I tried to configure my 493G for the network shown in the picture below. My main issue here is setting up the VLANs and VLAN-trunks.
In my setup I have four VLANs: Office (ID 111), Management (ID 333), Guest (ID 666) and InternetDMZ (ID 999). Could someone please point me in the right direction on what steps to take to:
use ether1 as access port for the ISP modem
configure two VLAN-trunks on ether 8 and ether 9 each with all four vlans
configure a third VLAN-trunk on ether 7 with only three of the VLANs
configure ether2-ether6 as access ports in the office-VLAN
Background:
both switches need to have access to all four VLANs
the WLAN access point creates a secure office Wireless-LAN on the office-VLAN (111) and another WLAN for guests who will have internet access only
computers within the office-VLAN will connect through NAT to the internet
Baby steps my friend… baby steps. Because of the way ROS does it’s network abstractions, the config gets very complex very quick. Quite often, it’s easier to just open it up a bit, then put restrictions when/where necessary.
For your internet, this is pretty basic. Just add the address/route/dns provided by your ISP. Done.
Next, let’s build your basic Office LAN:
Create a bridge (call it ‘Office’)
Add ports ether2-6 to that bridge
Add an IP address and DHCp server to that bridge
Done
Next, we need to trunk multiple VLANs to the AP and some switches… You CAN do what you describe, but it will not hurt anything to pass all 4 VLANs to the AP (it will just ignore one of them).
Create a bridge (call it ‘LAN_Bridge’)
Add ports ether7-9 to that bridge
Add VLAN interfaces ON that bridge
Add the Office VLAN to the Office bridge (Done!)
Add IP addresses and DHCP servers to your other 3 VLAN interfaces
Done!
On the AP, I’m not sure how you’re going to pass 2 SSIDs to 3 VLANs
Create a bridge (call it ‘LAN_Bridge’)
Create 3 VLANs on that bridge
Create 3 more bridges (‘Office’,‘Management’,‘Guest’)
