Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2206
Views
0
Helpful
2
Replies

SG300-10 with Wireless Secured and Guest access

Go to solution
cbaures
Level 1
Level 1

‎03-18-2012 07:34 PM

I’m trying to configure a wireless network with both private(secured) and guest access  using a SG 300-10 switch.

The Firewall cannot control VLAN traffic.  

The access points can generate multiple SSIDs and assign them to VLANs.

The rest of the switches in the corporate wired network are also VLAN unaware.

REQUIREMENTS:

The guest traffic needs to go to the firewall dmz where it will go out to the internet and back without restriction.

The private/secured/corporate traffic needs to connect into the corporate network where internet traffic will go through their firewall where access is password controlled, content filtered and monitored.

INFO:

Corporate IP traffic is 192.168.0.x gw=192.168.0.1 and   dmz traffic is 192.168.10.x, gw=192.168.10.1

I have ports 1-7 connected to APs, port 8 is open, port 9 is going to the corporate switch and port 10 connecting to the dmz of the firewall.

The APs tag Secured traffic to VLAN3 and Guest traffic to VLAN2

SG300-10

Interface Settings

   Ports 1-8 = VLAN Mode - general, PVID -1, Frame type - admit all

   Port 9 = VLAN Mode - general, PVID -3, Frame type - admit Tagged Only

   Port 10 = VLAN Mode - general, PVID -2, Frame type - admit Tagged Only

Port to Vlan,

   VLAN ID = 1

       Port 1-8 = General, un-tagged, PVID checked

       Port 9 = general, excluded

       Port 10 = general, excluded

   VLAN ID = 2

       Port 1-7 = General, Tagged

       Port 8 and 9 = general, excluded

       Port 10 = General, Tagged, PVID checked

   VLAN ID = 3

       Port 1 – 7 = General, Tagged

       Port 8 and 10 = General, Excluded

       Port 9 = General, Tagged and PVID checked.

Port VLAN Membership

   Port 1-7 = General , Admin VLANs = 1UP, 2T, 3T, OP VLANs = 1UP, 2T, 3T

   Port 8 = General , Admin VLANs = 1UP, OP VLANs = 1UP

   Port 9 = General , Admin VLANs = 3T, OP VLANs = 3T

   Port 10 = General , Admin VLANs = 2T,   OP VLANs = 2T

Simply put, it’s not working, help…

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
David Hornstein
Level 7
Level 7

‎03-19-2012 05:34 AM

Hi Charles,

Firstl step . make sure that you are running the newest firmware .

To me since the firewall's DMZ port is not VLAN aware, the problem seems to be the configuration of port 10 of the switch.

If port 10 of the switch is going to a non vlan aware port on the DMZ, it means to me that port 10 of the switch should be sending untagged Ethernet frames.. But port 10 should be a member of VLAN2 sending tagged Ethernet frames and it looks like port 10 is sending tagged Ethernet frames to the DMZ port of the firewall..

If my assumption is correct then;

  • Change port 10 to access mode, via the GUI option VLAN Management > Interface Settings.

  • Once port 10 is in access mode, then goto to GUI section VLAN Management >Port to VLAN and select VLAN ID equal to 2 and select Go

  • On port 10 select untagged. (this will make port 10 a untagged member of VLAN 2.)

  • save the changes

Personally, I would prefer to not run the switch ports 1 to 8 in general mode , but leave them in the default VLAN trunk mode.

Lets see if this fixes the issue.

regards Dave

View solution in original post

0 Helpful
2 Replies 2

Go to solution
David Hornstein
Level 7
Level 7

‎03-19-2012 05:34 AM

Hi Charles,

Firstl step . make sure that you are running the newest firmware .

To me since the firewall's DMZ port is not VLAN aware, the problem seems to be the configuration of port 10 of the switch.

If port 10 of the switch is going to a non vlan aware port on the DMZ, it means to me that port 10 of the switch should be sending untagged Ethernet frames.. But port 10 should be a member of VLAN2 sending tagged Ethernet frames and it looks like port 10 is sending tagged Ethernet frames to the DMZ port of the firewall..

If my assumption is correct then;

  • Change port 10 to access mode, via the GUI option VLAN Management > Interface Settings.

  • Once port 10 is in access mode, then goto to GUI section VLAN Management >Port to VLAN and select VLAN ID equal to 2 and select Go

  • On port 10 select untagged. (this will make port 10 a untagged member of VLAN 2.)

  • save the changes

Personally, I would prefer to not run the switch ports 1 to 8 in general mode , but leave them in the default VLAN trunk mode.

Lets see if this fixes the issue.

regards Dave

0 Helpful

Go to solution
cbaures
Level 1
Level 1
In response to David Hornstein

‎03-20-2012 08:18 PM

Thanks,  I had to add a static route as well,  but it seems to be working.    I'll test some more and ask again if i need more help.

Thanks

0 Helpful
Customers Also Viewed These Support Documents