I thought that I understood VLANs, and everything that I am reading seems to indicate that I'm doing it right, but my setup isn't working and I'd appreciate additional eyes talking a look...
I have an existing working setup with my core switch having all ports untagged VLAN 1 (native). Port 1 connects to my router/firewall out to the public internet, and other LAN stuff filling the rest of the switch.
I am trying to set up an isolated guest network (cabled, not wireless) on switch port 2. For now, I am just testing it with a single laptop plugged directly into switch port 2.
So, I created a new VLAN (2) in the switch, cleared VLAN 1 from port 2, and set VLAN 2 as Tagged on port 1 (router), Untagged on port 2 (laptop). Then I created a new virtual interface on the router/firewall for VLAN 2 with a completely different IP scheme.
I plug in the laptop in to port 2, assign it an appropriate static IP, and try to ping the router. It fails.
I can verify that I have the correct rules set up to permit ping on the router, so it's a more fundamental issue.
If I packet trace on the router with source: laptop's IP, I only get failed ARP requests.
Any idea what I may be missing here, or any next steps to try for troubleshooting?
No comments:
Post a Comment