Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Advice to connect my network devices

Hello and thanks for reading,

I need to provide Internet wifi access to our visitors in the office while keep our network safe.

We have one Cisco 3560, I've created one VLAN for VoIP and assigned several ports to it, in these ports I attached the VoIP phones and also one SOHO Wifi router. The VoIP is using the attached router, but I want also to use the Wifi router for the wireless connections (mostly people with smartphones and visitors with their laptops). I don't want them to gain access to our LAN. All the other ports are in the default VLAN.

DHCP is active in the Wifi router but I can't connect to the Internet using my laptop. The laptop takes the switch default gateway instead of the router. I don't know if I can add a default gateway to the VLAN...

We recently added a server (SBS2008) to the office, it provides DHCP to the clients. When I switch on the server, then the wifi clients get the switch default gateway, but the DHCP server is now the SBS, and I can connect to the Internet BUT using the other ISP.

The diagram is simple like this:

Router for the LAN
|
Firewall
|
switch 3560 -------- WIFI Router (for VoIP and wireless clients)

I'm using the same subnet for both VLANs.

I can't get it working :-( Any help would be great !

Thanks,

Jud

1 REPLY
Silver

Re: Advice to connect my network devices

Generally I don't like to use the term 'best practices'; but it may be appropriate here.

The 3560 is a fine layer three switch and if you have the appropriate licensing it should be utilized as a layer three switch.

Each vlan *should* be a different subnet.  It's a fair forecast to say having the same subnet in different vlan's will always be troublesome.

Only one device should be provisioned to answer DHCP requests.  Having two will always lead to conflicts.  There is an exception to this but I doubt it's in the scope of this post.

Is the firewall in a layer2 mode or a layer3 mode?  I recommend layer2 (transparent mode) as firewalls are notoriously terrible routers and being placed between two great routing platforms it dosn't need to route.

To address the original concern of preventing wireless visitors from accessing LAN resources this can certainly be done with an ACL on the 3560.  That said visitors should have their own SSID, subnet and VLAN.

In your diagram the path for internet access in not clear.  Is the internet gateway via the 'router for the lan' or the 'swith 3560'.


Chris

242
Views
0
Helpful
1
Replies
CreatePlease to create content