02-04-2014 02:33 AM
Hello,
I want to setup VLAN to separate attached devices (will use a VLAN capabel WLAN accesspoint).
I am looking at the Cisco Small business products.
Like this: SG200-08P
This is my goal:
3 VLAN's: Internal, External, Guest
Devices connected to Internal can access External + Internet.
Devices connected to External can only access its own VLAN + Internet.
Devices connected to Guest are separated, they can only acess Internet.
I have a LAN Internet connection, with one IP address.
So I need NAT and Routing.
Do I need a VLAN enabled Router, or only a VLAN enabled Switch (Layer 2 / 3 / Smart)?
Can a Smart Switch act as Router?
Please advice me for Cisco - Products.
02-04-2014 09:19 AM
Hello Sam,
For your setup you will still want to get a router. Our Layer 3 switches do not do NATing or have any kind of firewall, so you probably would want something else in front of this on the edge of your network.
With a layer 3 switch it is possible to buy a router that doesn't do VLANs and still make it work. The RV series of routers would work well for this. All of them except for the RV016, RV042, and RV082 are VLAN capable. Even with those three you could set it up, it would just be a slightly different setup.
With a VLAN capable router you can do what is called router-on-a-stick, where all the VLANs are trunked up to the router, and it handles the Inter-VLAN routing. You can also set it up where the switch is everyone's default gateway, and it does the routing. In that case you would just have a point to point link between the router and switch, along with some static routes to make it all work.
So basically with a layer 3 switch you have some options, but you will still want a router for the NAT and the firewall features. It is possible to put a layer 3 switch directly on the edge, but only if you own enough public IPs for all of your devices.
Hope that helps a bit,
Christopher Ebert
---
Senior Network Support Engineer - Cisco Small Business Support Center
02-04-2014 09:32 AM
Oops, I just noticed you were talking about an SG200, not a 300. So Marty is correct, you would need a layer 3 switch or a VLAN capable router like the models he recommends to set this up.
02-04-2014 09:28 AM
Sam,
The SF and SG200 'Smartswitch' is not capable of Inter-VLAN routing. You will want to add a router that is VLAN aware (RV110W, RV120, RV180(W), RV220W, etc.) OR use your current router with a Layer 3 switch such as the SG300-10.
- Marty
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: