I have inherited this network and don't fully understand the setup. I am hoping someone can give me some clarification.
Our main nework uses 172.20.0.0/16 the untrusted is set to 10.0.0.0/8. A seperate network was created for untrusted users to connect to and get internet only access.
VLAN101 is used to put ports into the untrusted network.
On the router we have the following config (in brief)
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-dgm
ip route 0.0.0.0 0.0.0.0 172.20.254.1
ip route 10.0.0.0 255.0.0.0 172.20.2.22
ip route 10.0.1.200 255.255.255.255 172.20.2.22
no ip http server
*The 172.20.2.22 is a NAC that acts as the gateway between the untrusted and internal network, also for untrusted clients to get through to the internet.
*Unlike other vlans on the router there is no interface for vlan101. In fact vlan 101 does not exist on the router, is it in layer2 mode?
Config On the switches....
switchport access vlan 101
I setup a scope on a windows dhcp server to supply ips and it works, I don't know how it works as I cannot find any setting that links vlan101 to the 10.0.0.0 network. However, now I am trying to create a second subnet in the 10.3.0.0 range and I cannot figure how to get the clients to pull IPs from that scope. The 2nd scope is necessary so I can break up the untrusted network, which is being used for wireless clients as well, to allow more than 1 ssid on the wireless with different levels of access.
Does anyone know in this setup how VLAN101 knows to grab the 10.0.0.0 dhcp settings? And how I would add a second VLAN to grab a different range in that network.