WRT54G on 2900 switch, seperate VLAN, out same firewall

Our current network (subnet 10.24.167.0) uses a Sonic Wall firewall (10.24.167.254) as the gateway and PAT device to our router.
The owner wants guests to be able to use our internet wirelessly but have no chance of getting on our network.
I want to put the wireless Linksys router (WRT54G) on a seperate VLAN and give it (and the DHCP pool) a different subnet (192.168.1.0). Is that wireless "router" going to be good enough to get the data from the guest subnet out our firewall (which is on the company subnet) and out the router?
Can you please explain the best way to get this to work?
I was also considering a bridge off the router with 1 port going to the firewall and our company subnet, and another port going to the WRT54G, but I think there is a better way.

Hi,
Just addition to the earlier post, see if your firewaal supports trunking and use the trunking feature instead of a separate interface, whihc can be used later for some more specific purpose.
Rest is the same as above.
regards,
-amit singh

Similar Messages

  • Two network segment on the same switch (no vlan), possible?

    Why can't 2 or more network segment work on same switch (without VLAN configuration)? It seems like switch should learn MAC addresses for each interface then work but what when I try to connnect two network segment (different network id ex.192.168.1.0 and 172.16.1.0), a lot of (or all) requests are timed out. Why? Should switch igore network id because it is layer2? I know that this might be a stupid question but I kind of confuse. Thank you

    Hi,
    it should be possible, but you need a router for connectivity or maybe a small trick.
    Let us assume you have a host A 192.168.1.10/24 and another host B with 172.16.1.5/24 connected to one switch (or in one VLAN, which would give the same result).
    When you f.e. ping 172.16.1.5 from host A, it will first consult its internal routing table ("route print" on a MS host). As the destination address is not local it would not send any packet unless there is a default gateway, because otherwise no route to the destination is known. The same applies to host B, when you try to reach host A. So one possible solution is installing a router and setting it to be the default gateway. Example config:
    host A
    IP 192.168.1.10
    Mask 255.255.255.0
    GW 192.168.1.1
    host B
    IP 172.16.1.5
    Mask 255.255.255.0
    GW 172.16.1.1
    interface FastEthernet0
    ip address 192.168.1.1 255.255.255.0
    ip address 172.16.1.1 255.255.255.0 secondary
    The router will get the IP packet from host A and forward it to host B and vice versa, which results in connectivity.
    Another possibility is to modify the routing tables of host A and B.
    host A
    IP 192.168.1.10
    Mask 255.255.255.0
    GW 192.168.1.10
    host A
    IP 172.16.1.5
    Mask 255.255.255.0
    GW 172.16.1.5
    The small trick here is that both hosts have their own IP as default gateway. This will result in host A sending an ARP for host Bs MAC, when you execute f.e. ping 172.16.1.5
    As long as those ARPs are successful - and they finally should, because the switch would deliver them being OSI layer broadcasts to all ports - connectivity should be given.
    Regarding your specific network problem with timed out connection attempts, I do not know your specific configuration (hosts, router), so it is hard to tell, what is going on. If you can reveal your settings it should be possible to find a solution.
    Hope this helps! Please rate all posts.
    Regards, Martin

  • SG500 stacked switch - deleted vlan config

    Hi all.
    I'm currently troubleshooting a problem occurred 3 days ago by a customer.
    He has 4 switches (sg500) 2 and 2 stacked. They're connected with glas using 2 interfaces (PO) in LACP. Everything went fine until friday evening when the second pair of switches were reachable only on VLAN 1.
    Long story short: those switches are exactly the same (model, firmware, config) they have 3 vlans (1, 200, 201) and ON THAT switch vlans were running correctly bud sadly on the uplink PO both 200 and 201 vlans were configured as "untagged" and of course they coudn't work. Logins are logged and I can find anything on the NVRAM nor Flash log. There's no reboot, no config change, no logins. Just suddenly the switch decided to remove the tag only on the uplink port.
    Can somebody explain me that behaviour?
    Firmware: 1.3.0.62

    Hi Paolo, this may be due to the smart port macro.
    Try to disable the smart port feature then manually configure the port again. This may require reboot after config change.
    -Tom
    Please mark answered for helpful posts

  • 2900 switch VTP problem

    Is there an issue with VTP on the 2900XL running IOS 12.0? all of our 2900 switches will forward VTP information to other switches but they will not use the VTP information to create their own VLAN database.

    How many vlans do you have configured? I think the 2900's may only handle 64 total and once you go over that it puts itself into transparent mode , maybe this is what you are seeing . What do you see if you do a show vlan on the switch . Also if trunking is not working how are you able to telnet to these switches ??? I wouldn't think it could be empty if you are able to reach the switches ok .

  • How do I keep my daughter and I's apps and contact info SEPERATE on the same itunes while sharing songs?

    How do I keep my daughter and I's apps and contact info SEPERATE on the same itunes while sharing songs?
    I need step by step directions on set up different profiles on itunes for 2 seperate iphones. I want to be able to share purchases if desired, but not have to have the same apps/songs on our phones. I could do with sharing songs.....apps not so much. Please Help!!
    Thank You

    This should help:
    How to use multiple iPods, iPads, or iPhones with one computer
    Regards.

  • Set-VMNetworkAdapterVlan throws Failed while applying switch port settings 'Ethernet Switch Port VLAN Settings' error

    Hi,
    I'm following this
    guide I'm getting an error when running the below command:
    Set-VMNetworkAdapterVlan -vmname PurpleVM1 -Isolated -PrimaryVlanId 2 –SecondaryVlanId 4
    Generates the following error:
    Set-VMNetworkAdapterVlan : The operation failed.
    Failed while applying switch port settings 'Ethernet Switch Port VLAN Settings' on switch 'New Virtual Switch': One or
    more arguments are invalid (0x80070057).
    A parameter that is not valid was passed to the operation.
    Does anyone know why this is happening?
    ta

    Hi TomG101,
    It seems that there is a configuration conflict on the virtual switch port .
    Also I tested the command on my lab , it works .
    For troubleshooting please  create a new virtual switch then try to configure again .
    Any further information please feel free to let us know .
    Best Regards
    Elton Ji
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • Can multiple 1394 Controllers be switched in and out of operation and configured correctly?

    The test system I'm working on has a 'core' VXI System using a Slot-0 1394 Controller that is always powered up but also requires other systems to be switched in and out as required under the control of LabVIEW 7.1 software. The interface to all of the VXI systems is made via PCI Firewire interface to the single controlling PC.
    The test system needs to be able to perform various sequences of actions using multiple peripheral systems but always with the 'core' system powered up. An example sequence would be:
    1) Power up the 'core' VXI system and communicate with the instruments
    2) Power up  peripheral VXI system '1' and communicate with the instruments
    3) Power down  peripheral VXI system '1' 
    4) Power up  peripheral VXI system '2' and communicate with the instruments
    5) Power down  peripheral VXI system '2'
    6) Power down the 'core' VXI system
    In order to simulate the above sequence of actions in a test environment I have two VXI Chassis systems and three Slot-0 Controllers which I have attempted to use as follows:
    1) Power up VXI Chassis 1 and communicate with the instruments
    2) Power up peripheral VXI Chassis 2 and communicate with the instruments
    3) Power down  VXI Chassis 2 and replace the Slot-0 Controller 
    4) Power up VXI Chassis 2 with the new Slot-0 Controller and communicate with the instruments
    5) Power down VXI Chassis 2
    6) Power down VXI Chassis 1
    I have registered all of the Slot-0 Controllers in MAX beforehand and they are persistent and appear as VXI systems '0'-'2' in the GUI.
    I have run resman programmatically in LabVIEW 7.1 (using NI-VXI 3.3.1 and the suggested patch) using a command line of "resman -b'n' -o" (where 'n' is the system number) in order to run the executable silently (which will be required for the completed test system). Resman is run after the power up of each chassis (for that VXI system only) in steps 1 and 2 and works ok at these stages. When resman is run after the power up in step '4' however, resman crashes along with LabVIEW.
    As an extra test I tried just attempting to 'find' each of the systems using the 'VISA find resource' VI after the power-up of each VXI system but without performing any other actions (i.e. running resman or communicating with the instruments). For steps 1 and 2 this also works ok but in step 4 this again results in a fatal crash in LabVIEW. 
    Could you tell me if these crashes are to be expected or if I am doing something wrong?
    thanks
    Lee Hutchinson
    Test Software Engineer
    BAE Systems
    Waterlooville
    Hants

    Hi Lee,
    In the VXI-1394 User Manual we say that you should always have VXI unit powered up before the PC. I think this would go for peripheral VXI units as well. For this system to work stabley I would have thought that you need to power up the peripheral VXI chassis, then the core then the PC.  The way you are doing it at the moment you are effectively replacing one 1394 controller with another and I don't think the PC will be able to handle the references to them in this manner.
    Regards
    Jon B
    Applications Engineer
    NIUK

  • UC520 SNMP change fast ethernet switch port vlan

    Hi,
    I've a UC520 running with uc500-advipservicesk9-mz.151-4.M5. I try to change VLAN on the switchport using snmp however look like the UC520 doesn't support "vmVlan".
    snmpwalk -v 1 -c private 10.1.1.1 ifDescr
    IF-MIB::ifDescr.4 = STRING: FastEthernet0/1/1
    snmpset -v 1 -c private 10.1.1.1 1.3.6.1.4.1.9.9.68.1.2.2.1.2.4 integer 151
    Error in packet.
    Reason: (noSuchName) There is no such variable name in this MIB.
    Failed object: SNMPv2-SMI::enterprises.9.9.68.1.2.2.1.2.4
    Does anyone know what is the MIB for change switch port vlan ?
    Rg,
    Gerald.

    What do you mean by dumb siwthc? What model/make/company is that switch?
    Can you try to do the reset of the switch so that it wipe off all the config what so ever present on the box and then try to connect the switch to the router?

  • Wireless still available when WRT54GS used as switch?

    I have a WRT54GS and am contemplating the purchase of a BEFSX41 I need for a VPN service. I'm planning on configuring my internet connection on the BEFSX41, and using the WRT54GS as a switch. My question is, will the wireless feature still be available on the WRT54GS when it's used as a switch? If yes, is it safe to assume that the wireless security features will also still be available? Any help is appreciated

    Yes. The wireless is always bridged into the LAN. Wireless security on the wireless link works just as normal. Things like access restrictions or port forwarding do not work anymore as the internet port is not connected.

  • Iphone 4s. Wifi switch suddenly grayed out

    Iphone 4s working fine until suddenly one day wifi connection stopped. Wifi switch found greyed out. Cannot slide switch. Control center says wifi not available. Settings>general>about says wifi n/a.
    Home router is fine. All other devices connecting. Forum suggested resetting. Did so, but didnt fix. Another suggestion was to heat back of phone with hair dryer. This actually worked, but only for 30 minutes.
    Is there a permanent fix?

    Hi robfrombrantford,
    If you are having issues with a greyed out WiFi setting on your iPhone, you may find the following article helpful:
    iOS: Wi-Fi settings grayed out or dim
    http://support.apple.com/kb/ts1559
    Regards,
    - Brenden

  • My itunes store switch is grayed out under restrictions

    My itunes store switch is grayed out under restrictions

    Is it a work iPad or do you have an Exchange (e.g. a work) email address set up in the Mail app on it ? If you do then it's possible that your workplace, or the email account administrator, is blocking the iTunes Store app.

  • My iphone switch off with out bactory.but its not switch on now i charged it arround 1 hr

    my iphone switch off with out bactory.but its not switch on now i charged it arround 1 hr.pls help me for that

    Have you tried a reset ? Press and hold both the sleep and home buttons for about 10 to 15 seconds, after which the Apple logo will hopefully appear.

  • Bluetooth does not work. switch is greyed out. how do I fix it?

    Cannot turn on bluetooth or wi-fi. Switches are greyed out in settings. How do I fix it?

    Try the common resets. Hard resets-Restore via itunes Make as new.- Turn the device off and on.

  • Switching options for HRSP and Firewall

    Hi All,
    At our Colo center our ISP is giving us two lines.  Each going to their own router and are configured as HRSP.  I have two firewalls that will be running in HA mode as Active/Passive failover.  I need to connect the two lines first to a L2 switch and then out to the firewalls. 
    I will be using a pair of switches for redundancy.  As I only need a few ports for this should I get two small switches, like something from the SG300 line and place them as WAN switches that go to the WAN side of the firewall? Or shoudl I just connect the lines to my existing LAN switches (cat 3650s) and then out to the firewalls WAN side and then back down to the switches from the LAN side of the firewall?
    What makes better sence here?
    Thanks,
    Chris

    Chris
    Personally i think is using the same switches for the internal and external side of the firewall is a bad idea. It does come down to cost but if there was misconfiguration on your 3560 switches it could have unexpected consequences.
    It does depend on what you what you do with the internet but basically if you connected your routers to the internal switches all packets from the internet hit your switch before they go to the firewall. So imagine if someone did a denial of service against the public IP of your firewall. All the traffic would first have to go via your internal switch and the firewall is there to protect your internal network in the first place.
    Like i say it does come down to cost and it could be unlikely you would ever see problems but to my mind if the firewall is there to protect your LAN you should not allow traffic from the internet to go via your LAN to get to the firewall.
    Others may see it differently though.
    Jon

  • Assigning VLANs to the Firewall Services Module

    I need add a new vlan group to our fwsm module. I have some doubts:
    What command do i need for it?
         firewall vlan-group 5 100,101,102,103,104,105
         firewall switch 2 module 4 vlan-group 5
         firewall switch 1 module 4 vlan-group 5
         or
         firewall vlan-group 5 100,101,102,103,104,105
         firewall switch 2 module 4 vlan-group 1,2,3,4,5
         firewall switch 1 module 4 vlan-group 1,2,3,4,5
    Will it be disruptive?
    Thanks!

    So, just to confirm, in this case to add/append a new vlan-goup to the firewall module I should use:
    Switch# firewall switch <1-2> module 02 vlan-group 2
    My main concern is if with the command It will replace the curent vlan-goup (4,5,6) or if it just append the new vlan-group.
    Thanks in advance!

Maybe you are looking for