05-21-2018 03:02 AM - edited 03-08-2019 03:04 PM
Hi,
I am a networking newbie and Just joined a company as IT Admin. I inherited a working flat network with 0 Vlans. Around 30 devices connected to a Cisco SF-300 48P Poe Switch operating on L3 mode.I created around 5 vlans on this,gave them interface IPs and untagged ports as necessary. But Im not able to access internet on these devices on the vlan. devices on the default vlan works just fine.
Let me first explain my network design. I have a Dell Sonicwall TZ300 acting as the Router. One Cisco Small Business SG-100 16 Unmanaged Switch as the Core switch.Two cisco sf300 used as voice switch and One Cisco SF300 48 P for Data.Two windows servers, One for AD Domain Controller,Dhcp,Dns and another One for Filesharing server.
X0 port on the firewall is connected to the First port of the core switch. All the 3 switches and the Servers are directly connected to the unmanaged core switch. All the end point computers are connected to the SF300-48 ports switch and the IP Phones are connected to the 2nd 3rd switches.
The AD/DHCP/DNS servers ip address is 192.168.1.100. Router Ip address is 192.168.1.1
How shall I configure the switch so that, the devices in vlans for example Vlan40 -192.168.40.1 and vlan50-192.168.50.1 will be able to get dhcp (Ive tried and failed to configure dhcp relays) from the server connected to the Core switch, and get internet access from the router? So far Im able to ping between the vlans but cant ping the server or router. Shall I connect the server to the data switch to a new vlan for server,and will the devices be able to talk with intervlan routing enabled?
Any help pls
05-27-2018 11:55 PM
Hello,
'dozens' of devices doesn't sound like a lot in terms of networking. You should be fine.
Inter-vlan access and rules need to be defined on the Sonicwall, which is under your management, so you can block traffic between Vlans as you like.
05-28-2018 07:57 AM
Yes, although if it's a non trusted network then a Firewall should be used really.
You can use an IP deny statement to prevent access to a VLAN. Be aware if permitting traffic that the ACL's are not typically stateful, which means you need to allow the return traffic.
Martin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide