D-Link Forums

D-Link Enterprise => DGS-1100-Series => Topic started by: TelosAlpha on July 05, 2018, 10:14:03 AM

Title: Two DGS-1100-08P's, Two DAP-2660's and ARRIS Modem doing DHCP
Post by: TelosAlpha on July 05, 2018, 10:14:03 AM
I am trying to segregate two PCs at a yacht club from customer and member wifi traffic provided by two Access Points.


DEVICE LIST:
ARRIS - OFFICE - Provides internet and DHCP

     DGS-1100-08P - OFFICE - Plugged into ARRIS for internet and DHCP
           DAP-2660 - Plugged into port 8 POE Ethernet ON
           DGS-1100-08P - BAR - Plugged into port 4
           PC plugged into port 3
                 
      DGS-1100-08P - BAR
            DAP-2660 - Plugged into port 4 POE Ethernet ON
            PC Plugged into port 6

I have one Office computer plugged into DGS-1100-08P - OFFICE, and one other computer (serving as a POS) plugged into DGS-1100-08P - BAR

I need to segregate the two computers from any other traffic. Specifically the laptops and devices that connect via the two DAP-2660 APs.

I have enough networking experience to be dangerous, but have NEVER played with VLANS, and am in WAY over my head. I have searched here, but I haven't found anything that uses two DGS-1100-08P's in this setup, nor have I found anything about spanning a VLAN across multiple switches...

Any help greatly appreciated.
Title: Re: Two DGS-1100-08P's, Two DAP-2660's and ARRIS Modem doing DHCP
Post by: PacketTracer on July 06, 2018, 12:25:29 PM
Hi TelosAlpha,

I think you can implement your scenario by using the "asymmetric VLAN" feature fortunately supported by your DGS switches. For a general discussion of the basics of "asymmetric VLANs" see e.g. here (http://forums.dlink.com/index.php?topic=66792) and the links embedded there.

In the following solution I assume (because you didn’t tell it) that
If other ports are used, just swap the configuration of my assumed and your real ports.


  .-------------------------.
  |                         |    DGS-OFFICE
  |  .--------+---+---+---+---+---+---+---+---+-------------.
  |  |  Port  | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | VLAN Name   |
  |  +--------+---+---+---+---+---+---+---+---+-------------+
  |  |  VID 3 | U |   |   | T |   |   |   | U | WLAN        |
  |  +--------+---+---+---+---+---+---+---+---+-------------+
  |  |  VID 2 | U |   | U | T |   |   |   |   | PRIVATE     |
  |  +--------+---+---+---+---+---+---+---+---+-------------+
  |  |  VID 1 | U | U | U | U | U | U | U | U | SHARE       |
  |  +--------+---+---+---+---+---+---+---+---+-------------+
  |  |  PVID  | 1 | 1 | 2 | 1 | 1 | 1 | 1 | 3 |             |
  |  `--------+---+---+---+---+---+---+---+---+-------------´
  |             |       |   |               |
  |             A       P   D               D
  |             R       C   G               A
  |             R       -   S               P
  |             I       O   -
  |             S       F   B
  |                     F   A
  |                     I   R
  |                     C
  |                     E
  `-------------.
                |                DGS-BAR
     .--------+---+---+---+---+---+---+---+---+-------------.
     |  Port  | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | VLAN Name   |
     +--------+---+---+---+---+---+---+---+---+-------------+
     |  VID 3 | T |   |   | U |   |   |   |   | WLAN        |
     +--------+---+---+---+---+---+---+---+---+-------------+
     |  VID 2 | T |   |   |   |   | U |   |   | PRIVATE     |
     +--------+---+---+---+---+---+---+---+---+-------------+
     |  VID 1 | U | U | U | U | U | U | U | U | SHARE       |
     +--------+---+---+---+---+---+---+---+---+-------------+
     |  PVID  | 1 | 1 | 1 | 3 | 1 | 2 | 1 | 1 |             |
     `--------+---+---+---+---+---+---+---+---+-------------´
                |           |       |
                D           D       P
                G           A       C
                S           P       -
                -                   P
                O                   O
                F                   S
                F
                I
                C
                E


The default configuration for both switches is the definition of a single VLAN 1 (which has no name) with any port being configured to be an untagged member of VLAN 1 and the PVID of any port set to 1 either. In effect this looks like no VLAN is defined at all.

For switch configuration use some Admin PC and connect it to a free switch port. The default configuration of any free switch port will not be changed in what follows.

On both switches

On switch DGS-OFFICE

On switch DGS-BAR

If finished, the two PCs can talk to each other and to the Internet but not to any wireless device. Vice versa, wireless devices can talk to each other and to the Internet but not to the two PCs.

What I’m not sure about: The challenge with your scenario is to extend the asymmetric VLAN feature over two switches. To this end, I configured the ports that connect to the other switch respectively, to be so called VLAN trunk ports (using VLAN 1 to be the native VLAN). I’m not sure, if you can configure VLAN trunks with switches, that have the asymmetric VLAN feature enabled, and that’s why this configuration might fail. But, give it a try!

PT
Title: Re: Two DGS-1100-08P's, Two DAP-2660's and ARRIS Modem doing DHCP
Post by: TelosAlpha on August 14, 2018, 04:57:32 AM
Thank you so much!

Once I get this set up Ill report back. Deep appreciated!