VLAN project one afternoon side job, can be done remotely

The #1 community for Gun Owners of the Northeast

Member Benefits:

  • No ad networks!
  • Discuss all aspects of firearm ownership
  • Discuss anti-gun legislation
  • Buy, sell, and trade in the classified section
  • Chat with Local gun shops, ranges, trainers & other businesses
  • Discover free outdoor shooting areas
  • View up to date on firearm-related events
  • Share photos & video with other members
  • ...and so much more!

    • Register Log in
    plinkerton

    plinkerton

    Ultimate Member
    Dec 30, 2012
    1,441
    Abingdon
    Involves 2 VLAN's, one access point, 2 switches.
    Should be easy for someone with VLAN knowledge.

    PM me if interested.
    Needs to be done by Thursday 9/4/2014.
     
    plinkerton

    plinkerton

    Ultimate Member
    Dec 30, 2012
    1,441
    Abingdon
    I have a Cisco WAP561 Access point that is currently on VLAN 77.
    It has the ability to do multiple SSID's on different VLAN's
    I need to add an SSID and another VLAN (I'm going to use 99) for some third party devices that don't need to access the corporate network.
    The switch is a Cisco 3750 (yes I know they are EOL and not supported, I have several as spares)
    VLAN 77 is 172.16.77.0/24
    VLAN 99 is 172.16.99.0/24

    The 3750 has two ports connected to the firewall, I need to apply 2 different sets of rules and different gateways on the firewall.

    The access point is connected to fa2/0/2 on the 3750

    On the firewall the 172.16.77.0 network port 1 is connected to 3750 port fa2/0/1.
    The firewall address is 172.16.77.1, the VLAN 77 address on the 3750 is 172.16.77.2

    On the firewall the the 172.16.99.0 network port 3 is connected to 3750 port fa2/0/3.
    The firewall address is 172.16.99.1, the VLAN 77 address on the 3750 is 172.16.99.2

    Did I 'splain myself clearly?
     
    plinkerton

    plinkerton

    Ultimate Member
    Dec 30, 2012
    1,441
    Abingdon
    pwoolford said:
    :thumbsup:

    Which part do you need help with? Is the WAP561 already configured to use VLAN77 or was it connected to an untagged port?
    Click to expand...

    It's connected to untagged port.

    The WAP561 LAN address is on VLAN 77. (It's DHCP but is reserved address)

    The new SSID is VLAN 99.
     

    Attachments

    • wap561vlan.png
      wap561vlan.png
      4.8 KB · Views: 198
    • wap561vlanwireless.jpg
      wap561vlanwireless.jpg
      25.6 KB · Views: 200
    boricuamaximus

    boricuamaximus

    Ultimate Member
    Dec 27, 2008
    6,237
    Here's a labbed up example. You might want to consider using port channels for your uplink interface as well. for a port channel you will just issue

    Current configuration : 2178 bytes
    !
    version 12.2
    no service timestamps log datetime msec
    no service timestamps debug datetime msec
    service password-encryption
    !
    hostname NE-SWT
    !
    enable secret 5 $1$ccccOjDgUmPKrVvqyr10
    enable password 7 0822ccccc415F
    !
    !
    !
    no ip domain-lookup
    !
    spanning-tree mode pvst
    !
    interface FastEthernet0/1
    switchport access vlan 9
    switchport mode access
    switchport voice vlan 21
    spanning-tree portfast
    !
    interface FastEthernet0/2
    switchport access vlan 11
    switchport mode access
    switchport voice vlan 21
    spanning-tree portfast
    !
    interface FastEthernet0/3
    switchport access vlan 9
    switchport mode access
    !
    interface FastEthernet0/4
    switchport access vlan 9
    switchport mode access
    !

    !
    interface GigabitEthernet1/1
    switchport trunk native vlan 20
    switchport trunk allowed vlan 9,11,21,250 (or can use "all")
    switchport mode trunk
    !
    interface GigabitEthernet1/2

    !
    interface Vlan1
    no ip address
    shutdown
    !
    ** This makes your virtual interface for the admin vlan. That way you pass all traffic through g0/1 ***
    interface Vlan20
    description uplink address
    ip address 10.10.20.3 255.255.255.224
    !
    banner motd ^C
    WARNING BANNER. AUTHORIZED ACCESS ONLY. THIS COMPUTER SYSTEM IS MONITORED. ANY UNAPPROVED ACCESS WILL BE PROSECUTED!
    ^C
    !
    line con 0
    !
    line vty 0 4
    login
    privilege level 15
    line vty 5 15
    login
    privilege level 15
    !
    !
    end




    int po1
    desc XXXX

    *** Clear Configure the interfaces you want to assign to a port channel prior to messing with it ***

    int range <whichever int you decide min of 2>
    channel group 1 mode active
    no shut.

    Do not configure individual interfaces beyond this point. Do all configs through po1.

    int po1:
    <configs trunk, native vlan and IP minimum>
     
    M

    matt

    No one special
    Apr 9, 2011
    1,576
    I'm home now- taking a quick look at it.
    It appears you're sending the traffic to VLAN 99 tagged to to a port not configured for tagged traffic.
    Like this
    ****
    int Fa2/0/3
    Switchport access VLAN 99
    No shut
    ********

    Try
    ******
    Int fa2/0/3
    Switchport mode trunk
    Switchport trunk encapsulation dot1q
    No shut
    ********

    This is a very simplistic suggestion and I'm assuming you understand basic Cisco commands.
     
    M

    matt

    No one special
    Apr 9, 2011
    1,576
    plinkerton said:
    I have a Cisco WAP561 Access point that is currently on VLAN 77.
    It has the ability to do multiple SSID's on different VLAN's
    I need to add an SSID and another VLAN (I'm going to use 99) for some third party devices that don't need to access the corporate network.
    The switch is a Cisco 3750 (yes I know they are EOL and not supported, I have several as spares)
    VLAN 77 is 172.16.77.0/24
    VLAN 99 is 172.16.99.0/24

    The 3750 has two ports connected to the firewall, I need to apply 2 different sets of rules and different gateways on the firewall.

    The access point is connected to fa2/0/2 on the 3750

    On the firewall the 172.16.77.0 network port 1 is connected to 3750 port fa2/0/1.
    The firewall address is 172.16.77.1, the VLAN 77 address on the 3750 is 172.16.77.2

    On the firewall the the 172.16.99.0 network port 3 is connected to 3750 port fa2/0/3.
    The firewall address is 172.16.99.1, the VLAN 77 99 address on the 3750 is 172.16.99.2

    Did I 'splain myself clearly?
    Click to expand...

    See correction above- this fix it?
     
    You must log in or register to reply here.

    Users who are viewing this thread

    Total: 2 (members: 0, guests: 2)
    AGC Range

    Latest posts

    Forum statistics

    Threads
    275,580
    Messages
    7,287,152
    Members
    33,481
    Latest member
    navyfirefighter1981

    Latest threads

    Top Bottom