Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
621
Views
0
Helpful
3
Replies

SG350X Private/community VLAN + WiFi

Go to solution
00u1co5uk8fvAlsO75d7
Level 1
Level 1

‎07-28-2021 01:36 AM

Hi,

 

I have a SG350X switch with a Private VLAN (100), which contains three Community VLANs (101, 102, 103). This works fine for LAN ports. The VLAN 100 promiscuous port is connected to the "Guest LAN" port of my router.

 

I also have WiFi APs, which are connected as trunk. It is somehow possible to create a WiFi network for each community VLAN? I have tried to create a WiFi network for 101, 102 and 103, but it doesn't work (packets are not routed to the VLAN 100 promiscuous port).

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
00u1co5uk8fvAlsO75d7
Level 1
Level 1

‎11-22-2021 05:11 AM

I have let it with just two VLANs (default and guest), and traffic within this VLANs is not restricted. Works fine and security (isolation between the apartments) is not that important that is justifies more work. If I would still need it, I'd add another VLAN-capable router between the Internet router (then used as modem) and the switches.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎07-28-2021 02:45 AM

in general you like to have more VLAN to pass, the interface to be Trunk mode. - if i understand your question correctly ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
00u1co5uk8fvAlsO75d7
Level 1
Level 1
In response to balaji.bandi

‎07-28-2021 02:58 AM

Hello,

Thanks for your reply. I'm not sure what you mean. A simplified model:

 

Switch SG350X:

* Port GE1: WIFI AP: Trunk

* Port GE20: Private VLAN - Promiscuous (primary VLAN 100, secondary VLANs 101 - 103)

* Port GE25: Private VLAN - Host (primary VLAN 100, community VLAN 101)

* Port GE26: Private VLAN - Host (primary VLAN 100, community VLAN 101)

 

When defining a WiFi network in VLAN 100, it works as expected. However, when I define a WiFi network in VLAN 101, clients don't get an IP address anymore. It seems that they're not switched to the promiscuous port.

0 Helpful

Go to solution
00u1co5uk8fvAlsO75d7
Level 1
Level 1

‎11-22-2021 05:11 AM

I have let it with just two VLANs (default and guest), and traffic within this VLANs is not restricted. Works fine and security (isolation between the apartments) is not that important that is justifies more work. If I would still need it, I'd add another VLAN-capable router between the Internet router (then used as modem) and the switches.

0 Helpful
Customers Also Viewed These Support Documents