D-Link Forums

D-Link Enterprise => DGS-3620-Series => Topic started by: jacob.hillman on June 21, 2016, 10:23:17 AM

Title: VLAN advice
Post by: jacob.hillman on June 21, 2016, 10:23:17 AM

I recently inherited the guest WIFI network at my work. It's currently a flat network with 2 core switches (DGS-3620-28SC/PC) and 26 edge switches (DGS-3620-28PCs) with 92 APs connected to the edge switches.

My topology looks like this: DS$-500 (router) port 3 to core switch DGS-3620-28PC to edge switches (DGS-3620-PC) and wireless APs; DSR-500 port 4 to core switch DGS-3620-28SC to 23 edge switches (DGS-3620-28PC) to WAPs.

Each of the core switches has a port on the router (DSR-500). (We have a DFL-1660, but I need to get the WIFI back up and stable before I can devote any time to configuring and placing it into service.)

I'm running out of IP addresses on my subnet (192.168.105.xxx) between WAP addressing and non-router WAP DHCP servers that can only lease off the subnet they're addressed on (DAP-2695). We have two types of APs: CradlePoint MBR-1400 wireless routers and D-Link DAP-2695 APs. The CradlPoints can serve DHCP addresses out of a different subnet than the wired interface, the D-Links are not routers, so must serve DHCP address off the wired subnet. I'm also seeing a considerable amount of broadcast traffic that's using a lot of resources on the router. The switch management interfaces are not on the native VLAN (wired) subnet to conserve native VLAN IPs for clients.

I want to subnet our hi-rise by floor (192.168.101. for VID 1, .102. - .111. for VID 2-11), and assign a subnet for each other building on the campus (192.168.112. - .115 for VIDs 12-15). All infrastructure is assigned static IPs (known wireless clients and all wired infrastructure), all guest traffic is DHCP from the APs.

I worked out a VLAN interface/IP range scheme and port tagging scheme. The IP scheme is primarily for assigning static addresses to network backbone, but the tagging scheme is to segment the network and allow internet access for clients.

Tagging scheme:
Router expecting untagged for VID 1 on ports 3-4 (to core Sw); tagged for VIDs 2-15 on ports 3-4.
VID 1 (mgmt) all ports used on all switches untagged;
VID 2 (first fl) core switch ports 17-18 (to edge switches) & 24 (to router) tagged, edge switch ports 1-5 (to WAPs) tagged, port 21 (to core Sw) tagged;
VID 2 WAPs Ethernet tagged, WIFI untagged;
VID 3-15 same as VID 2.

Have I missed anything or made any glaring mistakes?? Does anyone know if there're special considerations for WAPs with the VLANs?


Title: Re: VLAN advice
Post by: PacketTracer on June 23, 2016, 01:21:27 PM

just for clarification:

Any edge switch is only connected to one core switch?
There is no connection between the core switches?

If so, your cabling is loop-free and you don't have to worry about spanning tree (although spanning tree should run per vlan on any switch including the LAN switch integrated into the router to prevent loops that happen "by accident", e.g. by connecting two edge switches connected to different core switches).

Your tagging scheme looks feasible. As an alternative approach, if VLAN 1 isn't needed for WAP management you could configure the WAP ports and the edge switch ports connecting to the WAPs as access ports using vlan 2, 3, ..., 15 untagged respectively and remove VLAN 1 from these ports.

Title: Re: VLAN advice
Post by: FurryNutz on June 27, 2016, 09:04:03 AM
http://forums.dlink.com/index.php?topic=65057.0 (http://forums.dlink.com/index.php?topic=65057.0)
Title: Re: VLAN advice
Post by: jacob.hillman on June 29, 2016, 06:46:36 AM

Correct: none of the edge switches are interconnected and are only connected to 1 core switch. I'd like to connect the core switches, but want to get the network up, first.

VLAN 1 won't be used for WAP management, so I'll set that up!