Setup VLAN

Hello,
I want to setup VLAN to separate attached devices (will use a VLAN capabel WLAN accesspoint).
I am looking at the Cisco Small business products.
Like this: SG200-08P
This is my goal:
3 VLAN's: Internal, External, Guest
Devices connected to Internal can access External + Internet.
Devices connected to External can only access its own VLAN + Internet.
Devices connected to Guest are separated, they can only acess Internet.
I have a LAN Internet connection, with one IP address.
So I need NAT and Routing.
Do I need a VLAN enabled Router, or only a VLAN enabled Switch (Layer 2 / 3 / Smart)?
Can a Smart Switch act as Router?
Please advice me for Cisco - Products.

Hello Sam,
For your setup you will still want to get a router. Our Layer 3 switches do not do NATing or have any kind of firewall, so you probably would want something else in front of this on the edge of your network.
With a layer 3 switch it is possible to buy a router that doesn't do VLANs and still make it work. The RV series of routers would work well for this. All of them except for the RV016, RV042, and RV082 are VLAN capable. Even with those three you could set it up, it would just be a slightly different setup.
With a VLAN capable router you can do what is called router-on-a-stick, where all the VLANs are trunked up to the router, and it handles the Inter-VLAN routing. You can also set it up where the switch is everyone's default gateway, and it does the routing. In that case you would just have a point to point link between the router and switch, along with some static routes to make it all work.
So basically with a layer 3 switch you have some options, but you will still want a router for the NAT and the firewall features. It is possible to put a layer 3 switch directly on the edge, but only if you own enough public IPs for all of your devices.
Hope that helps a bit,
Christopher Ebert
Senior Network Support Engineer - Cisco Small Business Support Center

Similar Messages

Setup vlan on solaris

i have 3 servers which are run on windows server 2003 and solaris 10...So, i need to setup vlan in each server. Our network will used ipv6 and ipv4 protocols..
The problem is i really dunno how to setup the network and interconnect between ipv4 and ipv6..The setup for vlan must done in server that run on solaris....tq for helping

Thanks for the update, We would love to have such a feature will greatly help in traffic isolation while still on the same vlan.

How to setup vlans and routing between them

Hey guys
I am onboard a vessel where I have a Cisco 1921 router with intergrated 8-port dwitch. I have no experince what so ever with Cisco, onlye knowledge about netwrok in general.
What I need to do is to create 3 VLANs wit different networks and thier own gateways internally( no external routers, no external switches), and I want client in all networks to be able to communicate qith each other:
Vlan 2:
192.168.0.0
Default Gateway: 192.168.0.1
Network Mask: 255.255.255.0
Vlan 3:
192.168.1.0
Default Gateway: 192.168.1.1
Network Mask: 255.255.255.0
Vlan 4:
192.168.2.0
Default Gateway: 192.168.2.1
Network Mask: 255.255.255.0
As mentioned abode, I need clients from each VLAN to be able to communicate with each other. Se drawing

Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
It might be as simple as defining VLAN interfaces for your 3 VLANs, and they assigning the ports to one of the 3 VLANs.

WRT1900ac cannot setup Vlan with ID 2

Hello,
I am configuring my new router wrt1900ac to use with my fiber supplier.
I have problem configuring Vlans for the diferent services.
For wrt1900ac to work with my fiber supplier I have to set diferent vlan:
Vlan 2 For TV
Vlan 3 For VoIP
Vlan 6 For Internet
These VLANs are already configured on the ONT Fiber and can not be changed.
I tryed to configure the Vlan 2 on one of the ports but , I get a message saying that you can only select between vlans 3-4094
http://imageshack.com/a/img822/4936/jtup.png
Why I cannot set this value?
There is a way to configure a Vlan in ID 2 ? Why only between 3 and 4094?
VoIP and Internet works fine.

I agree with FurryNutz. :-) Linksys Support Team are the best team to assist you with their device.

300 Series Switch VLAN Setup

Hello,
I am trying to setup vlans on sf 302 switch and been unsuccesful. My idea is having 2 separate networks and both connecting to internet
192.168.2.0/24 Gaming Network
192.168.3.0/24 Work Network
Router ( Linkys) connected to port 8 on the switch - 192.168.4.1
I have attached the serial cable and made the following changes
Creating VLAN's
Created Vlan 20 for gaming network
#config t
#vlan database vlan 20
exit
Created Vlan 30 for work
#config t
# vlan database vlan 30
#exit
Asigned ports to VLAN's
#config t
# int fa2
# switchport mode access
# switchport access vlan 20
#exit
#config t
#int fa3
# switchport mode access
# switchport access vlan 30
#exit
Assigning IP address to VLAN
#conf t
#int vlan 20
# ip address 192.168.2.1 255.255.255.0
#end
#conf t
#int vlan 30
# ip address 192.168.3.1 255.255.255.0
#end
I am stuck after this. Now i want to connect vlan 20 and vlan 30 on to router attached to port8 on switch so that computers on both vlans have access to internet. The IP address of router is
192.168.4.1.
Please explain what needs to be done to acomplish this.
Thanks
Maakri

Hello Randy,
The switch is already set to router mode.
I have attached a belkin router on port 8 of the switch. The LAN IP of router is 192.168.4.2
On the switch I have configured port 8 as follows
#int fa8
#ip address 192.168.4.1
# switchport mode trunk
#switchport trunk allowed vlan add vlan 20
#switchport trunk allowed vlan add vlan 30
#no shutdown
#exit
#ip routing
From PC connected to vlan 20 and VLAN30 I can ping 192.168.4.1 but not 192.168.4.2. I want to access internet from my PC's on Vlan20 and VLAN30
I can ping PC in vlan30 from my pc in Vlan20 but cant access the router IP and so no internet. What am I missing? Please let me know
Thank you
Maakri

VLan setup for a 2950 and 2611

Im trying to setup a real basic VLan setup for 1 2950 switch. I would like to have 3 Vlans on it including the default Vlan. So my understanding is that for all 3 of the VLans to talk to each other I will need a router to be the layer 3 device that routes the Vlans.
On my 2611 it looks like this:
interface Ethernet0/0
no ip address
full-duplex
interface Ethernet0/0.1
encapsulation dot1Q 1 native
ip address 172.16.10.1 255.255.255.0
no snmp trap link-status
interface Ethernet0/0.2
encapsulation dot1Q 2
ip address 172.16.20.1 255.255.255.0
no snmp trap link-status
interface Ethernet0/0.3
encapsulation dot1Q 3
ip address 172.16.30.1 255.255.255.0
no snmp trap link-status
Then my 2950 looks like this:
interface FastEthernet0/1
description Connection to router
switchport mode trunk
speed 10
duplex full
interface FastEthernet0/2
switchport access vlan 2
interface FastEthernet0/3
switchport access vlan 3
interface Vlan1
ip address 172.16.10.2 255.255.255.0
no ip route-cache
ip default-gateway 172.16.10.1
Ok so as it currently stands the switch and router will not talk to each other at all. From the switch I can not ping the router and vice a versa. If I plug a laptop into one of the ports using VLan1 I can ping the switch IP 172.16.10.2 but obviously can not ping the default gateway which is the router...
I didnt think this looked very hard but for some reason it does not want to work for me at all...
Any ideas?
LR

I have two things you might try. First set your trunking interface on your switch to auto.
interface fastethernet 0/1
speed auto
duplex auto
This will help to make sure that the ethernet on the 2611 will negotiate the duplex with the switch. I've had issues with 2611's trying to do full duplex on there ethernet ports.
Another Option turn on CDP on your router and switch and do a show cdp neighbor to make sure there plugged into the right ports.
Three you could move the vlan 1 ip address on the 2611 to the main interface. Example below. Then try pinging the switch. Your other tagged vlans should still work at that point. Also if you have multiple switches make sure to setup Vlan Trunk Protocol see NOTE A.
no interface Ethernet0/0.1
no encapsulation dot1Q 1 native
no ip address 172.16.10.1 255.255.255.0
no snmp trap link-status
interface Ethernet0/0
ip address 172.16.10.1 255.255.255.0
NOTE A
Add the following commands to each switch to setup your Vlan Trunk Protocol. These are pretty much the minimum amount of commands you can use to setup VTP.
vtp domain CISCO1
vtp version 2

Help with VLANs on SG200-18 and two SG200-08 switches

Hi everybody. My apologies but I'm only average at best with my CISCO skills. I have simple setup running a few network devices connected via 3 CISCO switches. It's small office and there are two rooms - one with servers and one with printer and pc's. Each room has 8-port SG200-08 switch.
Router/ firewall is Sonicwall TZ215 and it handles internal routing between VLAN's. Each SG200-08 was connected directly to TZ215 (no SG200-18 yet) and VLANs were working perfectly. Please see diagram below...
Problems started when I added in the middle larger SG200-18 to handle extra devices. Whatever I'm doing wrong but I can't make VLANs work anymore. Something I'm not setting up correctly in SG200-18.
Please help me to setup VLANS here - tagged, untagged, PVID, trunk........ I'm completely lost and already had to reset SG200-18 twice.
My working setup without 18 port switch was like this.
SG200-08 (1)
    g1 Trunk 1     1U,100T
    g2 Trunk 1     1U
    g3 Trunk 1     1U
    g4 Trunk 1     1U
    g5 Trunk 1     1U
    g6 Trunk 1     1U           SERVER3
    g7 Trunk 100   100U      SERVER1
    g8 Trunk 100   100U      SERVER2
SG200-08 (2)
    g1 Trunk 1     1U,50T,200T
    g2 Trunk 1     1U
    g3 Trunk 1     1U
    g4 Trunk 1     1U         PC1A
    g5 Trunk 1     1U         PC1B
    g6 Trunk 50    50U      PC2A
    g7 Trunk 50    50U      PC2B
    g8 Trunk 200   200U    NETWORK PRINTER
Thank you in advance.

Hello,
Small switches would remain untouched but 200-18 needs to have the following settings:
g15 Trunk 1     1U,100T
g16 Trunk 1     1U,50T,200T
g17 Trunk 1     1U,50T,200T
g18 Trunk 1 1U,50T,100T,200T
Sonicwall now would have only one port connected to SG200-18 with settinngs matching port g18 on big switch.
If you notice there is a change as now you would have only 1 port connecting your network to the Sonicwall, would advise you to use port 17 or 18 since they are uplink ports.
If you have tried to connect two ports to big switch STP would block one of the ports.
Let me know how it is going :-)
Aleksandra

Setting up VLAN's for wireless AP's with two SSID's

I am trying to setup a RV180 and 3 wireless access points. I want the AP's to have 2 ssids that are isolated from each other. IE guest network and main network. I have setup VLAN's and my AP's support 802.1q and have ssid's with matching VID's. I was able to get this to work basically, but things seem to have gotten confusing when I plug the AP's into a POE switch instead of directly into the rv180. At this point I'm not sure exactly waht to ask. Maybe start by providing basic info on how I'm supposed to do this. I was under the impression that since both devices support 802.1q I could configure the VLANs on the router, and tell the AP's to apply a VID to the SSID and thing would work. This isn't the case unfortunately. Any help would be appreciated.

Hi Aaron, if you connect a computer to a switch port you making it the untagged member of the desired vlan. The uplink between the router and switch take care of traffic passing.
So for example-
Ap 1 = vlan 1 and 2
Ap 2 = Vlan 3 and 4
Ap 3 = Vlan 5-6
Guest comptuer = vlan 7
Router trunk is vlan 1u, 2-7t (with intervlan routing enable/disable as desired)
Switch trunk is the same 1u, 2-7t
Ap 1 trunk is 1u2t
Ap 2 trunk is 3u, 4t
Ap 3 trunk is 5u 6t
Guest computer is access 7u
-Tom
Please mark answered for helpful posts

Solaris 10 VLAN

How setup VLAN on Solaris 10. Server have hme0 interface. When i make new file hostname.ce123000 for vlan 123 and plumb this interface, ifconfig say no such interface. How right setup vlans on this machine?

How setup VLAN on Solaris 10. Server have hme0 interface. When i make new file hostname.ce123000 for vlan 123 and plumb this interface, ifconfig say no such interface. How right setup vlans on this machine?It looks like you're slightly confused regarding the naming convention for the hostname.* files. You say that your system has hme0, but your hostname.* file is using a ce (Cassini Ethernet) interface. That's why it's not working and returning the "no such interface" message. Do you have any CE NICs in that system? The way you have the hostname.ce123000 file configured suggests you're trying to configure ce0 on VLAN ID 123.
The HME NIC is a very old interface and the driver doesn't support VLANs so you may need to update to a GLDv3 driver and NIC, something like CE, BGE, e1000g, etc. I believe in Solaris 11 the driver was updated to support GLDv3 so it may work.
What kernel rev are you running? Please provide "uname -a". If you can also provide a "prtdiag -v" we should be able to see what other NICs you have installed in the system (if any).
If you're running Solaris 10 3/05 and above refer to http://download.oracle.com/docs/cd/E19253-01/816-4554/fpjve/index.html
If you're running Solaris 10 3/05 and earlier, refer to http://download.oracle.com/docs/cd/E19253-01/816-4554/bbjfdeij/index.html
Regards,
Steve

SG 300-28p vlan configuration

Hello,
I have been trying to setup vlans on a SG300-28p but they are not working.
This is my setup:
I want Switch1 to have ports 1-10 to access the DMZ, and 11-24 the LAN.
Then i wan to add switch2-4 to extend the access to LAN.
Is this possible?
i tested with cisco 2960 switches by just telling what ports whould have access to
DMZ and LAN but the small business switches are different..
I really appreciate the help!

Hi Francisco, assuming the 2960 worked and there was no configuration difference then the problem would be that you did not add the vlans to the trunk. On a Catalyst you do not configure the vlans on a trunk since all vlans pass. On the SB switches you have to configure the vlans on the trunk otherwise only the native/default vlan works.
-Tom
Please mark answered for helpful posts

Flex Connect Across Multiple VLANS same SSID

I just need to find that if we have flex connect setup for differnet vlans using single controller, will roaming works when client connects to AP in a differnet VLAN but using same SSID.
Example below:
1) Client connects to AP on specific SSID mapped to VLAN 100, get an IP address ..all good at this point
2) Client walks and connects to a differnet AP on same SSID but mapped to VLAN 200...at this point I observe client doesnt get a new IP address in fact it retain IP from step-1 and there is no connectivity
3) Client walks back to first AP and connectivity is restored
Why in step-2 client doesnt gets a new IP from VLAN 200 even when it shows connected to AP.

Just to add to Rasika.... L3 isn't supported....I just ran into this a few days ago.... clients should request another dhcp when roaming to another FlexConnect AP that is mapped to a different VLAN. The issue is, that some clients don't try to renew their dhcp address and gets stuck with the default 169.x.x.x. I see this with Apple devices in general and what we are going to do is get rid of the multiple vlan setup (vlan per floor) and create a bigger vlan that the SSID will be mapped to.
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"

Dialog 4425 and vlan

Hi,
We are struggling to get some Ericsson Dialog 4425 ip phone setup with VLANS
I have Ericsson Dialog 4425 ip phone and cisco catalyst 2960 switch
Witout vlan avrything work fine, but I need to setup vlan in the network
Ip phone (vlan x) and user desktop (vlan y) should be in diferent Vlan (user PC is connected on ip phone switch port)
I would like to know
1. if Dialog 4425 can support Voice vlan X like cisco ip phone
switchport access vlan x
switchport voice vlan y
2. Or should I configure specific vlan each ip phone
Network - LAN access control - VLAN for LAN Port x
- VLAN for PC Port y
In the case 2 how should I configure cisco switch ip phone port ?
I case 1 and 2 how should I configure cisco IPBX switch portport ?
Please advise

Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Yes, for egress. Ingress is "it depends".
You could also consider using both links for both kinds of traffic.

Sge2010p switch with polycom 335 how to VLAN or voip

Hello guys,
We just purchased one of Linksys SGE2010P for upcoming plan for VOIP in our office.
And ony 1 port per each cubicle is available through gigabit wiring.
So people will hookup this ip phone to their port and then PC.
Using L2 switch, there is no way to separate voice and data through VLAN and this is why we purchased SGE2010P which is L3 fuctional switch.
With this L3 switch - SGE2010P - what would be a best practise to make a voip to work?
Sorry for very little information but will appreciate any advice,
Thanks
Charlie

Are you looking to setup vlans on the switch or do layer three switching on the sge2010? If layer three, you could do the vlans on the switch and do a default route to the router. Then setup a route back from the router to the switch for the networks included in the vlans.
If in layer 2, just create the vlans on the switch and configure the switch as a trunk with data and voice on the trunk.

Trying to setup a WLAN on an 877W

Hi,
I'm just trying to setup a small office with a WLAN on a 877w. I've managed to get the encryption sorted (I think) but I still can't get them on the network. They won't pickup DHCP addresses and if I set the laptops up on static addresses they still can't ping the router.
I think I need to setup VLANs and bridging, but to be honest I don't understand what needs to be done. Can someone more knowledgeable than me take a look at the config (attached) and point me in the right direction?
This is just for a small office with 2 laptops. I am more than happy to have all interfaces in 1 vlan.
Any questions please let me know,
TIA,
Al

Following link may help you
http://www.cisco.com/en/US/prod/collateral/routers/ps380/ps6200/prod_qas0900aecd8028a982.html

ACL to handle admin & user vlans (permit/deny rdp, icmp, smb, etc.)

Hi guys,
I have a a simple setup:
VLAN 20 = basic users (192.168.20.0/24)
VLAN 30 = admin vlan (192.168.30.0/24)
I want to use ACLs to grant/deny access to the different vlans. Basically admins are allowed to access all services in the client network, i.e. RDP, file share access (smb), ping to basic users. Vice versa basic users are not allowed to access the admin network except echo-replies and smb.
My first approach was to deny everything and just open the specific protocols & ports.
So, for the admin vlan the ACL is quite simple: permit ip any
For VLAN 20 clients I tried:
permit icmp 192.168.20.0 0.0.0.255 any echo-reply
permit tcp 192.168.20.0 0.0.0.255 192.168.30.0 0.0.0.255 eq 445
permit udp 192.168.20.0 0.0.0.255 192.168.30.0 0.0.0.255 range netbios-ns netbios-ss
deny ip 192.168.20.0 0.0.0.255 any
That didn't work. I only got the ICMP-replies.
My second approach was to grant everything and deny the specific ports & protocols.
permit icmp 192.168.20.0 0.0.0.255 any echo-reply
deny icmp 192.168.20.0 0.0.0.255 any echo
deny tcp 192.168.20.0 0.0.0.255 192.168.30.0 0.0.0.255 eq 3389
permit ip 192.168.20.0 0.0.0.255 any
With the second approach there is everything open except the explicitly denied ports which is no really my preferred solution.
So, I'd be happy if you guys could help me out with my first approach.
cheers

I give you the whole config, just deleted some crypto stuff and unused interfaces.
Admin-PC is connected to Gi1/0/2, vlan 30
Client-PC is connected to Gi1/0/4, vlan 20
Current configuration : 7474 bytes
! Last configuration change at 09:37:32 UTC Mon Nov 10 2014
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service compress-config
hostname nucl3us
boot-start-marker
boot-end-marker
vrf definition Mgmt-vrf
address-family ipv4
exit-address-family
address-family ipv6
exit-address-family
enable secret 5 xyz
username xyz password 7 xyz
no aaa new-model
switch 1 provision ws-c3850-48p
ip routing
ip device tracking
qos wireless-default-untrust
diagnostic bootup level minimal
identity policy webauth-global-inactive
inactivity-timer 3600
spanning-tree mode pvst
spanning-tree extend system-id
redundancy
mode sso
class-map match-any non-client-nrt-class
match non-client-nrt
policy-map port_child_policy
class non-client-nrt-class
bandwidth remaining ratio 10
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
negotiation auto
interface GigabitEthernet1/0/2
description admin-pc
switchport access vlan 30
switchport mode access
interface GigabitEthernet1/0/4
description VoIP
switchport access vlan 20
switchport mode access
ip access-group 120 in
interface Vlan1
no ip address
shutdown
interface Vlan20
description clients
ip address 192.168.20.1 255.255.255.0
interface Vlan30
description management
ip address 192.168.30.1 255.255.255.0
no ip http server
ip http authentication local
ip http secure-server
ip access-list standard admin
permit any
ip access-list extended deny_admin_rdp
deny tcp any 192.168.30.0 0.0.0.255 eq 3389
permit ip any 192.168.30.0 0.0.0.255
ip access-list extended vlan20
permit icmp 192.168.20.0 0.0.0.255 any echo-reply
permit tcp 192.168.20.0 0.0.0.255 192.168.30.0 0.0.0.255 eq 445
permit udp 192.168.20.0 0.0.0.255 192.168.30.0 0.0.0.255 range netbios-ns netbios-ss
deny ip 192.168.20.0 0.0.0.255 any
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
line vty 5 15
login
wsma agent exec
profile httplistener
profile httpslistener
wsma agent config
profile httplistener
profile httpslistener
wsma agent filesys
profile httplistener
profile httpslistener
wsma agent notify
profile httplistener
profile httpslistener
wsma profile listener httplistener
transport http
wsma profile listener httpslistener
transport https
ap group default-group
end
client -> admin: smb works, ping and rdp denied -> this is ok
admin -> client: ping works, but no smb or rdp -> this is not ok :-)
I would like the admin network access everything in the client network
cheers

Setup VLAN

Similar Messages

Maybe you are looking for