I'm completely new to VLANs, and I have a client who has a SG300-20 switch. This location is basically a shared office space with individual offices inside a large building. Each office has network ports that lead back to a patch panel, which then is attached to the switch, which is attached to the router, which is attached to the cable modem. At the moment, there is only one office being used, but the client would like for each office to share one main Internet connection, but not be able to see each other on the network.
Basically, one port will be taken up by the Internet connection coming in, but the other 19 will be attached to ports in different offices. They all need to see the Internet connection, but don't need to be able to see each other. We figured that the best way to achieve this would be through the use of VLANs. I followed information given in this post: https://supportforums.cisco.com/thread/2093645, thinking that it was very similar to what we wanted, but it's not working. When I setup the VLANs in this fashion, the ports stop seeing the Internet connection. So to re-itterate, here's the setup:
o - Cable Modem
|_ - Router running DD-WRT
|_ - Cisco SG300-20 Switch
Any help would be greatly appreciated.
Thanks for the response Robert. At the moment, there are only a few offices being used. But, probably 10-15 offices roughly. They are really just small rooms being used as individual office spaces being leased in one building. The router does support VLANs as well. It's a ASUS RT-N16 router that has DD-WRT firmware installed, so I would assume there are ways of using tagging, but again, I'm completely new to the whole VLAN thing, so I don't fully understand tagged vs. untagged, etc.
If you are able to create all the vlans you need on the router, then that would make for a simple solution. You will want to create all the vlans on your router and switch first.
For the connection Router -> Switch:
The port on both sides will have to be set to Trunk mode. You will then have your default vlan (which is usually 1) set as untagged. All other vlans will be set to tagged. This is important for the networking devices to pass all the vlan traffic.
For the Switch -> Computer:
Each port should be set to Access mode. The port should then be set to whatever vlan you would like to use (vlan 2 for example). These should be untagged.
I hope this helps. If you find that the router does not support enough vlans for what you want to do, there is another way using the switch in layer 3. Please let me know and I will go over that for you as well.
I believe what you're saying makes sense, but after looking further at the router, I believe I can only setup as many vlans as there are ports, meaning that I could basically only have 5 different vlans on the router. This would work temporarily, but would not allow for expansion once more offices become occupied and need Internet access.
I'm guessing that the option I'm going to have to have is the switch option. I have seen a couple things about the switch running in different layer formats, but I didn't realize that we would need to change this to achieve what we're wanting to do.
It is certainly possible to use the switch in layer 3 and have it used with almost as many vlans/networks as you have ports. One key thing to consider though, is that the switch will not provide DHCP.
Before doing this, I highly recommend having your switch on the latest firmware. I will give you a quick overview of the steps involved.
The switch will have to be set to layer 3. You would then want to create your vlans and assign IP addresses for each one. Each port should be set for the vlan you would like to use. On the switch you would then create a default static route pointing to your router. On the router, you would have to create static routes for each network pointing back to the switch.
I will look and see if I can find a good guide for you.
Thank you for trying to assist me. I'm sorry that I'm not very familiar with this, so it makes it harder. I've been trying to do some research, and I'm not totally certain that it's impossible to achieve what you were originally suggesting with creating all the VLANs in the router. It looks like we may be able to create multiple VLANs, and then attach all of them to one port, which then is attached to the switch, and then separated from there. I'm just feeling sort of lost as to where to start. This didn't seem like it would be a very hard task to figure out, but apparently it's a little tougher than we realized.