I have at the momment our network on one vlan.
I want to break this up
201 staff wireless
202 student wireless
How do I setup the 200 vlan for the servers do all the servers ports need to be tagged for the other vlans to talk to them. And then the uplinks from the other switches to be tagged with vlan 200 so the machine can talk to the servers. I have hp and mostly netgear switches.
The way you do it is to set ports on the switches to a VLAN as untagged (for all individual devices), and then any uplink ports should have all the VLANs which will traverse them set as tagged on them.
So, to set a port on a HP switch to vlan 200, you need to enter
vlan 200 untagged PORT-NUMBER
Tagged ports are only used in situations where a device will use multiple vlans (eg. other connected switches).
One comment on the mix of switches. I was told, when I was setting up vlans on our network that there could be oddities with mixed brands of switches as different manufacturers implement vlans differently. Dunno how true this is though, as I only have hp switches on our network.
Oh right I see. So all the server ports are set to untagged and anything other devices are set to untagged but to get the other switches and the devices connected to thoses other switches to talk to the servers the uplink ports must be set to tagged.
Precisely. Bear in mind that the 'default vlan', ie. the one which the switches communicate with each other on, has to be tagged on all uplink ports too. This is usually vlan 1.
Originally Posted by ful56_uk
I am sure others will have experience of using VLAN on a mixture of manufacturers equipment and will correct me. As far as I know HP kit uses IEEE 802.1Q as its method of VLAN tagging, assuming that Netgear use the same standard then there should be no problems.
Originally Posted by localzuk
Each VLAN also requires its own subnet, for example:
Servers - VLAN 200 - 172.16.200.1/24 (254 Hosts)
Staff Wireless - VLAN 201 - 172.16.201.1/24 (254 Hosts)
Student Wireless - VLAN 202 - 172.16.202.1/24 (254 Hosts)
You would also require a Layer 3 Switch / Router.
When you create a VLAN interface on the L3 Switch / Router the IP address would for example be:
VLAN 200 - 172.16.200.254 (253 Hosts Available)
VLAN 201 - 172.16.201.254 (253 Hosts Available)
VLAN 202 - 172.16.202.254 (253 Hosts Available)
The VLAN Interface IP Address would then be the Default Gateway for each VLAN, this will then allow each VLAN to see / communicate with each other.
You can also set up various Basic / Advanced ACL Rules to dis/allow communication between VLANs / specific IP addresses.