Need some VLAN help

[JRDtechnet]

Despite having worked on computers for over 10yrs...I'm a bit embarrassed to say I'm not that good on the networking side of things. Most small businesses I deal with have less than 10 computers. Anyway got a new client that has a bunch of people come in at least once a week and with all their laptops and smartphones they pretty much run out of IP addresses. So I figured why not do VLANs.

Here's what we have.
Cisco RV320: I set VLAN 200

Than configured the DHCP for that VLAN:

The RV320 is connected from LAN1 to port 24 on a TP-LINK: T1600G-28TS Smart Switch...sometimes this has (TL-SG2424) when looking up that model, not sure why. I've configured the VLANs on the switch as follows:

Port 3-8 have UAP plugged into them...I tried changed those to tagged as well to no avail. Oddly this switch doesn't have to ability to set a trunk port which was taken out with the latest firmware. Some people have said that all port pass through the vlan traffic, while others have said they have had success just tagged port to the router for all the vlans.

And finally the wlan on the unifi controller:

The other wlan configured without VLAN works fine and gets the the proper IP address I have DHCP turned off in the controller under networks so I know its getting the IP from the router.

Can anyone see what I've done wrong here? THanks

 

[BlackLabTechs]

I can't help with vlans but if you want to keep it simple just reduce the dhcp client lease time. This will release unused ips faster freeing them up for others. Much simpler than adding complexity of vlans.

 

[TurricanII]

You can also use a simple broadband router to do NAT. Plug the want port into your existing lan and have a bunch of clients use the lan ports/plug wifi in/get DHCP from the broadband router.

As above 12h lease time should help, in case your current DHCP has a default of e.g. 8 days

 

[trevm999]

You can also use a simple broadband router to do NAT. Plug the want port into your existing lan and have a bunch of clients use the lan ports/plug wifi in/get DHCP from the broadband router.

No he doesn't want to do this, that wouldn't work with his UAPs for one thing.

I recently got some help regarding VLANs here, so hopefully someone will be along shortly. @NETWizz

 

[TurricanII]

No he doesn't want to do this, that wouldn't work with his UAPs for one thing.

How would it not work? I have not used Unify but surely if you plug the controller and WAP's into the LAN side of the NAT router then they will all be on the same LAN subnet/broadcast domain and function as they do now?

Basically I am pointing out that NAT might be an option to very easily/quickly provide a bunch of IP addresses on a subnet of your choosing whilst using only one of your LAN IP addresses, which might suit in environments where you are starved of IP addresses and can't or don't want to amend routers/switches/vlans/subnets/dhcp servers.

 

[YeOldeStonecat]

How many workstations/laptops are on this network?
How many smart phone devices?

The Unifi APs support VLANs...what we'll typically do is have the "production network" on default VLAN, 1.
we'll make a second VLAN for guests...like VLAN6. Have 1 port on the switch untag VLAN6 and uplink to another interface on the router...that interface on the router running DHCP on another subnet like 192.168.10.xxx
Or if the router supports VLANs on interfaces, just have the guest VLAN lead up to that interface and pull the default VLAN 1 from that uplink port on the switch.

 

[trevm999]

How would it not work? I have not used Unify but surely if you plug the controller and WAP's into the LAN side of the NAT router then they will all be on the same LAN subnet/broadcast domain and function as they do now?

Basically I am pointing out that NAT might be an option to very easily/quickly provide a bunch of IP addresses on a subnet of your choosing whilst using only one of your LAN IP addresses, which might suit in environments where you are starved of IP addresses and can't or don't want to amend routers/switches/vlans/subnets/dhcp servers.

Technically that would work if you want your wifi and your guests on the same subnet. But even though UAPs support guest mode, I like to make sure that traffic is kept completely separate. I also keep an SSID on the default VLAN, so that wouldn't work for my setup (for example). Also, a business doesn't spend the money on a managed switch so that another tech will come in and just sell them another router. The next tech they bring in doesn't even have to bad mouth you, they just have to set up VLANs and hand them the router and tell the client that they never needed it for them to start talked about how you sold them equipment they didn't need.

 

[trevm999]

Here are my thoughts, and they might be wrong, and if so if someone corrected them that would be great.

1. Why do you need to modify the VLAN 1 on the switch?
2. In my mind, all you would have to do on the switch to get wifi working properly is to tag ports 3-8 and port 24 with VLAN 200
3. The first screenshot of the router confuses me. In my (limited) experience you either tag a single interface on a router with a VLAN ID or you create subinterfaces for an interface and each subinterface gets tagged with a VLAN ID. However it might be different with this router.

 

[marley1]

Sorry but I'm skipping over. I always setup vlan for guest wifi.

Create vlan on router, create on switch.
Create trunk port going from switch to router. Untagged vlan1, tag vlan50 or whatever.

Access points should be plugged into switch and same config untagged 1 and tag vlan50

In unifi create ssid for private and leave as vlan1,create ssid for guest and assign to vlan 50

Create firewall rules to block

 

[JRDtechnet]

Hey all I figured it out. It was dumb...I was administering the wrong switch because I mislabeled the IP address on the switch...it would of never ever worked no matter what i did. Anyway what Trevm999 posted what essentially what need to be done...system-vlan stays the same...everything kepts as untagged, Vlan 200 port 3-8 and port 24 tagged. The cisco was setup fine, I after I was able to connect to the wlan and it got the correct IP the vlan's dhcp server.