I am new to Vlan's so bear with me. I have a Windows 2003 server 192.168.1.3 that does our DHCP - 192.168.0.1 - 192.168.3.254 Subnet 255.255.255.252. I added a scope of 10.10.0.1 - 10.10.3.254 Subnet 255.255.252.0. I have a UNIFI wireless network in place and am wanting to setup vlan on our Guest network. I also have a Cisco ASA that acts as our Firewall 192.168.1.1. The next hop from the ASA is a CISCO ESW 540. I have plugged into this a SF300 and also one of the Unifi AP's. From the unif AP I am not able to pull an ip address from Vlan 2. Also from my DHCP server I cannot ping the address of the vlan 2 interface. This is the setup on my SF300 - it is in L3 mode.
On the L3 switch under Vlan Management - I added Vlan 2, on the interface settings on the port I have the AP plugged into(port 11) I added vlan 2 as tagged. I also enabled gvrp settings on port 11. Port is set to trunking.
Under IP configration I added and Ip address of 10.10.10.3 to vlan 2. Vlan 1 is 192.168.1.40.
I have an ip helper to 192.168.1.3 for port 37, 42, 49, 53, 137 and 138.
I enabled DHcP relay.
Is this sounding right so far? On my unifi AP I have two SSID's setup. The guest one I set to use vlan 2 but I can not get an ip to pull. Thank you for any suggestions.
Hi Shelly, you sound on track.
If you statically assign a camera or other device in VLAN 2, is there basic inter-vlan communication (ping?)
What default gateway is being provided by the DHCP server?
Is option 82 enabled on the DHCP server and the SX300?
In addition, the SX300 does support 8 DHCP pools. This could be a consideration to make things a bit easier.
Please mark answered for helpful posts
No there isn't, it sends addresses but never recieves anything. The default gateway is 192.168.1.1 which is a Cisco ASA and is our firewall.
So are you saying I could have the SF300 hand out the dhcp to vlan 2? That may actually be a better option because then the guest devices would stay completely off my DC??
You said you configured DHCP scope in your seriver 2003 this is great however does server nic card ( network card ) can tag traffic? if not please do this following steps
-- I like to make ASA5505 dirrect connect with SF300
-- make sure SF300 in L3 mode
-- change spanning tree priority lower then default so you can use 0
-- config all your vlans in your switch
-- config your static route in switch point to one singel IP it is router
-- config ACL deny guest vlan to connect with other vlans
-- config static router from ASA5505 point all vlan ip interfaces to switch default switch IP interface
-- connect ESW540 to SF300
-- config turnk port between two switchs carry all vlans
-- call 1-866-606-1866 and I believe they can help you, Also I did TRL how to fix issue like this
so I went in at setup up a DHCP pool to 10.10.0.0, subnet on the SF300 and then went to my unifi and specified the new vlan on the Guest network and it pulled an ip address! Yay but I am not getting out to the internet...What do I have to set so it knows to go out through our Cisco asa 192.168.1.1??