+ Post New Thread
Page 2 of 3 FirstFirst 123 LastLast
Results 16 to 30 of 34
Wired Networks Thread, VLANS in Technical; Talking about planning Vlans, does anyone know of a printable template which you can mark your vlans on or a ...
  1. #16
    Disease's Avatar
    Join Date
    Jan 2006
    Posts
    1,100
    Thank Post
    118
    Thanked 70 Times in 48 Posts
    Rep Power
    56
    Talking about planning Vlans, does anyone know of a printable template which you can mark your vlans on or a free bit of software that allows you to plan them?

  2. #17

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,156
    Thank Post
    522
    Thanked 2,551 Times in 1,980 Posts
    Blog Entries
    24
    Rep Power
    877
    You can only have one vlan untagged.

    If you have your device untagged on another VLAN already, then any extra VLANs are tagged. Going by what you've said earlier, you appear to have an existing wireless SSID set up. What VLAN is that on? Are the access points themselves in their own VLAN? Or are they being given addresses in the "main wireless" VLAN?

  3. #18

    Join Date
    Feb 2007
    Location
    Leicestershire
    Posts
    271
    Thank Post
    1
    Thanked 5 Times in 5 Posts
    Rep Power
    27
    Quote Originally Posted by localzuk View Post
    You can only have one vlan untagged.

    If you have your device untagged on another VLAN already, then any extra VLANs are tagged. Going by what you've said earlier, you appear to have an existing wireless SSID set up. What VLAN is that on? Are the access points themselves in their own VLAN? Or are they being given addresses in the "main wireless" VLAN?
    Nothing regarding vlans is setup at the moment. We just have two ssids setup;

    school
    school_guest

    These both go to the same place at the moment. Just running around the school to look at what switches we have;

    2x Allied Telesis AT-GS900/24
    1x HP Procurve 2610-24 (J9085A)
    3x HP Procurve 1800-24G (J9028B)

    I know the 2610 supports tagging but i'm not 100% sure the Allied Telesis does. I'll investigate this.

  4. #19

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,156
    Thank Post
    522
    Thanked 2,551 Times in 1,980 Posts
    Blog Entries
    24
    Rep Power
    877
    Ok, if I were doing it, and the switches can handle tagging I would do it like this

    Switches/Wifi - VLAN 1 (default VLAN/Management VLAN) (untagged)
    Guest Wifi - VLAN 10 (tagged)
    Main Wifi - VLAN 11 (tagged)

  5. #20

    Join Date
    Feb 2007
    Location
    Leicestershire
    Posts
    271
    Thank Post
    1
    Thanked 5 Times in 5 Posts
    Rep Power
    27
    Quote Originally Posted by localzuk View Post
    Ok, if I were doing it, and the switches can handle tagging I would do it like this

    Switches/Wifi - VLAN 1 (default VLAN/Management VLAN) (untagged)
    Guest Wifi - VLAN 10 (tagged)
    Main Wifi - VLAN 11 (tagged)
    Really sorry for all the questions, i've always been useless at VLANs.

    The main wifi ssid would want to talk to the main network devices etc. If it was tagged as vlan 11 would it be able to do that?

  6. #21

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,156
    Thank Post
    522
    Thanked 2,551 Times in 1,980 Posts
    Blog Entries
    24
    Rep Power
    877
    Ok, now you're talking about the inter-VLAN routing.

    Basically, you would want some form of routing device, be it a switch that has the capability (this is the best option), or a separate router. You'd then enable inter-vlan routing, so all VLANs would be able to communicate with each other. If you don't want the guest wifi to be able to access everything, you then add ACL rules to prevent it being able to communicate with things.

    By default, VLANs won't communicate with each other.

  7. #22

    Join Date
    Feb 2007
    Location
    Leicestershire
    Posts
    271
    Thank Post
    1
    Thanked 5 Times in 5 Posts
    Rep Power
    27
    Quote Originally Posted by localzuk View Post
    Ok, now you're talking about the inter-VLAN routing.

    Basically, you would want some form of routing device, be it a switch that has the capability (this is the best option), or a separate router. You'd then enable inter-vlan routing, so all VLANs would be able to communicate with each other. If you don't want the guest wifi to be able to access everything, you then add ACL rules to prevent it being able to communicate with things.

    By default, VLANs won't communicate with each other.
    could i then in theory have the main wifi on vlan 1 (untagged)

  8. #23

    Oaktech's Avatar
    Join Date
    Jul 2011
    Location
    Bournemouth
    Posts
    2,988
    Thank Post
    842
    Thanked 584 Times in 456 Posts
    Rep Power
    276
    Quote Originally Posted by nathan View Post
    Really sorry for all the questions, i've always been useless at VLANs.

    The main wifi ssid would want to talk to the main network devices etc. If it was tagged as vlan 11 would it be able to do that?
    That is a question for either a Layer3 switch or a router. We have no inter vlan routing and exclusion ACLs for our setup as that is the whole point of the guest wifi.

    But if you have a half decent core switch or control of your router you should be able to do that. Our inter vlan routing is done by our core switch as that has the lowest distance overhead.

  9. #24

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,156
    Thank Post
    522
    Thanked 2,551 Times in 1,980 Posts
    Blog Entries
    24
    Rep Power
    877
    Quote Originally Posted by nathan View Post
    could i then in theory have the main wifi on vlan 1 (untagged)
    You could, yes.

  10. #25

    Oaktech's Avatar
    Join Date
    Jul 2011
    Location
    Bournemouth
    Posts
    2,988
    Thank Post
    842
    Thanked 584 Times in 456 Posts
    Rep Power
    276
    Quote Originally Posted by nathan View Post
    could i then in theory have the main wifi on vlan 1 (untagged)
    If thats where everything else lives then sure...

  11. #26

    Join Date
    Feb 2007
    Location
    Leicestershire
    Posts
    271
    Thank Post
    1
    Thanked 5 Times in 5 Posts
    Rep Power
    27
    Quote Originally Posted by Oaktech View Post
    That is a question for either a Layer3 switch or a router. We have no inter vlan routing and exclusion ACLs for our setup as that is the whole point of the guest wifi.

    But if you have a half decent core switch or control of your router you should be able to do that. Our inter vlan routing is done by our core switch as that has the lowest distance overhead.
    We don't want to separate our main wifi, just our guest one. We don't have control of our router but we've been told it can be easily setup.

  12. #27

    Join Date
    Feb 2007
    Location
    Leicestershire
    Posts
    271
    Thank Post
    1
    Thanked 5 Times in 5 Posts
    Rep Power
    27
    Brill, thanks guys.

    All i want to do is make sure the guest wifi is nowhere near our network and only has internet access.

  13. #28

    Join Date
    May 2010
    Posts
    1,116
    Thank Post
    108
    Thanked 101 Times in 76 Posts
    Rep Power
    51
    Is it considered best practice to use vlan 1 ? I'm having issues configuring routing on a netgear L3 switch because vlan 1 is considered the management vlan so I've been experimenting moving the domain to use a different vlan instead (and not having the best of luck)

  14. #29

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,156
    Thank Post
    522
    Thanked 2,551 Times in 1,980 Posts
    Blog Entries
    24
    Rep Power
    877
    Best Practice is for VLAN 1 to be used for Switch/Network gear management only. Everything else should be on other VLANs ideally.

  15. #30

    Join Date
    May 2010
    Posts
    1,116
    Thank Post
    108
    Thanked 101 Times in 76 Posts
    Rep Power
    51
    So essentially the switch should look like this ?

    vlans2.jpg

    The only thing I think that is wrong on there is that ports 1,23,24 should be tagged on vlan 10 to carry vlan 10 from switch to switch ?

SHARE:
+ Post New Thread
Page 2 of 3 FirstFirst 123 LastLast

Similar Threads

  1. Anyone got a HP to Netgear VLAN working?
    By ChrisH in forum Wireless Networks
    Replies: 7
    Last Post: 7th December 2006, 11:14 AM
  2. VLAN setup
    By dezt in forum Wireless Networks
    Replies: 4
    Last Post: 29th November 2006, 08:36 AM
  3. Question about VLans.............help?
    By Kyle in forum Windows
    Replies: 11
    Last Post: 6th November 2006, 12:48 PM
  4. How do you seperate your networks. Subnet / Vlan
    By drjturner in forum Wireless Networks
    Replies: 16
    Last Post: 28th September 2006, 07:24 AM
  5. Changing port vLANs on an HP ProCurve switch
    By MrDylan in forum Hardware
    Replies: 6
    Last Post: 9th March 2006, 03:13 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •