mdownes
Active Member
- Reaction score
- 120
- Location
- Dublin, Ireland
I’m somewhat new to VLANs and I’m trying to set some up on a school network. I think my aims are simple, but I’m having problems. Here’s a simplified diagram showing the topology.
Currently, everything is on 192.138.1.0/24. So, I’m trying to split this into 4 VLANs, using the Layer 3 features of the SG300 rather than involving the Sonicwall router (other than as a gateway).
My goal is that PCs on any VLAN can access only the web and the domain controller. The DC will provide DHCP via a relay/helper address. I've been over things a dozen times, but I can't even ping the VLAN100 interface from anywhere outside the SG300 switch.
I’m starting with VLAN 100, to which I’ve assigned 192.168.100.1/24 (in the SG300). I’ve set up the same VLAN in my SG200 switch (Layer 2).
The Switch ports are set up like this:
SG200
40: Access (test PC) VLAN1:excluded VLAN100:untagged
48: Trunk (to sonicwall) VLAN1:untagged VLAN100:tagged
49: Trunk (to SG300) VLAN1:untagged VLAN100:tagged
SG300
2: trunk (to SG300) VLAN1:untagged VLAN100:tagged
9: trunk (to DC) VLAN1:untagged VLAN100:tagged
Other SG300 settings
IPv4 interfaces: VLAN1: 192.168.1.229 VLAN100: 192.168.100.1
IPv4 static routes: Dest IP prefix: 0.0.0.0 next hop router ip: 192.168.1.200
DHCP: relay:enabled DHCP snooping status: enable DHCP server IP:192.168.1.10
I haven’t made any changes to the Sonicwall router. I’m not sure whether I need to, or even whether it would be simpler to set the VLANs up there, which I presume would mean putting the SG300 back into layer 2 mode.
I’m not sure if an ability to ping VLAN100 from outside of the SG300 would mean my problem is solved, but I’m guessing it’s the logical first step. All help greatly appreciated!
Currently, everything is on 192.138.1.0/24. So, I’m trying to split this into 4 VLANs, using the Layer 3 features of the SG300 rather than involving the Sonicwall router (other than as a gateway).
My goal is that PCs on any VLAN can access only the web and the domain controller. The DC will provide DHCP via a relay/helper address. I've been over things a dozen times, but I can't even ping the VLAN100 interface from anywhere outside the SG300 switch.
I’m starting with VLAN 100, to which I’ve assigned 192.168.100.1/24 (in the SG300). I’ve set up the same VLAN in my SG200 switch (Layer 2).
The Switch ports are set up like this:
SG200
40: Access (test PC) VLAN1:excluded VLAN100:untagged
48: Trunk (to sonicwall) VLAN1:untagged VLAN100:tagged
49: Trunk (to SG300) VLAN1:untagged VLAN100:tagged
SG300
2: trunk (to SG300) VLAN1:untagged VLAN100:tagged
9: trunk (to DC) VLAN1:untagged VLAN100:tagged
Other SG300 settings
IPv4 interfaces: VLAN1: 192.168.1.229 VLAN100: 192.168.100.1
IPv4 static routes: Dest IP prefix: 0.0.0.0 next hop router ip: 192.168.1.200
DHCP: relay:enabled DHCP snooping status: enable DHCP server IP:192.168.1.10
I haven’t made any changes to the Sonicwall router. I’m not sure whether I need to, or even whether it would be simpler to set the VLANs up there, which I presume would mean putting the SG300 back into layer 2 mode.
I’m not sure if an ability to ping VLAN100 from outside of the SG300 would mean my problem is solved, but I’m guessing it’s the logical first step. All help greatly appreciated!
