In our office we want to separate traffic using VLANs. I don’t have much experience with this and I don’t have much time for experiments because people are working also outside normal office hours. Therefore I want to ask if my planned setup works as expected.
Goal:
- ether1 is the WAN port (omitted in the further discussion)
- ether2 is connected to external switch1 and should serve VLANs 18,21,30
- ether3 is connected to external switch2 and should serve VLANs 18,21,30
- ether4 should serve VLAN 18, but external traffic should be untagged
- ether5 should serve VLAN 21, dito
- ether6 should serve VLAN 30, dito
The router should offer IP addresses via DHCP on the corresponding VLANs (172.17.18.* in VLAN 18, and so on).
Traffic on ether2 and ether3 can be fully tagged because the switches understand it. Traffic on ether4-6 should be untagged when leaving and tagged when entering so that it’s forwarded to the ports with the corresponding VLANs.
My setup would be as follows:
VLAN interfaces:
- vlan18_e2, vlan18_e3, vlan18_e4 (i.e. vlan interface on ether2 with ID 18, and so on)
- vlan21_e2, vlan21_e3, vlan21_e5
- vlan30_e2, vlan30_e3, vlan30_e6
Bridges:
- bridge with ether2 and ether3
- bridge18 with vlan18_*
- bridge21 with vlan21_*
- bridge30 with vlan30_*
Adresses:
- 172.17.18.0/24 on bridge18
- 172.17.21.0/24 on bridge21
- 172.17.30.0/24 on bridge30
DHCP:
- Pool 172.17.18.* on bridge18
- Pool 172.17.21.* on bridge21
- Pool 172.17.30.* on bridge30
Will I achieve my goals with this setup?
Cheers,
Thorsten