Re: How do I separate LAN and WLAN?

kweightman · ‎12-01-2013

Hi

Im totally new to networking but have been asked to sort our IT by the boss.

We currently run a wired network that also includes 3 WAP's, with a network address of 192.168.2.x

we want to separate all wireless with an address of 192.168.3.x

.

How can we separate the wireless from the wired networks, while keeping internet and internal resource access for both?

we have a cisco 891 with 2 vlans on it (the default VLAN 1 and our new one VLAN10) going through a port to a 3000 series switch

the 891 handles DHCP as well, so I have a DHCP pool for 192.168.3.0/24, and a VLAN interface for VLAN10 (the wifi) both on the 891.

this is connected to the 3000 switch, which also now has a vlan created on it for wifi. There are 3 AP's connected to this switch. What modes do I need to set each of the 3 ports to? Trunk or access? tagged/untagged? should these ports only be a member of wifi vlan or both?

Please help as this is quite urgent and I know nothing!! thanks

Jon Marshall · ‎12-01-2013

Kyle

So you have vlan 1 which is the wired network and vlan 3 which is the WiFi network and they are both routed on the 891 router. You do not want to restrict traffic between these vlans or to the internet, you just want them on separate vlans.

Is the above correct ?

If so the ports on the switch should be access ports which will be untagged and they should only be members of vlan 3.

Jon

kweightman · ‎12-01-2013

Hi Jon

thanks for reply

the VLAN1 is wired, and we want VLAN10 to be wireless.

VLAN1 to be on 192.168.2.0 range, VLAN10 192.168.3.0 range

Will i need to change the WAPs IP addrss to a 192.168.3.x ?

If the switch ports are untagged, and access ports, only members of VLAN10, then all wireless devices should get DHCP addresses in 192.168.3.0 range is that right?

On the 891, do i need to assign anything (there is only one cable from 891 to switch) or as long as it has two DHCP pools will al be fine from there?

Apologies if im being dim!

Jon Marshall · ‎12-01-2013

Kyle

No apologies necessary.

If the switch ports are untagged, and access ports, only members of VLAN10, then all wireless devices should get DHCP addresses in 192.168.3.0 range is that right?

Yes.

On the 891, do i need to assign anything (there is only one cable from 891 to switch) or as long as it has two DHCP pools will al be fine from there?

That link needs to be a trunk link because it is passing traffic for multiple vlans ie. vlan 1 and vlan 10.

Will i need to change the WAPs IP addrss to a 192.168.3.x ?

Not sure about this as i'm not a wireless person but i suspect so. You can either post a separate query into Wireless. wait until someone who knows reads it on here (if they do) or just give it a go.

Jon

kweightman · ‎12-01-2013

great thanks.

On the 891, do i need to assign anything (there is only one cable from 891 to switch) or as long as it has two DHCP pools will al be fine from there?

That link needs to be a trunk link because it is passing traffic for multiple vlans ie. vlan 1 and vlan 10.

for the above, do you mean it needs to be a trunk port on the switch or the 891? or both?

Jon Marshall · ‎12-01-2013

Kyle

It needs to be both.

Alternatively you could run 2 cables from the switch and put one in vlan 1 and one in vlan 10 ie. access ports/untagged and that should work as well although i have never done that before so you should test it.

Jon

kweightman · ‎12-01-2013

Brilliant.

so the port that connects to the 891 should be trunk, VLAN1 tagged, VLAN10 untagged, the ports that connect to WAP untagged VLAN10?

Great thanks

JON

Jon Marshall · ‎12-01-2013

Kyle

It can be a bit complicated with trunks. Which vlan is tagged depends on your native vlan. If you have not set anything up explicity on the switch then vlan 1 will probably be untagged. You do not want vlan 10 as untagged on the trunk link unless you have changed the native vlan to vlan 10 on the switch (which i doubt you have).

The ports that connect to the APs should definitely be untagged.

What i would do is -

1) try making the connection between the switch and the 891 a trunk link. You will need to configure it on both ends of the link.

2) then try pinging between vlans and also try internet connectivity.

If 2) doesn't work then you can post your 891 config on here and we can check it out. Note the switch is a small business switch so there is limited knowledge of that in this forum but there is a forum for small business switches you can post if you need help setting up the trunk.

Edit - if the native vlan is not 1 on the switch then you will need to configure the trunk on the 891 with an extra command to tell it what the native vlan is. To clarify, the native vlan is the vlan that sends untagged packets on a trunk whereas all other vlans are tagged.

Jon

kweightman · ‎12-02-2013

Turns out the 891 wont separate the two DHCP pools properly, it mangles them together.

I was able to separate the LAN and WLAN off though, and it all seemed ok except for internet on wirerless, but that i guess is because of DHCP issue.

Thanks for your help Jon.