DHCP and VLAN

[DomiNosroB]

Hi all,

I am wanting to set up a switch and have users on different vlans so that they cannot see each other on the network. I also want to use dhcp to assign ip addesses to the computers on the network.

Is this going to be possible?

I am also connecting multiple switches together and I want computers to be able to get a dhcp assigned address from a dchp server connected to another switch.

Should the vlan id be the same for all the uplink ports(ports connecting to other switches)?

Any other information would be helpful.

Thanks,
Robert

 

[netometer]

Hi!

1. Taht is possible. Actually this is recommended.
2. You need managed switches.
3. You can set the ports on the switches manually to belong to certain VLAN or you can set membership to a VLAN dynamically based on end-user MAC address (of course it depends what brand your switch is and whether it supports such feature).
4. You have to set trunk ports and you need a routing device between the VLANs.
5. You have to set a scope on the DHCP server for each VLAN that is going to be serviced by it.
6. You have to configure your routing device(s) to support DHCP broadcasts. The way it works is when the DHCP server recieves a request from VLAN 192.168.4.X it assigns address from that scope. If the request is from VLAN 192.168.3.X it assigns IP form the scope for 192.168.3.X.

This is not difficult so go ahead! We'll help.

NetoMeter

http://www.netometer.net

 

[DomiNosroB]

I have several Nortel Baystack switches(350-24T, 410-24T, and 450-24T) and one Allied Telesyn AT-8024.

I'm a complete beginner at vlans so please bear with me. I understand the theory of it but practice and theory are two very different worlds.

Two ports on our switches are going to be 'uplinks' to other switches in a redundant ring. Do these need to be on the same vlan together? Also, since we are trying to isolate each 'customer' port as its own vlan, how can they communicate to the 'uplink' ports?

 

[netometer]

Hi!

Can you connect to these switches: console cable, telnet, web interface?
They all support 802.1q so you should be able to set VLANs on them.
They all have web interface and using the web interface will be the easiest way for you to configure them.
What type of router do you have?
You must have access to it and the right to change its configuration.

The ports through your switches connect are going to be your trunk ports

http://www.netometer.net

 

[DomiNosroB]

I am able to configure the switches just fine through the console port and also through telnet.

Let's say port 1 on switch A is connected to port 1 on switch B, port 24 on switch A is connected to a router that will assign dhcp addresses, and a user is connected to port 2 on switch A and another user is connected to port 2 on switch B.

Here's what I want:

I want both users to be able to get ip addresses from the router.

All traffic destined for outside the network should go through the router.

The users should not be able to see each other o the network.


What vlan assignment should each port get? Should they be tagged? untagged? priority?

What exactly is a management VLAN and do I need one?

Your help is appreciated.

-Robert

 

[netometer]

What type of router do you have?

http://www.netometer.net

 

[DomiNosroB]

Well...its a PC running some flavor on linux. Or possibly a PC with Mikrotik routing OS loaded on it.

 

[netometer]

Here is how it works:
When you create VLANs it is as if you phisically cut your switch into as many switches as the number of VLANs. The only connection between them are the trunk ports. The frames from all the VLANs can traverse only the trunk ports. Before they enter the trunk port they are tagged and the way they are tagged depends on the protocol being used. The most popular one and your only choice with the switches that you have is 802.1q.
When the frames leave the trunk the tag is removed.
On each switch you'll assign each port to one of the VLANs. By default they are all members of the default - VLAN0.
One or a couple of ports should be assigned as trunk.
The frames are going to be transfered from one VLAN to another by your router.
The router can be configured as "Router on Stick" - just one fast ethernet interface will connect to one of the trunk ports. the router should support 802.1Q. You have to create virtual interface for each VLAN and enable 802.1Q on each of these virtual interfaces.
If your router does not support this you'll have to have a separate physical interface on the router for each VLAN.

NetoMeter

http://www.netometer.net

 

[DomiNosroB]

I still need some help with this one. :^)

I sorta got it working but not exactly.

1.I have all my switches linked together through ethernet ports and crossover cables.

2.I made each port a member of the default vlan and then I put each regular port in its own vlan.

3.I then put the trunk ports in all the vlan for their switch.

What this does is seperate all the ports on one switch from other ports on the same switch but when a frame traverses the trunk port it can then go to any port an another switch. Help!

I am not sure about how to set up the trunk port feature, and I think this is what I ultimately need to do. My switches support 6 multi-link trunks and 4096 vlans.

Thanks for your help!