06-08-2013 07:13 AM
Hello,
I have been messing around for some time now to get my network to work with some vlan's
All tutorials and other posts in the forums didn't really help, I only have basic knowledge about networking.
I have drawn a network map as I would like to build the network.
So I would like to have 3 VLAN's
VLAN 1 is the default lan, along my searches I have found out that its not a good idea to use VLAN 1 for private networking since many discovery services are on the network also and could exploit the network.
So only network appliances like switches and accesspoints are in VLAN 1 also the 2 DVR's provided by the cable company need to be in this vlan since they only need internet access.
VLAN 10 will be the general vlan for all devices in the home, any device is trusted to have full access along the network and internet
VLAN 25 is the guest network, mainly just wireless and can only get internet access and should not be able to access anything in VLAN 10 if possible but not really important guests should not access VLAN 1
Maybe its better to put de DVR devices in this vlan too?
Hopefully someone can help me out step by step, things I tried myself mostally lead to locking myself out of the vlan somehow and not be able to get back into the SG300 switches
Also by setting up this properly I hope to get bonjour broadcasts to work properly so the airplay devices are being discovered all over the network and also the iTunes server that is running on the Synology NAS.
One mistake in my network map, the printer is an Airprint device ofc.
Thanks in advance!
06-09-2013 04:18 AM
It seem I got the most of the network configured, I found out that the Apple Airport device does not support trunking so this will be a member of VLAN 10 for now, i'm gonna get a Cisco managed AP so I can properly create vlans for wireless devices too.
Right now the switch (overloop) at 192.168.1.2 is DHCP server for 192.168.10.x and 192.168.25.x
Strangely I can access all switches either on 192.168.1.x as wel on 192.168.10.x from VLAN10 and can also ping 192.168.1.1 but I can't get into it via the web browser?
Also I can't see or create any IPv4 static routes in the SG300 switches?
When I check this via the terminal I get the following output:
overloop#show ip route
Maximum Parallel Paths: 1 (1 after reset)
IP Forwarding: enabled
Codes: > - best, C - connected, S - static
S 0.0.0.0/0 [1/1] via 192.168.1.1, 19:33:28, vlan 1
C 192.168.1.0/24 is directly connected, vlan 1
C 192.168.10.0/24 is directly connected, vlan 10
C 192.168.25.0/24 is directly connected, vlan 2
I wonder if I have setup everything correctly?
ISA570
Any help would be greatly appreciated!
06-11-2013 10:49 AM
Anyone?
I have changed the network map a bit.
Still can't go to the webinterface of the firewall from a host at 192.168.10.x
06-12-2013 03:03 AM
You ISA is routing all networks and also Overloop will route at L3, this is not a good constellation! You should Overloop do only the L2 stuff (trunking/switching) and let the ISA do the rest.
Michael
Please rate all helpful posts
04-04-2014 06:34 AM
Hi, Just curious. What did you end up doing since we're 10 months later? Have a similar situation myself right now with an ISA-570 with Netgear WAP's.
Thanks :-)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide