Skip to main content
Network Engineering

Return to Question

Tweeted twitter.com/StackNetworkEng/status/1365406342379413504
added 99 characters in body
Source Link
zyash
zyash
  • 121
  • 3

I am by no means an expert when it comes to networking but I recently inherited a network setup which is using wireless Access Points that clients can connect to (usually via a wireless device used in station mode.

The problem is the existing setup is not using VLANs to break down broadcast domains. I would like to introduce them, but I am not really sure how to tackle it.

Network diagram

In simplified form, the network looks like this:

enter image description here

  • Network is using static IPs (3 subnets)

  • I have very little to no access to the Access Points to modify any settings

  • I have very little to no access to the devices used by clients to connect to Access Points

  • FreeBSD router (Fa0/0) - 10.10.10.1 netmask 255.255.255.0 - 10.10.20.1 netmask 255.255.255.0 alias - 10.10.30.1 netmask 255.255.255.0 alias

  • L3 Switch_1 - supports 802.1Q VLAN - supports Private VLAN - supports Port Isolation (is it the same thing as Port-VLAN?)

  • L2 Switch_1 - supports 802.1Q VLAN - supports Port-VLAN

  • L2 Switch_2 - supports 802.1Q VLAN - supports Port Isolation (is it the same thing as Port-VLAN?)

What I want to do

Ideally I don't want any subnet to see one another.

I can easily setup VLANs in the FreeBSD router (instead of using ip aliases (or secondary ips depending on the terminology)

For example:

  • VLAN10 for 10.10.10.0/24
  • VLAN20 for 10.10.20.0/24
  • VLAN30 for 10.10.30.0/24

Then I can setup port Fa0/4, Fa0/3 and Fa0/2 on L3_SWITCH_1 to be a trunk.

But at this point I seem to get stuck and have no idea what to do. Both L2_SWITCH_1 and L2_SWITCH_2 can carry traffic from any subnet on each port (because any client can connect to any Access Point).

L1_SWITCH_1 port Fa0/1 and port Fa0/2 is carrying traffic from potentially all 3 subnets at the same time.

The same situation is with L2_SWITCH_2 port Fa0/1.

So would I potentially need to setup every existing port in each switch to be a trunk for VLAN10, VLAN20 and VLAN30?

But doesn'tdoes it still make no sense to do it that way? Would I still benefit from VLANs? (Isolation, separate Broadcast domains, etc.)?

What should I do?

I am by no means an expert when it comes to networking but I recently inherited a network setup which is using wireless Access Points that clients can connect to (usually via a wireless device used in station mode.

The problem is the existing setup is not using VLANs to break down broadcast domains. I would like to introduce them, but I am not really sure how to tackle it.

Network diagram

In simplified form, the network looks like this:

enter image description here

  • Network is using static IPs (3 subnets)

  • I have very little to no access to the Access Points to modify any settings

  • I have very little to no access to the devices used by clients to connect to Access Points

  • FreeBSD router (Fa0/0) - 10.10.10.1 netmask 255.255.255.0 - 10.10.20.1 netmask 255.255.255.0 alias - 10.10.30.1 netmask 255.255.255.0 alias

  • L3 Switch_1 - supports 802.1Q VLAN - supports Private VLAN - supports Port Isolation (is it the same thing as Port-VLAN?)

  • L2 Switch_1 - supports 802.1Q VLAN - supports Port-VLAN

  • L2 Switch_2 - supports 802.1Q VLAN - supports Port Isolation (is it the same thing as Port-VLAN?)

What I want to do

Ideally I don't want any subnet to see one another.

I can easily setup VLANs in the FreeBSD router (instead of using ip aliases (or secondary ips depending on the terminology)

For example:

  • VLAN10 for 10.10.10.0/24
  • VLAN20 for 10.10.20.0/24
  • VLAN30 for 10.10.30.0/24

Then I can setup port Fa0/4, Fa0/3 and Fa0/2 on L3_SWITCH_1 to be a trunk.

But at this point I seem to get stuck and have no idea what to do. Both L2_SWITCH_1 and L2_SWITCH_2 can carry traffic from any subnet on each port (because any client can connect to any Access Point).

L1_SWITCH_1 port Fa0/1 and port Fa0/2 is carrying traffic from potentially all 3 subnets at the same time.

The same situation is with L2_SWITCH_2 port Fa0/1.

So would I potentially need to setup every existing port in each switch to be a trunk for VLAN10, VLAN20 and VLAN30?

But doesn't it make no sense?

What should I do?

I am by no means an expert when it comes to networking but I recently inherited a network setup which is using wireless Access Points that clients can connect to (usually via a wireless device used in station mode.

The problem is the existing setup is not using VLANs to break down broadcast domains. I would like to introduce them, but I am not really sure how to tackle it.

Network diagram

In simplified form, the network looks like this:

enter image description here

  • Network is using static IPs (3 subnets)

  • I have very little to no access to the Access Points to modify any settings

  • I have very little to no access to the devices used by clients to connect to Access Points

  • FreeBSD router (Fa0/0) - 10.10.10.1 netmask 255.255.255.0 - 10.10.20.1 netmask 255.255.255.0 alias - 10.10.30.1 netmask 255.255.255.0 alias

  • L3 Switch_1 - supports 802.1Q VLAN - supports Private VLAN - supports Port Isolation (is it the same thing as Port-VLAN?)

  • L2 Switch_1 - supports 802.1Q VLAN - supports Port-VLAN

  • L2 Switch_2 - supports 802.1Q VLAN - supports Port Isolation (is it the same thing as Port-VLAN?)

What I want to do

Ideally I don't want any subnet to see one another.

I can easily setup VLANs in the FreeBSD router (instead of using ip aliases (or secondary ips depending on the terminology)

For example:

  • VLAN10 for 10.10.10.0/24
  • VLAN20 for 10.10.20.0/24
  • VLAN30 for 10.10.30.0/24

Then I can setup port Fa0/4, Fa0/3 and Fa0/2 on L3_SWITCH_1 to be a trunk.

But at this point I seem to get stuck and have no idea what to do. Both L2_SWITCH_1 and L2_SWITCH_2 can carry traffic from any subnet on each port (because any client can connect to any Access Point).

L1_SWITCH_1 port Fa0/1 and port Fa0/2 is carrying traffic from potentially all 3 subnets at the same time.

The same situation is with L2_SWITCH_2 port Fa0/1.

So would I potentially need to setup every existing port in each switch to be a trunk for VLAN10, VLAN20 and VLAN30?

But does it still make sense to do it that way? Would I still benefit from VLANs? (Isolation, separate Broadcast domains, etc.)?

What should I do?

Source Link
zyash
zyash
  • 121
  • 3

How can I introduce VLANs to an existing setup with wireless Access Points?

I am by no means an expert when it comes to networking but I recently inherited a network setup which is using wireless Access Points that clients can connect to (usually via a wireless device used in station mode.

The problem is the existing setup is not using VLANs to break down broadcast domains. I would like to introduce them, but I am not really sure how to tackle it.

Network diagram

In simplified form, the network looks like this:

enter image description here

  • Network is using static IPs (3 subnets)

  • I have very little to no access to the Access Points to modify any settings

  • I have very little to no access to the devices used by clients to connect to Access Points

  • FreeBSD router (Fa0/0) - 10.10.10.1 netmask 255.255.255.0 - 10.10.20.1 netmask 255.255.255.0 alias - 10.10.30.1 netmask 255.255.255.0 alias

  • L3 Switch_1 - supports 802.1Q VLAN - supports Private VLAN - supports Port Isolation (is it the same thing as Port-VLAN?)

  • L2 Switch_1 - supports 802.1Q VLAN - supports Port-VLAN

  • L2 Switch_2 - supports 802.1Q VLAN - supports Port Isolation (is it the same thing as Port-VLAN?)

What I want to do

Ideally I don't want any subnet to see one another.

I can easily setup VLANs in the FreeBSD router (instead of using ip aliases (or secondary ips depending on the terminology)

For example:

  • VLAN10 for 10.10.10.0/24
  • VLAN20 for 10.10.20.0/24
  • VLAN30 for 10.10.30.0/24

Then I can setup port Fa0/4, Fa0/3 and Fa0/2 on L3_SWITCH_1 to be a trunk.

But at this point I seem to get stuck and have no idea what to do. Both L2_SWITCH_1 and L2_SWITCH_2 can carry traffic from any subnet on each port (because any client can connect to any Access Point).

L1_SWITCH_1 port Fa0/1 and port Fa0/2 is carrying traffic from potentially all 3 subnets at the same time.

The same situation is with L2_SWITCH_2 port Fa0/1.

So would I potentially need to setup every existing port in each switch to be a trunk for VLAN10, VLAN20 and VLAN30?

But doesn't it make no sense?

What should I do?