Problems in address distribution in DHCP
-
You can not build a network with junk ;) you need to either isolate your networks at the physical layer with different switches and AP for each network you want. Or you need switches and AP that support vlans - its that simple = PERIOD!
-
@johnpoz I thought so.
So can not you just block one subnet from everyone ??
And with not like it sounds we'll move on to VLANs faster than I thought. -
@derelict We tried it. Did not work properly at all !!!!
-
@johnpoz Question: I have one switch which is the main and it supports VLANs Can I take out VLAN tagging. Then from AP (which is after some other "dumb" switches) will it work without affecting the rest of the network ??
-
@itay1787 said in Problems in address distribution in DHCP:
@johnpoz Question: I have one switch which is the main and it supports VLANs Can I take out VLAN tagging. Then from AP (which is after some other "dumb" switches) will it work without affecting the rest of the network ??
If you remove the VLAN tags, you'll not have VLANs. I assume you're asking if you can put the AP on just one VLAN? If so, yes. Assign an access port, on that managed switch to that VLAN and then connect the AP to it. The AP will then only connect to that one VLAN. Those dumb switches, between the AP and managed switch, will also be on that same VLAN. However, that means only one group can use WiFi.
-
You can downstream dumb switches from a smart switch sure... And all devices connected to that dumb switch will be in vlan X that thet upstream smart switch puts that switch in.
You can then use specific dumb AP and connect them to specific vlans depending on where you plug them in. Or if you want clients that are on different vlans to use the same AP then the AP needs to support vlans, and it needs to be connected to a switch that supports vlans.
This can be done very cheaply depending on how many ports you need and how many wifi clients you have and how spread out you need your network to be. A 8 port smart switch can be had for like 40$ an AP that support AC and Vlans say the unifi AC-Lite model is like 70$
-
I mean if I can set up VLAN from a switch that supports it and set it in tagging and then take the VLAN tagging from the AP and the AP is connected to the dumb switch and it will not affect the devices that are connected to the other ports in the dumb switch
Right? Because that's what vlan tagging should do.
-
VLAN tagging will pass through dumb switches. However, if your AP doesn't handle VLANs, which is what I thought you said, it wouldn't work. VLANs are just a way to logically separate networks. If you want an AP to support multiple SSIDs, which is necessary to separate users, then it must support VLANs. You'd also need VLAN support on pfSense or a managed switch to handle those VLANs.
-
While it is possible to pass vlan tags across a dumb switch - since it doesn't understand the tags.. There will be no isolation on that switch... All broadcast will go over all ports no matter the vlan it is suppose it suppose to be in.
Just because a dumb switch might not actually strip a tag, doesn't mean its good idea to run vlans over such a device...
If your going to use vlans than all your devices should support vlans - other than you can leverage dumb switches that are access level switches where only clients in the same vlan will be connected, and the only vlan that will go to that end switch is in a specific vlan... Ie as a downstream switch from a smart switch.. But no other vlans should cross over that switch.
-
I will tell you what I want to do as best I can explain and you will tell me whether it will work or not. OK?
- All my AP supports VLANs and multiple SSIDs.
- I have a smart switch that is the first and the main. The rest are not smart switches.
I want to pass a VLAN tagged from the main switch
Will pass through the non-smart switches to the APs. Then the APs will take the VLAN tagged, without damaging the rest of the network. Will it work? -
Why do you have to pass the AP across the dumb switch? Connect it to the smart switch... If you need the switch as an extension for the run - pick up a 40$ smart switch to use and hang your dumb switch off that.
Can you run the vlan tags across the dumb switch - more than likely they will not strip it... But what they will do since they do not understand vlans is all clients on this dumb switch will see all broadcast traffic from every vlan that cross over that switch. And any client on that dumb switch could just add a tag and join any vlan they want.
It is NOT how you run a network!!!
You might get away with this if your order of smart switches got delayed and you had to bring this up NOW or loose money because production is down and all you have is some dumb switch to use.. But this not how anyone who works in IT would do it... you might as well just run 1 flat network if this is how your going to run a network.
-
@johnpoz I can not replace all the non-smart switches there are too many such a network that literally size more than 300 stationary computers connected to it !!!
-
@itay1787 said in Problems in address distribution in DHCP:
@johnpoz I can not replace all the non-smart switches there are too many such a network that literally size more than 300 stationary computers connected to it !!!
I believe he suggested running a cable from the AP to managed switch. Is that not possible? How many APs are we talking about?
-
@jknott It really is not possible
There are about 10 to 12 AP -
@itay1787 said in Problems in address distribution in DHCP:
@jknott It really is not possible
There are about 10 to 12 APAny chance you could have just the APs on a dumb switch?
-
@jknott said in Problems in address distribution in DHCP:
VLAN tagging will pass through dumb switches.
if you are lucky. more often they just vanish, or get corrupted.
-
@heper said in Problems in address distribution in DHCP:
if you are lucky. more often they just vanish, or get corrupted.
Any switch that does that is defective. A switch is supposed to pass any and all valid Ethernet frames. A valid Ethernet frame consists of destination & source MACS, payload and CRC. What distinguishes a VLAN frame from others is the contents of the Ethertype/length field. The VLAN tag is carried in the payload area and should not be touched by a switch. The exception being managed switches configured for VLANs, which create, forward and remove the VLAN frames. There is absolutely no reason why an unmanaged switch would handle a VLAN frame differently than any other. The only exception would be ancient gear that cannot handle Ethernet payloads greater than 1500 bytes. If you run into switches like that, then just reduce MTU to 1496 to avoid the problem.
-
In the next few days I'm going to try to run the VLANs from the main switch and send it over the network via VLAN tagged. And see if the APs will work with it and that the rest of the network will be OK .....
Now I remembered having AP that they are in client mode so I have to check what to do with it.
-
What are these AP exact make and model? Client Mode doesn't sound like an AP that supports vlans to me ;)
-
@johnpoz said in Problems in address distribution in DHCP:
What are these AP exact make and model?
I can not tell you right now, I'm not there. But in two days I'll be there and tell you.