Hi TelosAlpha,
I think you can implement your scenario by using the "asymmetric VLAN" feature fortunately supported by your DGS switches. For a general discussion of the basics of "asymmetric VLANs" see e.g.
here and the links embedded there.
In the following solution I assume (because you didn’t tell it) that
- at switch DGS-BAR port 1 is used to connect to port 4 of switch DGS-OFFICE,
- at switch DGS-OFFICE port 1 is used to connect to the ARRIS.
If other ports are used, just swap the configuration of my assumed and your real ports.
.-------------------------.
| | DGS-OFFICE
| .--------+---+---+---+---+---+---+---+---+-------------.
| | Port | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | VLAN Name |
| +--------+---+---+---+---+---+---+---+---+-------------+
| | VID 3 | U | | | T | | | | U | WLAN |
| +--------+---+---+---+---+---+---+---+---+-------------+
| | VID 2 | U | | U | T | | | | | PRIVATE |
| +--------+---+---+---+---+---+---+---+---+-------------+
| | VID 1 | U | U | U | U | U | U | U | U | SHARE |
| +--------+---+---+---+---+---+---+---+---+-------------+
| | PVID | 1 | 1 | 2 | 1 | 1 | 1 | 1 | 3 | |
| `--------+---+---+---+---+---+---+---+---+-------------´
| | | | |
| A P D D
| R C G A
| R - S P
| I O -
| S F B
| F A
| I R
| C
| E
`-------------.
| DGS-BAR
.--------+---+---+---+---+---+---+---+---+-------------.
| Port | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | VLAN Name |
+--------+---+---+---+---+---+---+---+---+-------------+
| VID 3 | T | | | U | | | | | WLAN |
+--------+---+---+---+---+---+---+---+---+-------------+
| VID 2 | T | | | | | U | | | PRIVATE |
+--------+---+---+---+---+---+---+---+---+-------------+
| VID 1 | U | U | U | U | U | U | U | U | SHARE |
+--------+---+---+---+---+---+---+---+---+-------------+
| PVID | 1 | 1 | 1 | 3 | 1 | 2 | 1 | 1 | |
`--------+---+---+---+---+---+---+---+---+-------------´
| | |
D D P
G A C
S P -
- P
O O
F S
F
I
C
E
The default configuration for both switches is the definition of a single VLAN 1 (which has no name) with any port being configured to be an untagged member of VLAN 1 and the PVID of any port set to 1 either. In effect this looks like no VLAN is defined at all.
For switch configuration use some Admin PC and connect it to a free switch port. The default configuration of any free switch port will not be changed in what follows.
On both switches
- set the "Asymmetric VLAN State" to Enabled (default: Disabled)
- Enter the 802.1Q VLAN configuration tab, rename VID 1 to "SHARE" and create two other VLANs (Add VID) "PRIVATE" (VID 2) and "WLAN" (VID 3)
On switch DGS-OFFICE
- Set the ARRIS port (1?) to be an untagged member of VLANs 1, 2 and 3
- Set port 3 to be an untagged member of both VLANs 1 and 2
- Set port 4 to be an untagged member of VLAN 1 (=default) and a tagged member of both VLANs 2 and 3
- Set port 8 to be an untagged member of both VLANs 1 and 3
- In "PVID settings" set port 3 to PVID=2 and port 8 to PVID=3. Leave all other ports at their default setting (PVID=1)
On switch DGS-BAR
- Set the port used to connect to switch DGS-OFFICE (1?) to be an untagged member of VLAN 1 (=default) and a tagged member of both VLANs 2 and 3
- Set port 4 to be an untagged member of both VLANs 1 and 3
- Set port 6 to be an untagged member of both VLANs 1 and 2
- In "PVID settings" set port 6 to PVID=2 and port 4 to PVID=3. Leave all other ports at their default setting (PVID=1)
If finished, the two PCs can talk to each other and to the Internet but not to any wireless device. Vice versa, wireless devices can talk to each other and to the Internet but not to the two PCs.
What I’m not sure about: The challenge with your scenario is to extend the asymmetric VLAN feature over two switches. To this end, I configured the ports that connect to the other switch respectively, to be so called VLAN trunk ports (using VLAN 1 to be the native VLAN). I’m not sure, if you can configure VLAN trunks with switches, that have the asymmetric VLAN feature enabled, and that’s why this configuration might fail. But, give it a try!
PT
Author
Topic: Two DGS-1100-08P's, Two DAP-2660's and ARRIS Modem doing DHCP (Read 4054 times)