Hello, I think I can clarify

ModernTechnologies · ‎01-25-2015

Hi please excuse my ignorance and lack of knowledge in this field as I am a complete newbie when it comes to Cisco switches and VLANS etc. but trying to learn.

I have a Cisco 300-24P and need to create two separate networks (private and public) ports 1 - 10 for Private and ports 11 - 20 for Public. I then to need ports 21 - 24 for access points and that can access both private and public.

I am assuming that would need to create two vlans (e.g. VLAN100 for private and VLAN200 for public). After reading a little I think I need to set ports 1- 20 to "access" and ports 21- G4 to "trunk".

I have attempted this but don't think I have things quite right. Would it be possible for someone to either point me in the right direction or even send me a saved config that I could load and examine.

Many thanks in advance for your help.

Julio Carvajal · ‎01-25-2015

Hello,

In regards of creating the 2 VLANs for the Public and Private networks you are correct.

Now when you mean that ports 21-24 will access both private and public are you talking about the APs SSIDs will have both the subnets of the Private and Public networks?

If that's the case then yes, you need to trunk those ports and make sure those VLANS (Private and Public) are allowed.

If what you mean is that whatever SSIDs and subnets you create on the Wireless network need to access both the Private and Public network (They will be on their own network) then the solution will be a bit different.

The link between the AP and the Switch can be an access port and then you will give the AP an IP from either the public or Private VLAN.

Then you simply create some static routes in the Switch ponting them to the AP IP address and Inter-VLAN routing will take place.

Hope it makes sense.

Jcarvaja
Senior Network Security and Core Specialist
CCIE #42930, 2-CCNP, JNCIS-SEC
For inmediate assistance hire us at http://i-networks.us/

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

ModernTechnologies · ‎02-02-2015

Hi Jcarvaja

Thanks for the help, sorry for my delay in replying. The AP Units will have 2 x SSID enabled "Private" on VLAN 100 and "Public" on VLAN 200.

I have attached a rough diagram of what i am trying to achieve. I can also attach a copy of the running config from the 300-24 if that helps.

I dont seem to be able to connect to the AP's and ping other devices on the various VLANs

I know I am doing something wrong but not sure where as still learning about VLAN, PVID and tagging etc.

Thanks

cchamorr · ‎02-02-2015

Hello,

I think I can clarify a few things for you:

1- The ports that are going to connect directly to end stations will need to be configured as access ports with the respective VLAN as untagged.

2- The ports that are going to be connected to the AP's will need to be configured as trunks with VLAN 100 un-tagged and 200 tagged. The AP should be able to understand VLAN's, they should be configured with and IP address on VLAN 100.

3- By default, the un-tagged VLAN is the same PVID.

Notes:

A few things to keep in mind:

1- I see you already have a router on the network, this is the one that will determine if the VLAN's can talk to each other based on the Inter VLAN configuration. In general terms, if inter VLAN is enabled on the router then Public and Private will be able to share traffic, otherwise they wont.

2- When creating VLAN's on the SG300 make sure that you are not assigning IP addresses to any other VLAN than your management VLAN, otherwise you could have issues with the routing.

3- To make sure the connectivity between the VLANs is working as you expect, make sure to do all the testing from the hardwired PC's first, that way you will know if the issue is on the router or the switch.

I hope this was helpful.

SF300-24P VLAN CONFIG QUESTION