Setting up VLANs
-
I'm currently using ver 1.2.3 on a Firebox x700 with LAN1 and LAN2 with the following items below. In the next couple of days my 8 Port Smart Switch (TL SG2109) will be getting delivered and want to find out the best way to create Vlans (Smart Switch newbie).
8 Port Gbit switch
5 Port Gbit switch
Cable modem (Bridge Mode)
Linksys Voip adapter (Wired)
Access point Router
IPTV (Wired)
IPTV (Wireless)
Blu Ray Player (Wire)
Laptop (Wireless)
Laptop (Wireless)
Wii (Wireless)
Computer (Wired)
Blackberry (Wireless)
Server - File Server (Wired)Sleeps
-
Well we need more info than that… How many different VLAN's do you need? If you don't need any of your stuff separated then you don't need any VLAN's...
however, if you want different devices separated by a different virtual LAN then you first need to decide how you want them grouped.
-
Maybe I wasn't clear enough. As I'm new to this I thought someone would say this how I (you) would organise it and this how many Vlans you require. I will look at my setup and see the best way to group them together.
-
If we assume that I would setup this network to home only for my usage or to my wife usage, then all should be left to vlan1…
But it only depends what you want to achieve. managing QoS to Wii while playing online or what.
-
I'm with Metu on this one… I really see no point in setting up multiple VLAN's. It's just going to cause more work or your router. No longer will the traffic just go through your switches. It will have to go through your router as well to get to all your other devices.
You usually create multiple VLAN's to separate groups... OPSWAT the company I work at we have grouped our Build/Bot network, Production, & our DMZ VPN access. As we're growing we're going to be separating our Engineers, accounting, marketing, & sales.. etc. etc. You group them to separate their traffic. So you can help restrict access to certain information as well as to separate security zones.
For a home network.. Unless you're doing some home business stuff I really see no point in anything other than vlan1. Or you can set the VLAN# to anything if you really feel like changing it but I would leave every port on the same vlan.
-
Ok my plan is to seperate the two IPTV's and laptops (VLAN 10) and Voip adapter (Vlan 20) because these are using the largest amount of bandwidth. Also I want to have a better understanding of how Vlans work and get my hands dirty. My switch arrived yesterday.
Sleeps
-
So you will need three vlan's in the switch at least 1, 10, 20
as other topics have some info in them: don't mix vlan1 with other vlans at same interface. If I'd to do this, i'd use following configuration:
Lan1: default vlan, assigned to physical interface
Lan2: vlan 10, 20Smarter and experienced guys/girls can also advice.
-
At the moment Wireless access point is bridged to WAN. Would I have to connect that to OPT3 on the Firebox or create a seperate VLAN?.
Sleeps
-
it depends what you want to achieve with it.
you can also add it to switch with some vlan portconfiguration, from the switchport of that access point. and it's sharing that vlan over wifi.
but if you like manage that, you should change ip-address to that device(manual ip-address)And it also depends what is your accesspoint, that how it handles the vlans. is it Cisco aironet or some buffalo air-station. Cisco handles very well vlans but it's not the case with buffalo.
One primary thing in networking is to know what you want to achieve, then you design and implement it. And when you design, you'll have to think also that what happens in failureconditions, who is going to change devices and what kind of devices.
example of our customers: they have over 500+ computers and 50+ servers and everything is in same vlan. they also also have different departments, but everything is at default vlan, because if switch is going to break down middle of the night, any instrumentmanager can change that device without knowing configs or vlan settings from those ports.
-
I understand that you have to design and then then implement. This is so new to me and don't really understand but willing to learn also because I'm not using the system it makes it difficult. Later this afternoon I will get my hands dirty and hopefully make a little more sense.
I'm using a Tenda router with dual SSID and want to set it up so that all wireless equipment have access to the Internet. I have order a minipci card (which is going to take 2 weeks to arrive) for the firebox so will use this to replace the router.
Sleeps
-
start from basic configuration, check that it works. add some features(if it's not working simplify your config), check what was the problem and add the features..
if you're going to use wlan(ssid)/vlan in that tenda, you'll have to check how that support vlans in switch side of it, and does your switch also allow same kind of trunking usually IEEE802.1Q is used, but some manufacturers is using their propietrary versions.
-
Yes IEEE802.1Q is supported by the switch. I will give it a go once I finish work. thanks
Sleeps
-
Don't forget next thing. Usually devices with webgui supports gui to be working with native(default) vlan, so you'll have to check that you add also native vlan in that box. and from the switch side, dont tag that traffic.
native vlan traffic is always send without vlan tag.
-
You don't HAVE to use vlan1… If you only want 2 vlans you can just use vlan10 and vlan20. Just make sure you set all your switchports to access the vlan's you want.
I'm reading Metu's stuff... Are you trying to have two physical lans with one split by VLAN's?? I thought you just wanted one LAN with multiple VLAN's.
-
That's correct I want one LAN with multiple VLAN's. However I'm having serious problems with the switch (TL SG1209) been reading the PfSense Guide and having problems creating a trunk port. (In the manual it says Each Trunk should contain 2 to 4 ports. Trunk 1 = 1234 Trunk 2 = 5678) Only want to create 1 trunk and its not possible.
Any advice - driving me crazy.
Sleeps
-
Might help http://pfsense.site88.net/mysetup/switch/HP1800-8G_vlan_setup.htm
-
You only need one trunk per switch.. A trunk just carries information from multiple VLAN's accross it.
I work with Cisco gear.. So I don't know exactly on yours.
But for Cisco…
int e0/0
switchport mode trunk
switchport mode trunk encap dot1qAnd that port is now trunking whatever VLAN's you have created on it... You can get a lot more advanced than that. But you basically set the port into trunk mode... give it an encap mode. And you have a basic trunk.
If you only have 1 vlan there's nothing to trunk...
So you need a minimum of 2 for a trunk to have a point. -
@Keith: I didn't mention that vlan1 should be used, I only mentioned that default vlan might be "must to use"-list. As Procurves allow to change default vlan to someone else..
-
Might help http://pfsense.site88.net/mysetup/switch/HP1800-8G_vlan_setup.htm
Much appreciated. Looks simple and it was nearly the same sample (different switch) as in the book.
Sleeps
-
Created VLAN 10 and 20 (No trunk ports). Using port 8 on the switch to connect to the Firebox but not getting an IP address via DHCP. I have looked through the config and can't see anything wrong on the Firebox. Not sure what I'm doing wrong.
Sleeps