tldr: Have APs with 2 vlans(these should not talk to each other), going thru a layer 2 switch to a sonicwall. untagged traffic passes fine, tagged gets blocked/cant get dhcp or even static ip to route.
Im not a network engineer by any measure and im having difficulties with getting vlan routing to work.
In our environment we have 5 Ubiqiti Unifi-AP-AC-Pro APs with 2 wireless networks (laptops, mobile phones and one for testing). At the moment all 3 wireless ssids networks are on the same subnet (10.8.4.1/24), I want to separate the mobile phones (10.8.6.1/24) and laptops (10.8.5.1/24) into their own networks and then route all mobile phones thru our second internet connection thru comcast vs our cogent link. THe mobile phones should not communicate to the other networks which from my understanding should be ok with layer 2 switching.
Ill start by going over the APs, then the switch they are connecting to and then the sonicwall.
On the unifi APs, this it the configuration for the networks. Everything in production currently passes thru the LAN network. The other 2 are set up for what I want to do. vlan 500 is for laptops, 600 for mobile phones.
https://imgur.com/a/6tq3RC1
This is the set up for the wireless networks so you can see that only test is set to use vlan 600.
https://imgur.com/a/GD6Y5GC
Now, onto the Engenius Layer 2 switch. I have the APs plugged into ports 2-6 and the uplink to the sonciwall is on port 1. https://imgur.com/a/aKOOCtf
The PVID is messing me up and Im not sure if this is correct. I cant add multiple vlans to each port so Im not sure if what Im trying to do is technically possible with this switch.
https://imgur.com/a/cWNqCAU
Now onto the Sonicwall. The uplink from the switch is coming to interface x2 and has 2 vlans x2:500 and x2:600 set up with DHCP scopes set for each. For now, Ill just show the info for vlan 600.
https://imgur.com/a/9sIurae
https://imgur.com/a/aOEMTUC
https://imgur.com/a/OpqIM0v
So, the question is, what am I doing wrong? I know im missing something glaringly obvious and I dont know what it is. This is my frist time working with vlans and would really like to get this figured out. Any help is appreciated!!
Thanks, Rob
No comments:
Post a Comment