Several VLAN, SSID

I get to the point where my campus wireless network grows beyond the size of the subnet that I am uncomfortable dealing with.  I have a WISN and WCS and spin the latest IOS on each.  Is it possible to use several VLANS on a campus-wide SSID?

Or, can I put the same SSID on both controllers and map it to two separate without causing problems roaming VIRTUAL networks?

Thank you

Eric

Hi Eric,.

Yes we do, and this feature is called grouping AP on WLC... Here is the sample configuration to do the same thing...

http://www.Cisco.com/en/us/Tech/tk722/tk809/technologies_configuration_example09186a008073c723.shtml

Concerning

Surendra

Tags: Cisco Wireless

Similar Questions

  • WLC 2504 several VLANs multiple SSID

    I have three sites

    Data center management unit A - main - controller + Access - Point IP 172.16.x.x - Vlan 38

    Unit B - system managed by controller IP 172.17.x.x - Vlan 38 Access Points

    Unit C - system managed by controller IP 172.18.x.x - Vlan 38 Access Points

    In the network topology OSPF runs. We have several VLANS about 38 we wish to propagate through SSID, but maybe I'm not create more than 16. How to make a movement of the user of a unit for unit B how do mention Vlan IP for the user because it is 38 Vlan spread on each unit.

    UNIT A - UNIT B - UNIT C

    |                            |                               |

    172.16.X.X 172.17.X.X 172.18.X.X

    |                            |                               |

    VLAN 2-38 VLAN 2-38 VLAN 2-38

    |                            |                               |

    AP-1                          AP-2                        AP-3

    |                               |                               |

    User to user-1 user-2-3

    Need of advice and suggestion

    Hello Saad,

    If I understand your scenario, you have 2-38 or 16 VLAN for each unit. To ensure exactly the addressing specific IP must be assigned to the user, you must create groups of AP and add AP group particular AP. Let's say for the 1st floor that you used the subnet 192.168.1.0/24 and AP-group1 so all the first floor AP will be in AP group1. In addition to browse documents cisco you will get any idea on AP groups concept.

    In order to obtain roaming when users move from one unit to another unit we configure mobility in the controller. As OSPF is already running then you have reach-ability between the controller.

    Hope this information helps you.

  • 1252 config several VLAN trunking on ethernet not

    Hi all I am new to these forums, but have read some posts on configurations for an AP from 1252 to switch 2950.

    I have several VLANS andmultiple SSID configuration on my ap.  The switch knows the VLANS on the access point

    I think that in the config.

    When I put the 2950 in trunk mode on the port, the ap is conencted too, I can see no longer the access point. And none of my ssid / VLAN traffic through the stem net ether to the switch.  I think I have a problem with the config of the ap specifically either in the British Virgin Islands (do not understand this virtual port) or in bridge groups. (Never worked with foredeck groups.)

    The AP is in stand-alone mode.

    Here is my config on the side of the ap.

    interface Dot11Radio0

    no ip address

    no ip route cache

    !

    the cipher mode vlan 300 encryption tkip aes - ccm

    !

    broadcasting-key vlan 300 change 600 members-notice change in capacity

    !

    !

    SSID 101

    !

    SSID 300

    !

    countermeasure tkip duration of maintaining 120

    gain of antenna 0

    Base-1 speed, 0 2.0 5.5 11.0 6.0 12.0 9.0 18.0 24.0 36.0 48.0 54.0 m0. M1. M2. M3. M4. M5. M6. M7. M8. M9. M10. M11. M12. M13. M14. M15.

    root of station-role

    Bridge-Group 1

    Bridge-Group 1 block-unknown-source

    No source of bridge-Group 1-learning

    unicast bridge-Group 1-floods

    Bridge-Group 1 covering-disabled people

    !

    interface Dot11Radio0.100

    encapsulation dot1Q 100

    no ip route cache

    Bridge-group 100

    100 block-unknown-source bridge-group

    No source of bridge-group 100-learning

    No bridge group 100 unicast-flooding

    Bridge-group 100 covering people with reduced mobility

    !

    interface Dot11Radio0.300

    encapsulation dot1Q 300

    no ip route cache

    Bridge-group 255

    Bridge-group subscriber-loop-control 255

    Bridge-group 255 block-unknown-source

    No source of bridge-group 255-learning

    No bridge group 255 unicast-flooding

    Bridge-group 255 covering people with reduced mobility

    !

    interface Dot11Radio1

    no ip address

    no ip route cache

    !

    the cipher mode vlan 300 encryption tkip aes - ccm

    !

    broadcasting-key vlan 300 change 600 members-notice change in capacity

    !

    !

    SSID 101

    !

    SSID 300

    !

    countermeasure tkip duration of maintaining 120

    gain of antenna 0

    DFS block 3 Strip

    Speed - Basic6.0 9.0 12.0 18.0 36.0 24.0 48.0 54.0 m0. M1. M2. M3. M4. M5. M6. M7. M8. M9. M10. M11. M12. M13. M14. M15.

    channel SFR

    root of station-role

    !

    interface Dot11Radio1.100

    encapsulation dot1Q 100

    no ip route cache

    Bridge-group 100

    100 block-unknown-source bridge-group

    No source of bridge-group 100-learning

    No bridge group 100 unicast-flooding

    !

    interface Dot11Radio1.300

    encapsulation dot1Q 300

    no ip route cache

    Bridge-group 255

    Bridge-group subscriber-loop-control 255

    Bridge-group 255 block-unknown-source

    No source of bridge-group 255-learning

    No bridge group 255 unicast-flooding

    Bridge-group 255 covering people with reduced mobility

    !

    interface GigabitEthernet0

    no ip address

    no ip route cache

    automatic duplex

    automatic speed

    !

    interface GigabitEthernet0.51

    51 native encapsulation dot1Q

    no ip route cache

    Bridge-Group 1

    No source of bridge-Group 1-learning

    Bridge-Group 1 covering-disabled people

    !

    interface GigabitEthernet0.100

    encapsulation dot1Q 100

    no ip route cache

    Bridge-group 100

    No source of bridge-group 100-learning

    Bridge-group 100 covering people with reduced mobility

    !

    interface GigabitEthernet0.300

    encapsulation dot1Q 300

    no ip route cache

    Bridge-group 255

    No source of bridge-group 255-learning

    Bridge-group 255 covering people with reduced mobility

    !

    interface BVI1

    IP 10.131.10.70 255.255.255.0

    no ip route cache

    !

    51 of VLAN is what I'm trying to trunk more.  VLAN 100 is my networks vlan normal almost everything at the moment.  And my attempt to secure traffic wireless to a new vlan Vlan 300 more course on my local network.

    VLAN 51 has no ip address range

    IP VLAN 100 range is 10.131.10.0

    10.131.11.0 between 300 VLAN

    The routing goes to my switch 3750 core / router, but the access point is conencted to a 2950 namely shared resources to my layer distribution on a stack of 2975.  Once again the vlan 300 works on the 2975 stack and will pull dhcp if it is enabled.  Have not tried this on the 2950 yet, but I suspect it will also work based on the setting of the trunk on the s950 battery of 2975.

    In any case, I want to be able to do is have multiple VLANs configured on the AP (from most secure to least guarantee based on the capabilities of the equipment) and that traffic vlan tag go to my 3750 possibly for other guidelines.

    Here, any help would be greatly appreciated.

    Thank you for taking the time to read this.

    Sincerely,

    Kevin Pulford

    Systems administrator

    Harmon city, Inc.

    Yes, remove the vlan 51 can tell vlan 100 is the native, and there will be a link to bridge - Group 1.  Then change the switch port to vlan 100 native.  You should then be able to reach the access point via telnet/GUI.

    orders will be:

    config t

    No int dot11radio0.51

    No int dot11radio1.51

    No int g0.51

    int dot11radio0.100

    100 native encapsulation dot1q

    int dot11radio1.100

    100 native encapsulation dot1q

    int g0.100

    encapsulation dot1q 100 natively.

    To be sure, save reboot and wr mem.

  • Disorders from several VLANS layer 2 layer 3

    Hello

    We have a layer switch 3 PowerConnect 6248 switch with multiple VLANs and active routing and also a layer 2 with a PowerConnect 5324 switch couple VLANS configured.  My goal is to have several VLANs, through level 3 for the layer 2 switch switch and all VLANS communicate between them.

    I followed the steps under the 3 layer + Layer section 2 to the title of this post:

    en.Community.Dell.com/.../19506015

    Unfortunately, it does not work.

    Here is my current set up and what I tried. My configuration is made via the web interface.

    The 6248 has VLAN 1, 64, 110, 150 and some other configured on the switch. The IP address of the 6248 is 192.168.64.1.  I'm trying to get some vlan 150 and 110 for the layer switch 2 for may I have some ports in the service of vlan vlan portion 150 and some 110.

    I have the IP routing (routing > IP > Interface Configuration) for vlan 150 as 192.168.150.1/24 and vlan 110 as 192.168.110.1/24.

    The 5324 is connected to the 6248 via a port (connected to the port 1 of the 5324 and 18 the 6248).  18 on the 6248 port is currently configured as general / Admit All/PVID 150.  Port 1 on the 5324 is currently configured for the same, but with a PVID of the 1.  150 of VLAN is sent without the label of the 6248 switch and vlan 110 is sent labeled.

    5324 switch is configured with an IP 192.168.150.2 and a gateway of 192.168.150.1.  I am able to access the web interface of the switch and connect machines in any port and get on the 192.168.150.0 subnet.  I created a vlan 110 on the 5324 and it the tag on ports 1 and 4, but port 4 will not any traffic to vlan 110. I tried many settings of belonging to port / vlan various which have all resulted in failure.

    I would greatly appreciate help on this.  It seems that such an easy feat, but I just can't understand it.  I have attached some pictures for people to see.

    I had figured it out.  I enabled Double VLAN on the trunk of the 6248 switch port and it works now.

  • PowerConnect 5448 several VLANS between upstream and downstream server firewall

    I am struggling with what I thought, would be a simple task: route several subnets, each on one VLAN different, a firewall to a server.  In fact, I can't even pass the VLAN by default one still looking correct in the address tables and STP.

    Port 1 = firewall, VLAN 1 unidentified, 2 VLAN Tag, 1 PVID, tried the two trunk and general patterns

    17 = server NIC, VLAN 1 unidentified port, VLAN Tag, PVID 1 and 2 2, tried, tried both safe and general patterns

    VLAN 1 (firewall untagged) 10.84.195.0/24, 10.84.195.2 Interface IP and default gateway 10.84.195.1

    VLAN 2 (tag of firewall) 10.101.0.0/16, IP Interface 10.101.0.2 for 2 VLAN, firewall est.1

    The first thing I got was that something has not been properly marked by (Hyper-V, using SC VMM 2012 SP1) server or the firewall (Watchguard XTM 520).  Simple test: VPN Firewall, ping the switch to 10.101.0.2 with the tag, and works, remove the label and it doesn't.  Dynamic address table shows the two-way firewall.  Line 18 below appears right after the ping as planned on VLAN 2 with the same MAC address in VLAN 1.  In addition, I ping the switch 10.101.0.2 from the server and it works fine.  The table shows that VLAN 2 from the host (and 1 other VM), so it seems to me that everything is properly labeled.


     
    15 VLAN 1 00907f8f571b G1    
      16 VLAN 2 00155d1f1b07 G17    
      17 VLAN 2 001dd8b71c01 G17    
      18 VLAN 2 00907f8f571b G1    
     

    What I can't do, is ping through the switch to VLAN 2.  I can't ping my VPN server (10.101.20.1), and I can not ping to the gateway (10.101.0.1) from the server.  Note, it is not because of rules to firewall on each end.

    What Miss me?  I don't think I need a routing of layer 3 here, I don't have to go through VLAN, just have them several VLANS passes from one port to the other.

    Other things to note in case it is useful:

    -I have no connectivity not tag with everything else through the 10.84.195.xxx/24 switch.

    -If I delete the Tags VLAN port 2 1 trunk, I suddenly can ping the bridge VLAN 2 (10.101.0.1) from the server, although I suspect that it is because the same port is the default gateway for the switch.

    -For brevity, only 2 lines of the STP are listed below, but all ports are therefore based on the question of whether they are connected or not.

    G1 activated 128.1 Frw Desg P2P (STP) No. 4
    G2 activated 128.2 Dsbl Dsbl No. 100.

    -Latest firmware installed.

    -In addition, for people concerned about their security, I want to remove use VLAN by default in the future.

    Would it be possible for run you to stick your show output here in the forum.  In this way, we can take closer look at what you have configured.

    If you connect a desktop/laptop computer (with and intellectual property in the 10.101.0.0/16 range) in a port with the mode of access switchport VLAN 2 are you able to ping IP Interface 10.101.0.2 for 2 VLANS?  You could try to disconnect the firewall and the configurations for the port and work on getting through the switch with 2 terminals on a single VLAN.  Then, once this is confirmed as work connect the firewall back up with a trunk/general mode adding the VLAN necessary.

    You connect to the firewall on a layer 3 interface?  You need Layer 3 routing to reach the firewall correctly.

  • Dynamic assignment of VLANS / SSID using the IAS 4402/MS

    Greetings,

    In short, we have a WLC4402 (50 AP license) and about 30 1252 s towers in place. At the moment we have three VLANS / SSID in place - one for admin, to teachers and students. The WLC uses a server for MS Windows 2003 running IAS for PEAP authentication. Windows XP, the SSID clients entered manually based on "prior designation" 'type' laptop (admin, teacher or student).

    It works very well. However more frequently our users were 'sharing' portable computers so a student can need to use his laptop computer and vice versa. In short, we would like to use the dynamic assignment of VLANS / SSID as well as if a student has the teacher, 'students' laptop VLAN / SSID would receive them when connect (and apply the appropriate ACL, QoS policies, etc.)

    We have found the documents on how to do that with a CBS, but is there something available for this configuration with a MS IAS server.

    All entry information would be greatly appreciated.

    Joe

    The installer works fine with the Server IAS Ms. You must set the options for RADIUS (3 of them) which are documented in the ACS similar article of the same ilk. You can have one SSID, using RADIUS authentication and have the Active Directory to determine the membership to a vlan based on the group.

    The RADIUS attribute parameters are

    Tunnel-Type = Vlan

    Tunnel-Pvt-Group-ID = vlanid

    Tunnel-Medium-Type = 802

    I also like to set

    Ignore-User-Dialin-Properties = True

    You must create some policies in IAS to match your windows groups and set the id vlan correct. A separate policy of IAS by vlan.

    Set the attributes RADIUS by political IAS and ad group or however you plan on the determination of the membership.

    If you want to use RADIUS for administration, you must also define a separate policy that defines the RADIUS of the Service Type administrative = attribute

    Jim

  • Several VLANs on bridges series 1300

    Hello

    I'm looking to plug a small building outside of a main bridge wireless campus. The building, I connect currently has two VLANs, the 1300 series bridges carry several VLANs via the wireless bridge? If so someone can point me to s document that explains it?

    Thank you very much

    Simon

    Hi Simon,.

    Yes they can, here is a link, I hope it helps you, look at the title of "bridge Configuration.

    http://www.Cisco.com/en/us/products/HW/wireless/ps4570/products_configuration_example09186a00801d0815.shtml

    Kind regards

    Milton Tizoc.

  • 4235 IDS Sensor monitoring several VLANS & TCP Reset (packet Injection)

    I understand that the 4235 sensor can receive traffic are split to several VLANs than 802. 1 q tags have been placed on the switches (3750 of in this case).

    I have two questions (account required to the statement above in correct).

    1 is it possible to inject traffic (eg. reset the TCP sessions) in each of VLAN monitored (i.e. the 4235 would mark the package injected with good destination VLAN for the response) or only the native/actual VLAN the SPAN destination.

    2. is the traffic carried by the 4235 as coming from multiple virtual interfaces (eg. for the period of INVESTIGATION purpose spoof detection within each VIRTUAL local area network)?

    Thanks much for the reading of the same day. Any input greatly appriciated.

    On your second question, no. monitored traffic is considered as coming from a single virtual interface. The sensor reads the header of the vlan on the packages wrapped and includes with the alarm and more uses for TCP resets. But, you can apply signatures for traffic VLAN specific sensor is followed.

  • SA520W VPN from Site to Site with several VLANs

    Hello

    I have a customer here with several VLANS in their places who wants to set up a VPN from Site to site between 2 devices SA520W. Unfortunately I can not find a way to set it up. In the VPN policy, I can choose between everything (which is not what I want, I want only traffict between subnets the routed via VPN), IP address unique, a beach (in a subnet) and a subnet itself - but only one. I don't find a way to configure several subnets in the selection of local traffic and remotely. Adding another IKE policy between the 2 sites does not either (which is good normally).

    Any ideas? Anything I'm doing wrong?

    Thank you for your help.

    Best regards

    Thomas

    I know that if you have an ASA or a router, you can define as VLANS to pass through the tunnel.

    Do not have access to a SA520W to test...

    A recommendation might be to post the question on the SMB community where they answered questions related to this product, just to check what other people did.

    Federico.

  • PowerConnect 2848 - several VLANS on the 1 port does not

    Hello everyone.

    I have a Dell PowerConnect 2848.  My router is a Netgear SRX5308. In the router, I've created several VLANs (VLAN ID 10 and 20) and would that pass to the ESXi server. If I connect the ESXi server directly to the router, everything works as expected. My VMs are picking up correct VLAN based on the parameters of ESXi.

    I need the 2848 between the two, because I need to add more devices and other servers with a VLAN specific.

    Currently I use port 25 for switch 2848.

    I put the switch to managed mode.

    I created switch-> VLAN-> belonging to a VLAN, VLAN ID 10 and 20.

    I select 10 VLANS and put the T on port 25.

    I select the VLAN 20 and put the T on port 25.  (I also tried to put a U on them, just to try, but did not work)

    But my virtual computer are not able to reach the DHCP on the router.

    Spanning Tree is enabled.

    I'm obviously missing something...

    I have already passed last week banging my head on this, but have not been able to pass traffic along.

    Help, please!

    So you're on the right track. If port 25 is facing the router? What port must face the ESXi Server? That port should also have VLAN 10 and 20 should be labelled.

  • Affecting several VLANS to a Port Group

    Hi all!

    We have 2 switches farm of server connections to the host server. Each of our 8 ESX servers has 4 physical network adapters that support virtual machines. We have 2 network cards to each physical switch. We have a single vSwitch and 2 port VM groups set up on each ESX Server. We use and configuration active / standby in Port groups so we can control what physical move the VM speaks to. All 4 network cards are available for the Group of ports, with connections going to spend 1 active and forward to switch connections 2. It is reversed on the other group of Port.

    We have several VLANS associated with our data center. Is it possible to put the tag VLAN on 2 port groups VM to support multiple VLANs? Otherwise, I think we have to put up a pair of these groups of ports for each VIRTUAL local area network, we want to make it available to the virtual machines on each ESX Server. Is this correct? We have some circuits/EtherChannel enabled on switches that work properly. However, we cannot port VM groups to pass traffic unless label them us, and it seems we can only enter a VIRTUAL local area network in the area.

    Thank you in advance for your help!

    Steve Hurd, MCSE, CCNA, VCP

    To use the trunks that are coming in your ESX host, you must have your VLAN Tag somewhere along the way.  If you are not at the level of the switch (since you're trunking), you will need to do the vSwitch, either the level of the virtual machine.

    VSwitch level, this by creating exchanges and then marking at the level of the port group.  Marking that is currently happening in the ESX/vSwitch, and your vm must use the port suitable for group the VLAN they need to use.

    Your last option is to tag at the level of the virtual machine itself.  To do this, your vSwitch must use VLAN 4095 tag, which allows all the VLANS to pass through, and all tags are marked.  The portgroup vSwitch here is basically a tunnel and will allow the unmodified traffic, but now, you have to mark your VLAN of the NETWORK adapter in your virtual machine.  It is very effective if you have a large number of virtual machines.  The most practical method will be to create the VLAN-based exchanges at the vSwitch level and go from there.

    Unlettered, somewhere, communication will not incorrectly, as the physical switch will assume that all traffic not marked will even vlan uses unmarked frames (vlan native), and machines on that vlan can communicate each other.

    -KjB

  • Connection problems SSID with several VLANs

    Hi all

    I'm having a little problem getting a device to associate with an access point and enter an IP via DHCP on a particular SSID. This access point has two VLANs, with two different SSID configured. The configuration is locked. For some reason I can't connect to 2 SSID on my wireless device, but the SSID works very well. I see authentication through the newspaper, so I know that the pre-shared key is correct, but may not enter an IP address (which makes me think I have a problem in the bridge group). Any thoughts?

    Also, I tried both a trunk port and an access port on the switch that is connected to the access point. With both, I can connect and enter an address IP of the VLAN 20 (SSID 1), but not to VLAN 10 (2 SSID).

    SSID dot11 1

    VLAN 20

    open authentication

    authentication wpa key management

    WPA - psk ascii 'key '.

    !

    SSID dot11 2

    VLAN 10

    open authentication

    authentication wpa key management

    Comments-mode

    WPA - psk ascii 'key '.

    Bridge IRB

    !

    !

    interface Dot11Radio0

    no ip address

    no ip route cache

    !

    algorithms for encryption tkip encryption mode

    !

    encryption vlan 20 tkip encryption mode

    !

    encryption vlan 10 tkip encryption mode

    !

    SSID 1

    !

    SSID 2

    !

    antenna transmit right

    straight reception antenna

    root of station-role

    Bridge-Group 1

    Bridge-Group 1 block-unknown-source

    No source of bridge-Group 1-learning

    unicast bridge-Group 1-floods

    Bridge-Group 1 covering-disabled people

    !

    interface Dot11Radio0.10

    encapsulation dot1Q 10

    no ip route cache

    Bridge-group 10

    10 bridge-group subscriber-loop-control

    Bridge-group 10 block-unknown-source

    No source of bridge-group 10-learning

    No bridge group 10 unicast-flooding

    Bridge-group of 10 disabled spanning

    !

    interface Dot11Radio0.20

    encapsulation dot1Q 20

    no ip route cache

    Bridge-group 20

    Bridge-group subscriber-loop-control 20

    Bridge-group 20 block-unknown-source

    No source of bridge-group 20-learning

    No bridge group 20 unicast-flooding

    Bridge-group 20 covering people with reduced mobility

    !

    interface FastEthernet0

    no ip address

    no ip route cache

    automatic duplex

    automatic speed

    !

    interface FastEthernet0.10

    encapsulation dot1Q 10 native

    no ip route cache

    Bridge-Group 1

    No source of bridge-Group 1-learning

    Bridge-Group 1 covering-disabled people

    !

    interface FastEthernet0.20

    encapsulation dot1Q 20

    no ip route cache

    Bridge-group 20

    No source of bridge-group 20-learning

    Bridge-group 20 covering people with reduced mobility

    !

    interface BVI1

    192.168.0.210 IP address 255.255.255.0

    no ip route cache

    Default IP gateway 192.168.0.1

    1 channel ip bridge

    Thanks for your help!

    Your bridge-groups do not have the tail. You have 10 VLANS mapped to bridge-Group 1 on the FastEthernet interface but mapped to bridge-group 10 on the radio just remove the bridge Group 1 of the main radio interface and apply it to the subinterface dot0.10.

  • WLC 4402 assign several VLANS to an SSID

    Is it possible to have a SSID broadcast but separate customers by, lets say 7 different VLAN in the WLC?  For example, each floor would be separated from its own pool vlan and DHCP, but they all connect to a SSID in the controller.  From what I read, it seems that each vlan would receive its own SSID?

    Sure.  Take a look at "AP Groups".  You want to also make sure that you have no purging of the adjacent floors, because you might have clients connected to the APs on the floor above or below and who could shake your roaming.

    -John

  • Selection extended DHCP and several VLANs

    I have a switch that has 2 VLANS: vlan 2 and vlan 3 - and both computers are connected to the switch where each PC is a member of one of VLAN.

    PC2 = VLAN2

    PC3 = VLAN3

    The switch is connected to a router that acts as a DHCP server with several 3 DHCP scopes for each of VLAN, basically a simple configuration "router on a stick".  This question has been confusing me for some time: How does the router knows what dhcp scope to assign an IP address to a particular computer?

    Let's say PC2 is now trying to get an IP address from the DHCP server, I know initially that he will send a DHCP DISCOVER broadcast to the router message and I assume that the router will know the VLAN demand coming as well based on the information contained in the package. But how the router discerns what scope to assign IP address to PC2 especially if I need PC2 to have an IP address in the subnet 192.168.2.0 and NOT 192.168.3.0 or vice versa?  The controls of such a choice?

    IP dhcp pool vlan1

    DHCP excluded-address IP 192.168.2.1 192.168.2.10

    DHCP excluded-address IP 192.168.3.1 192.168.3.10

    !
    IP dhcp pool vlan2
    network 192.168.2.0 255.255.255.0
    test.com domain name
    Server DNS 192.168.2.1
    default router 192.168.2.1

    !

    IP dhcp pool vlan3
    network 192.168.3.0 255.255.255.0
    test.com domain name
    Server DNS 192.168.2.1
    default router 192.168.3.1

    THX sc.

    Hi Sherwin,

    It's will be very simple. I guess that on the router configuration stick will have something like below.

    FAS int 0/0.2

    encapsulation dot1q 2

    IP 192.168.2.1 255.255.255.0

    FAS int 0/0.3

    encapsulation dot1q 3

    address 192.168.3.1 IP 255.255.255.0

    Now when a PC that is connected to the VLAN 2 send a DHCP broadcast this program is received by the interface that belongs to the same broadcast domain (VLAN 2). This broadcast is received by the Fas 0/0.2 and this has encapsulation dot1q sub interface 2 and so it will be part of the same broadcast domain (VLAN 2). If the router will search if there is no DHCP scope configured for the ip range on the interface sub Fas 0/0, 2. Now, router knows the 192.168.2.0 extended DHCP and assign the IP range of this scope to any PC in the VLAN2.

    I hope this helps.

    Concerning

    Najaf

    Please rate when there is place or useful!

  • Several VLANS and DHCP relay on two stacked switch SGE2000-G5

    We were put to the task of securing a small desktop system managed that is currently set up with a standard switch for each of the offices (with different companies) to see each other and in some cases, access to each of the other documents on the network.

    Obviously, this is far from adequate set up and our goal is to isolate each office using VIRTUAL networks, but share a common internet connection provided by managed offices.  We have two switches for layer 3 Cisco SGE2000-G5, but we are new on Cisco equipment and VLAN, so we are not quite sure on how to implement this.  DHCP must be provided by a router, there is no server.  We are open to suggestions on the router as we still buy a.

    I hope that someone may be useful.

    Thank you very much

    Jim

    Hi Jim,.

    SGE2000 switches you are using must be able to handle this without issue. What type of router you are using? As long as you have a router that will take in charge VLAN / several subnets, it should be a simple configuration.

    Here's a quick run down of the measures to be implemented. (using vlan1 and vlan2)

    On the router, create a vlan / subnet 2 and set the port to connect to your shared resources with the two VLAN 1 and 2 switch. (it will be untagged, two will be marked)

    On the switch, create vlan2 and do the same for the port connected to the router. (vlan1 marked and tagged vlan2)

    Now for each switch port that you want to assign the port access and vlan1 and vlan2. (this vlan will be without a label)

    If your router allows, disable routing inter - vlan. If this isn't the case, you must create rules to block traffic from one network to the other.

    All this happens under the assumption that your router can support VLAN and can also make DHCP for this VLAN.

    Hope this information helps

Maybe you are looking for