I have six VLANS currently, mapped to six separate subnets, respectively. Topology currently is as follows:
172.16.10.0/24: Management (VLAN 10) 172.16.20.0/24: Wired_Access (VLAN 20) 172.16.30.0/24: Wireless_Access (VLAN 30) 172.16.40.0/24: Shared_Services (VLAN 40) 172.16.50.0/24: Virtual_Machines (VLAN 50) (VLAN 99) = Null/Inactive - no layer 3
All ports that aren’t administratively defined in an Access VLAN or as a trunk (nonegotiate) are already in VLAN 99.
My plan is to redesign this slightly because I have opened my WAPs up with zero authentication for ease of access (this is my residential network, people complain :p). Rather than just configure ACLs, which I’m not experienced in, I thought I’d go the extra mile and implement PVLANS.
Respectively the primary vlan would be 100, with the existing vlans being made secondary as 110,120,130, etc.
Management, wireless, and the inactive vlan would be isolated the rest community. My flaw in design, in theory, is that I read secondary vlans do not have a designated SVI. They all flow through, in this example, primary vlan 100’s SVI.
With this in mind, how to I subnet? How do these secondary vlans know which dhcp pool to choose from. I am running DHCP services on this 3750G stack.
Thanks for reading, Chris
No comments:
Post a Comment