the steps I have performed:
1. Created the VLAN on my SonicWall firewall, configured DHCP for the VLAN
2. On the Netgear switch, created the VLAN (VLAN10)
3. On VLAN10, I am tagging the ports where my access point and SonicWall is plugged in to. Is that correct?
4. The other ports on the switch are computers, printers and other LAN devices. Do I untag these ports or leave them blank?
5. Do I need to tag or untag anything on the default VLAN (VLAN 1)?
6. On the Netgear switch, do I need to enable and configure VLAN routing?
Any assistance will be greatly appreciated!
I am trying to setup a VLAN on a Netgear Smart Managed Pro Switch (GS728TPPv2)
The sole purpose of this VLAN would be to isolate my guest Wi-FI which happens to be broadcast by Ubiquiti access points.
I've come across several KB articles on Netgear's website but they are not consistent with the model switch I am working with. So the one that closest resembles what I'm working with is this:
https://kb.netgear.com/29997/How-to-create-Layer-2-VLANs-on-NETGEAR-ProSAFE-Switches
Here are the steps I have performed:
1. Created the VLAN on my SonicWall firewall, configured DHCP for the VLAN
2. On the Netgear switch, created the VLAN (VLAN10)
3. On VLAN10, I am tagging the ports where my access point and SonicWall is plugged in to. Is that correct?
4. The other ports on the switch are computers, printers and other LAN devices. Do I untag these ports or leave them blank?
5. Do I need to tag or untag anything on the default VLAN (VLAN 1)?
6. On the Netgear switch, do I need to enable and configure VLAN routing?
Any assistance will be greatly appreciated!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
we used tagged port for AP point , if these access point with wireless controller have multiple vlan / multiple SSID
your private wifi must be isolated from the guest , so if am not wrong you should have multiple vlans , vlan10 for wifi and vlanX for private network
in your case : FYI if this matters or not, the Ubiquiti Access point broadcasts the guest, and our private wi-wif.
your private wifi must be isolated from the guest , so if am not wrong you should have multiple vlans , vlan10 for wifi and vlanX for private network
ASKER
Ok I see what you are saying but from reading other articles, the article says that that all traffic can pass through a VLAN and then the Ubiquiti Controller allows you to configure the networks and assign the VLANS in the controller. Does that make sense? I don't recall seeing the need for an additional VLAN for the private wifi.
Yes you are correct
ASKER
I will play around with this in the next day or two and let you know if I get it working. Thanks!
ASKER
It appears to be working!
1. In VLAN10 I tagged the ports that my SonicWall, Ubiquiti Access Point and Ubiquity Controller are plugged in to. I untagged all other ports.
2. In the Ubiquiti Controller, I created an alternate network and assigned it to VLAN 10
3. In the Ubiquiti Controller, I created a new Wireless Network and assigned it to the alternate network that is using VLAN 10.
I am able to connect to both the private and guest wireless networks without any problems.
1. In VLAN10 I tagged the ports that my SonicWall, Ubiquiti Access Point and Ubiquity Controller are plugged in to. I untagged all other ports.
2. In the Ubiquiti Controller, I created an alternate network and assigned it to VLAN 10
3. In the Ubiquiti Controller, I created a new Wireless Network and assigned it to the alternate network that is using VLAN 10.
I am able to connect to both the private and guest wireless networks without any problems.
Great job 👏
ASKER
Thanks for your help. One question, I didn't do anything with PVID. Is that necessary? Seems to be working regardless.
A Port VLAN ID (PVID) is a default VLAN ID that is assigned to an untagged port to designate the virtual LAN segment to which this port is connected
Usually configured on Trunk ports
https://youtu.be/yFvvEet6POA
Usually configured on Trunk ports
https://youtu.be/yFvvEet6POA
ASKER
Thanks for your help on this. It's working great on the switch where my router is plugged in. Now I want to trunk 3 identical switches. They are all connected by SFP
So I understand I must create the same VLAN on each of the other switches.
Now I just have a couple questions to see if I can get it working
1. I tagged the SFP ports on VLAN 10
2. I must assigned the PVID on each SFP port on all switches to 10, is that correct?
3. Do I need to change the PVID on the ports that my access points use?
So I understand I must create the same VLAN on each of the other switches.
Now I just have a couple questions to see if I can get it working
1. I tagged the SFP ports on VLAN 10
2. I must assigned the PVID on each SFP port on all switches to 10, is that correct?
3. Do I need to change the PVID on the ports that my access points use?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
- The SonicWall is plugged in to this switch
- I have a Ubiquiti Cloud Key Controller. I'm assuming this needs to be tagged in VLAN10 also?
- I don't have any other VLAN's except for the default
- The switch has SFP ports also, and two other identical switches are connected by SFP. For now I am happy just to get the main one working with the VLAN10. I'll configure the others later.
FYI if this matters or not, the Ubiquiti Access point broadcasts the guest, and our private wi-wif.
Thanks