Hello everyone,
I'm not new to the concept of VLANs/routing but I am to their actual implementation. I've been reading everything I can find on the subject and I'm wondering if anyone here could just help me get going on a fairly simple implementation.
I'd like to keep all of my network on the default untagged VLAN 1 and create a VLAN 2 that can't access anything on VLAN 1 but does have access to the Internet. I only have one Internet connection and gateway from my ISP. My goal is to use 3COM 8760s to have a WEP radio profile that only gets Internet access (PUT IN VLAN 2) and a WPA profile that gets full access to all devices and the Internet(put on VLAN 1).
I was hoping it would be as simple as setting up UDP Helper to allow DHCP to be accessed via both VLAN 1 & 2. Setting up the two tagged VLANs on the necessary ports and making the Internet connection a tagged member of both VLANs. However, it seems that the Internet connection can only be in one VLAN. So it seems that that devices on VLAN 2 can't access it. If I set up routing between VLAN 1 and VLAN 2 then everything on VLAN 2 has access to VLAN 1 and ACLs in the 4070 only seem to support IPs not ports. If I need to clarify I can certainly add more details.
Can anyone give me an easy scenario using my 4070 with 4400s attached to allow me to set up a secondary VLAN that only has Internet access?
IP- 172.18.180.0
SUBNET - 255.255.252.0
GATEWAY - 172.18.180.1
DHCP SERVER - 172.18.180.51
Simple flow....
8760->[VLAN 1 or 2 based on AUTHENTICATION used]->4400->[TAGGED LINK VLAN 1/VLAN 2]->4070->(SINGLE INTERNET CONNECTION. THE FIREWALL IS OUTSIDE MY CONTROL ON THE ISP SIDE - NORTEL ISP SWITCH.)
Thank you any help for steering me in the rigth direction.
I'm not new to the concept of VLANs/routing but I am to their actual implementation. I've been reading everything I can find on the subject and I'm wondering if anyone here could just help me get going on a fairly simple implementation.
I'd like to keep all of my network on the default untagged VLAN 1 and create a VLAN 2 that can't access anything on VLAN 1 but does have access to the Internet. I only have one Internet connection and gateway from my ISP. My goal is to use 3COM 8760s to have a WEP radio profile that only gets Internet access (PUT IN VLAN 2) and a WPA profile that gets full access to all devices and the Internet(put on VLAN 1).
I was hoping it would be as simple as setting up UDP Helper to allow DHCP to be accessed via both VLAN 1 & 2. Setting up the two tagged VLANs on the necessary ports and making the Internet connection a tagged member of both VLANs. However, it seems that the Internet connection can only be in one VLAN. So it seems that that devices on VLAN 2 can't access it. If I set up routing between VLAN 1 and VLAN 2 then everything on VLAN 2 has access to VLAN 1 and ACLs in the 4070 only seem to support IPs not ports. If I need to clarify I can certainly add more details.
Can anyone give me an easy scenario using my 4070 with 4400s attached to allow me to set up a secondary VLAN that only has Internet access?
IP- 172.18.180.0
SUBNET - 255.255.252.0
GATEWAY - 172.18.180.1
DHCP SERVER - 172.18.180.51
Simple flow....
8760->[VLAN 1 or 2 based on AUTHENTICATION used]->4400->[TAGGED LINK VLAN 1/VLAN 2]->4070->(SINGLE INTERNET CONNECTION. THE FIREWALL IS OUTSIDE MY CONTROL ON THE ISP SIDE - NORTEL ISP SWITCH.)
Thank you any help for steering me in the rigth direction.