Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[faa]

Dear Colleagues,

In our corporate office environment, we intend to segment our network due the high number of visitors we receive, and thus the need to have a guest VLAN/WIFI network for them.

Our switches are the unmanaged models and thus we intend to change them in order to create a different Guest WLAN.

Our access points as well are old dlink and linksys models and thus am not sure if we need to change them as well.

My questions are this

Do the Dlink web smart switches allow the creation o***uest vlan or a guest WLAN? Or we have to purchase the fully managed switches?
Will we require to change the Wireless Access Points as well? Or for us to have the guest wireless network does the wifi Accesspoint require to support multiple SSID's.
What other requirements or measures should we take to achieve this?

[FurryNutz]

Link>Welcome!

• What region are you located?

Do you have a link to these Web Smart Switches you interested in or have a model # that your interested in?

D-Link does have smart switches that have VLAN configuration features.

[faa]

Link>Welcome!

• What region are you located?

Do you have a link to these Web Smart Switches you interested in or have a model # that your interested in?

D-Link does have smart switches that have VLAN configuration features.

Yes, the model is DLINK - DES-3200-28P 24 PORT

Also my other question was whether the dlink websmart switches support guest wifi network creation and whether there is need to change the access points as well.


and the DLINK DES-3200-52 - 48 PORT

[FurryNutz]

What region are you located?

You can consult the use manual to see if there is a guest user configuration support however most guest wireless configurations are done on DAPs, not LAN switches.

[faa]

Yes, we got the switches fully managed.

Could someone guide me on the following points.

Whats the procedure of configuring the switches such that the guest wifi is in a a different VLAN and clients connected to it get a different set of IP address.

and they cannot access the corporate network

[faa]

Link>Welcome!

• What region are you located?

Do you have a link to these Web Smart Switches you interested in or have a model # that your interested in?

D-Link does have smart switches that have VLAN configuration features.

Africa region and yes the switches have the VLAN option....

[PacketTracer]

Hi,

in this discussion the most important point has not yet been considered:

In the end you will have two IP networks: a corporate network and a guest network, which on one hand must be strictly seperated from each other, but which on the other hand have to share your internet access (given you only have one). Hence, the most important network component in your scenario is your Internet access router, which must be capable to forward traffic between both networks and the Internet and to block any traffic flow between the networks, or in other words: It's the router which must provide some "guest network" feature in the first place. So, what Internet access router do you use?

Given you have a router of that kind, and it provides two LAN ports for seperate IP networks, that have to be connected to the corporate and guest network respectively, you could use any of the following combinations of switches and wifi APs to make your scenario work:

• Use two seperate unmanaged switches, one connected to the router's guest LAN port and the other connected to router's corporate LAN port. Connect VLAN-unaware wifi APs with single SSID support to the switches (using different SSIDs  for guests and corporate).
• You want to improve the first scenario by consolidating the switches. Instead of two unmanaged switches you want to have a single switch only. Hence it must be a manageable switch that supports VLANs. You would subdivide your switch into two port sets belonging to two different VLANs A and B. APs configured for guest SSID and the router's guest LAN port will be connected to switchports belonging to VLAN A, and APs configured for corporate SSID and the router's corporate LAN port will be connected to switchports belonging to VLAN B, respectively.
• You want to improve the second scenario by also consolidating the APs. Instead of using a pair of dumb APs (one for guest and one for corporate) that only support one SSID and no VLANs, you want to use a single AP, that can handle several SSIDs (at least two for guests and corporate) and map them to different VLANs that can be transmitted via a single Ethernet port. In order to connect APs of that kind to your switch, you need switchports that are configured for both VLANs A and B (a so called trunk), where Ethernet frames sent between the switch and an AP are distinguishable via VLAN tagging.

So, what exactly is your scenario?

PT

[faa]

Thank you packet tracer for your feedback.

My scenario is as follows,

Yes,true we have one internet access source.And it's true the intention is to share this internet access between the corporate and the guest wifi network and at the same time ensuring there is no traffic between the two.


We use a Pfsense router, basically its a desktop computer with two NIC cards where the pfsense software runs.   https://www.pfsense.org/

And yes the 3rd scenario is the perfect one since our AP's support multiple SSID's and the new switches as well are fully managed to support VLAN and switchports & tagging as described below.

And now that we have 5 switches do we have to create VLAN's in all of them in a similar manner .i.e to have VLAN ID 10 and 20 in each of them..some are 24 ports whereas others 48
I hope this make its clear now.

[PacketTracer]

Hi faa,

We use a Pfsense router, basically its a desktop computer with two NIC cards where the pfsense software runs.

So, probably one NIC is used as WAN link for Internet access, and the other one connects to the LAN?

If so, you must define two subinterfaces for the LAN-NIC, one for the corporate, and one for the guest VLAN and connect it to a VLAN-trunk port of your "core" switch.

And now that we have 5 switches do we have to create VLAN's in all of them in a similar manner .i.e to have VLAN ID 10 and 20 in each of them..some are 24 ports whereas others 48

It depends ...

In general: Any switch that connects to your router's LAN port [1] or to any of your APs [2], or that interconnects two switches of types [1] or [2] must be VLAN capable and ports must be configured for either trunk port (VLAN 10, VLAN 20), access port (VLAN 10) or access port (VLAN 20).

But you may also use unmanaged switches, for example for your wired PCs connecting to the corporate network: Given, your corporate network is VLAN 10, connect the unmanaged switch to a port of a managed switch, that is configured to be an access port for VLAN 10. Then connect the PCs to the ports of the unmanaged switch. The unmanaged switch can also be a manageable switch left unconfigured (i.e. meaning any port being an access port for VLAN 1) .

For more precise statements, a picture of your topology would be helpful.

PT