• September 29, 2020, 04:14:07 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: Dlink DGS Switches And Vlans  (Read 3945 times)

djshaunvt

  • Level 1 Member
  • *
  • Posts: 7
Dlink DGS Switches And Vlans
« on: November 02, 2014, 01:30:13 PM »

Hi All.

I need some help from the DLink switch Gurus :)

I have the following setup and working after reading a few manuals and 2 long nights. Most of what I wanted to achieve I have done (Quite proud :)

The setup includes 5 switches but I'm going to keep it down to 2 switches here as the other switches have the same configurations and are all working. (just with other VLANS)

I have a DGS 3620 layer 3 switch (Server Room) and 1 x DGS 3420 switch (Admin Building)

I have for example this configuration on my layer 3
Vlan 1 - Untagged 1-52
Vlan 2 -- Servers  untagged 1-5  (Servers plugged directly into ports 1 -5) 
Vlan 3 -- Admin  - tagged 6-8 ( 3 LACP ports to switch DGS 3420 Switch - Other buiding) 
Vlan 4 -- Private Wireless Network -- (3 LACP tagged ports 6-8 to carry VLAN 4 packets over to the other switch also )

IP Interfaces on Layer 3 Switch
VLAN 1 = 10.1.100.1   255.255.255.0  MANAGEMENT VLAN
VLAN 2 = 10.1.6.1      255.255.255.0  SERVER VLAN
VLAN 3 = 10.1.7.1      255.255.255.0  ADMIN VLAN
VLAN 4 = 10.1.8.1      255.255.255.0  GUEST WIRELESS USERS

DGS 3420 switch -- Other Building connecting to ports on server room switch

Configured Vlans:
Vlan 1 (untagged port 45 -- So  I can login to it via LAN cable -- If I untaged all ports on vlan I loose connectivity ??)
VLAN 3 tagged (ports 46 47 48  3 LACP ports connecting to L3 switch in server room -- Untagged ports 1-43 for ADMIN PC Users)
VLAN 4 tagged (Ports 46 47 48 LACP ports connecting to L3 switch in server room - Untagged port 44 for VLAN AP on that port)

IP Interfaces
VLAN 1 = 10.1.100.2 255.255.255.0 MANAGEMENT VLAN

Dlink Wireless AP - Multi SSID port 44  ---- Configured with VLANS as below:

VLAN 3 - Admin Users - Primary SSID
VLAN 4 - Public Wireless Network -- SSID 1

I have DHCP Scopes Configured on the server for all VLANS and everything is working fine :

PC on VLAN 3 get IP addresses of 10.1.7.x
PC on Primary SSID (VLAN 3) also get IP addresses  of 10.1.7.x
Private Wireless Access (VLAN 4) get ip addresses of 10.1.8.x

So now the challenges:

I dont want clients on Public wireless range (VLAN 4) to be able to see any other VLANS exept to be able to get to the internet (I have a VLAN 10 with a firewall on it) and to get a DHCP IP from the server on VLAN 2.

I was thinking of maybe putting a DHCP server on VLAN 4 and giving clients a gateway of 10.1.8.2 instead of the switches IP...That way they should not be able to see the other vlans.
But then they wont be able to get a DHCP IP from the server..
I can always make 10.1.8.2 device / firewall hand out DHCP addresses in that case and supply DNS ??

Another thing I was thinking of was to delete the IP interface for vlan 4 on the layer 3 switch (10.1.8.1) then even if a clever user on VLAN 4 changes his gateway from 10.1.8.2 to 10.1.8.1, he still  wont be able to reach any other vlans.

My other issue is I cannot connect to the other switch to manage it remotely without plugging my laptop into port 45 directly on that switch. Shoud I also tag vlan 1 over ports 46  - 48 like the other vlans ?

I really am calling on the GURUS here to shed some light and ideas. Any experience or advice would be appreciated.

Many Thanks.
Shaun
« Last Edit: November 02, 2014, 01:34:22 PM by djshaunvt »
Logged