Im totally new to networking but have been asked to sort our IT by the boss.
We currently run a wired network that also includes 3 WAP's, with a network address of 192.168.2.x
we want to separate all wireless with an address of 192.168.3.x
How can we separate the wireless from the wired networks, while keeping internet and internal resource access for both?
we have a cisco 891 with 2 vlans on it (the default VLAN 1 and our new one VLAN10) going through a port to a 3000 series switch
the 891 handles DHCP as well, so I have a DHCP pool for 192.168.3.0/24, and a VLAN interface for VLAN10 (the wifi) both on the 891.
this is connected to the 3000 switch, which also now has a vlan created on it for wifi. There are 3 AP's connected to this switch. What modes do I need to set each of the 3 ports to? Trunk or access? tagged/untagged? should these ports only be a member of wifi vlan or both?
Please help as this is quite urgent and I know nothing!! thanks
So you have vlan 1 which is the wired network and vlan 3 which is the WiFi network and they are both routed on the 891 router. You do not want to restrict traffic between these vlans or to the internet, you just want them on separate vlans.
Is the above correct ?
If so the ports on the switch should be access ports which will be untagged and they should only be members of vlan 3.
Alternatively you could run 2 cables from the switch and put one in vlan 1 and one in vlan 10 ie. access ports/untagged and that should work as well although i have never done that before so you should test it.
It can be a bit complicated with trunks. Which vlan is tagged depends on your native vlan. If you have not set anything up explicity on the switch then vlan 1 will probably be untagged. You do not want vlan 10 as untagged on the trunk link unless you have changed the native vlan to vlan 10 on the switch (which i doubt you have).
The ports that connect to the APs should definitely be untagged.
What i would do is -
1) try making the connection between the switch and the 891 a trunk link. You will need to configure it on both ends of the link.
2) then try pinging between vlans and also try internet connectivity.
If 2) doesn't work then you can post your 891 config on here and we can check it out. Note the switch is a small business switch so there is limited knowledge of that in this forum but there is a forum for small business switches you can post if you need help setting up the trunk.
Edit - if the native vlan is not 1 on the switch then you will need to configure the trunk on the 891 with an extra command to tell it what the native vlan is. To clarify, the native vlan is the vlan that sends untagged packets on a trunk whereas all other vlans are tagged.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...