Need help setting up VLANS

Unanswered Question
Nov 11th, 2009
User Badges:

I have a DSL modem, RVS4000,WRV200 and SLM2008. I'm trying to create several vlans using the SLM2008 switch so that all my computers have internet access (wired) some also have internet access (wireless). But restrict how my computer “talk” with each other. I have a media server and two media computers I want to be able to “talk” with each other but not with any other computer on the network. I have a desktop computer that I don't want to “talk” with any computers on the network (just needs wired internet access) and I have two laptops that need wired and wireless internet access but should not be able to talk to each other or any other computers on the network.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
zubair.sayed Thu, 11/12/2009 - 05:20
User Badges:

I would loved to help but I dont know this specific switch that well. Although it seems like this switch should have some management software in which case conf vlans should be easy.

LordFlasheart Thu, 11/12/2009 - 06:02
User Badges:
  • Bronze, 100 points or more

It could get a little messy but in theory you could create a VLAN for each scenario:


VLAN 2 - I have a media server and two media computers I want to be able to “talk” with each other but not with any other computer on the network.


VLAN 3 - I have a desktop computer that I don't want to “talk” with any computers on the network (just needs wired internet access)


VLANs 4 & 5 - I have two laptops that need wired and wireless internet access but should not be able to talk to each other or any other computers on the network.


Assuming there is no interVLAN routing it should isolate those PCs in each scenario. Now just connect your switch to the net using the dot1q trunk.


Please rate if helpful.


Regards

nettech_gt Thu, 11/12/2009 - 16:42
User Badges:

I tried creating VLANS as you suggested. I set port four on the RVS4000 as a "trunk" port and connected from that port to port eight on the SLM2008. There is not a feature on the SLM2008 to set a port as a "trunk", like you can with the RVS4000. I made port eight a member of every VLAN but..... whenever I access the internet on any of the computers all ports on the SLM2008 light up. Shouldn't only port eight and whatever the particular port that computer is connected to light up when the internet is accessed?

diggy Tue, 12/08/2009 - 17:10
User Badges:

I'm only familiar with the slm2008, never worked with any of the others.  For all those different scenarious, it really sounds like you will need a true IOS router (or another router brand that can do 802.1q) since you will need to do inter-vlan routing at the device that routing the internet traffic.  You could put another router on the network to do it, but why deal with another device.  I have a simple setup at home using a cisco 871 that my cable mode plugs into.  The fa0 interface is the uplink to my slm2008 in the attic.  I have 2 vlans, vlan 1 and vlan2.  vlan2 is used for my voice IP phone for work, vlan1 is just the default vlan for my other devices.


fa0 interface is the uplink from the 871 to the slm2008, and is in switchport trunk mode as well as vlan2 assigned as the voip vlan and the qos policy assigned to it via the auto qos command against the interface which automatically creates a voip qos policy


interface FastEthernet0
switchport mode trunk
switchport voice vlan 2
!
service-policy output qos_class_policy_sdm


On the SLM port 8 is the uplink to the 871 router and I i added vlan2 on the slm2008 and assigned vlan1 and vlan2 to port 8 which basically is the way to make it a trunk port.


The key and which I think is the root of your problems is you need to create vlan routing instances/interfaces (which I am thinking maybe the linksys 4000 can't do since, well, it's a linksys) which is usally a more advanced feature and available on more "true" routing devices.  For my cisco 871, its as simple as adding the following to allow inter-vlan routing as well as both vlans access to the internet.


interface Vlan1
description $FW_INSIDE$
ip address 192.168.250.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly
zone-member security in-zone


interface Vlan2
description $FW_INSIDE$
ip address 192.168.251.17 255.255.255.240
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly
zone-member security in-zone


At that point, you can control what traffic flows between interfaces/vlans via firewall-zones/ACLs.


Remember a trunk is just the ability to carry multiple logically definated networks over the same physical wire, but without a routing instance for a vlan, no traffic assigned to the vlan can ever leave/route to any other devices outside that assigned vlan, but will only be switched between devices in the the same network./vlan.


As far as why all the lights light, it is probobly due to unicast broadcast.  When a switch doesn't have a ip-to-mac record in its cam, it will flood all ports on that switch hoping that it will find it's intended target and populate it's cam tables properly.  These can become a very bad thing if the MAC address doesn't get learned  especially if a device send traffic is 1gb or 100mb and a device on the same switch is only 10mb.  The 10mb device will get destroyed.  We had this type of problem at my work, and older SPARC with only 10mb interface was getting killed becuase of a network misconfiguration that caused it.  This situation is called a unicast-storm.

Actions

This Discussion