Personal computing discussed

Moderators: renee, Steel, notfred

 
Jon
Gerbil Elite
Topic Author
Posts: 980
Joined: Sat Feb 14, 2004 7:44 pm
Location: -Alberta-

VLAN for Private / Public Networks

Thu May 10, 2012 12:33 pm

Reworded this post a bit as I don't think I was coming across correctly

How can I achieve this:

1) Segregate private network from public wireless network using VLANs?
2) Allow public wireless network clients on a VLAN to get DHCP info from a server?

Basic diagram of physical network layout:
Image

I have a couple questions:

  1. I want to create a VLAN just for the public wireless network and leave the rest of the network traffic alone. Can I tag/untag all ports on all switches with the VLAN created specifically for the public wireless network?
  2. What happens to traffic that is not tagged with a VLAN ID?
  3. I'm a little confused as to what the default VLAN actually does and how it works into my scenario above. Any light on that would be great!

Any input would be appreciated.
Image
-Playing shooters on a console is like doing brain surgery with an ice-cream scoop-
 
notfred
Maximum Gerbil
Posts: 4610
Joined: Tue Aug 10, 2004 10:10 am
Location: Ottawa, Canada

Re: VLAN for Private / Public Networks

Thu May 10, 2012 8:16 pm

On the switches I would create 2 VLANs one for the public wireless network and one for the private network. I would use some numbers like 10 and 11 for the VLANs, don't use 1 (it's the management VLAN), 0 and 4095 are also special plus some protocols default to lower VLAN numbers as well. On the ports that link the switches, configure VLAN trunking, on the ports that connect to the APs configure them to be in the public wireless VLAN, and on the ports that are for the private network configure them to be in the private network VLAN.

When a frame comes in on the port, it will get encapsulated with the correct VLAN tag and pass over the trunk if necessary before being decapsulated at only ports with a matching tag. Whilst it may be possible to configure native VLANs (i.e. treat untagged frame as if it was in a certain VLAN) what I've suggested above will work with just about any VLAN capable switches and doesn't require any of the endpoints to be VLAN aware. If you want to manage the network, get a PC with a VLAN capable NIC and put it on a port with VLAN trunking configured. It will then be able to see/send to any port regardless of which VLAN it is in.

Who is online

Users browsing this forum: No registered users and 1 guest
GZIP: On