cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3642
Views
3
Helpful
4
Replies

Setting up VLANs ISA570 and SG300

Osirison
Level 1
Level 1

Hello,

I have been messing around for some time now to get my network to work with some vlan's

All tutorials and other posts in the forums didn't really help, I only have basic knowledge about networking.

I have drawn a network map as I would like to build the network.

homenetwork.png

Full size network map

So I would like to have 3 VLAN's

VLAN 1 is the default lan, along my searches I have found out that its not a good idea to use VLAN 1 for private networking since many discovery services are on the network also and could exploit the network.

So only network appliances like switches and accesspoints are in VLAN 1 also the 2 DVR's provided by the cable company need to be in this vlan since they only need internet access.

VLAN 10 will be the general vlan for all devices in the home, any device is trusted to have full access along the network and internet

VLAN 25 is the guest network, mainly just wireless and can only get internet access and should not be able to access anything in VLAN 10 if possible but not really important guests should not access VLAN 1

Maybe its better to put de DVR devices in this vlan too?

Hopefully someone can help me out step by step, things I tried myself mostally lead to locking myself out of the vlan somehow and not be able to get back into the SG300 switches

Also by setting up this properly I hope to get bonjour broadcasts to work properly so the airplay devices are being discovered all over the network and also the iTunes server that is running on the Synology NAS.

One mistake in my network map, the printer is an Airprint device ofc.

Thanks in advance!

4 Replies 4

Osirison
Level 1
Level 1

It seem I got the most of the network configured, I found out that the Apple Airport device does not support trunking so this will be a member of VLAN 10 for now, i'm gonna get a Cisco managed AP so I can properly create vlans for wireless devices too.

Right now the switch (overloop) at 192.168.1.2 is DHCP server for 192.168.10.x and 192.168.25.x

Strangely I can access all switches either on 192.168.1.x as wel on 192.168.10.x from VLAN10 and can also ping 192.168.1.1 but I can't get into it via the web browser?

Also I can't see or create any IPv4 static routes in the SG300 switches?

Screen Shot 2013-06-09 at 9.15.44 AM.png

When I check this via the terminal I get the following output:

overloop#show ip route

Maximum Parallel Paths: 1 (1 after reset)

IP Forwarding: enabled

Codes: > - best, C - connected, S - static

S   0.0.0.0/0 [1/1] via 192.168.1.1, 19:33:28, vlan 1                     

C   192.168.1.0/24 is directly connected, vlan 1                          

C   192.168.10.0/24 is directly connected, vlan 10                        

C   192.168.25.0/24 is directly connected, vlan 2                         

I wonder if I have setup everything correctly?

ISA570

Any help would be greatly appreciated!

Anyone?

I have changed the network map a bit.

Still can't go to the webinterface of the firewall from a host at 192.168.10.x

You ISA is routing all networks and also Overloop will route at L3, this is not a good constellation! You should Overloop do only the L2 stuff (trunking/switching) and let the ISA do the rest.

Michael

Please rate all helpful posts

Michael Please rate all helpful posts

Hi, Just curious. What did you end up doing since we're 10 months later?  Have a similar situation myself right now with an ISA-570 with Netgear WAP's.

 

Thanks :-)