This is an easy solution, I just don't have it, so please help!
I have 6 Ruckus R500 WAP, connected into 2 Cisco SG300's, which are then connected to FortiGate 200D.
On the WAP, I have 5 SSID, one of which is set to VLAN 2.
The ports which the WAP connect to on the SG300's have VLAN 2 added to them, trunk mode.
In the FortiGate200D:
All ports are in LAN HW Switch.
IP: 10.3.7.210/255.255.252.0
DHCP 10.3.4.1-10.3.5.254
I have a VLAN sub created on the LAN, with an Id of 2.
IP: 10.3.9.1/255.255.255.0
DHCP 10.3.9.2-254
There are "auto" routes created for 10.3.9.0/24 --> 0.0.0.0
When I connect to the VLAN 2 SSID, I am unable to pull an IP. If I set static IP, I am unable to ping. Where am I messed up? Is it because my LAN HW Switch subnet does not contain 10.3.9.xxx ? What would the best way to overcome this be, perhaps change LAN HW Switch to 10.3.0.0/21?
Basically the end goal is 10.3.4.0 and 10.3.5.0 for normal connections. And then a separate subnet for VLAN2, could be 10.3.8.0 or 10.3.9.0 or whatever, even 192.168.1.0.
This was solved by Zac67. I had to correct tagging, then open up traffic to WAN and DHCP kicked in just fine. Thanks Zac67
Related
I'm writing to you because I can't solve a problem with a client.
My client has an infrastructure with the following characteristics:
2 ISP routers
1 fortigate firewall
1 dedicated router that broadcasts a UCOPIA US250 guest portal
65 Zyxel switches (1900 - 24) and one 4600 switch (4x 24 ports for the core network)
250 WIFI LIGOWAZE NFT terminals
80 VLANs
I do not manage the first 3 equipments, it is another provider.
Today, I have to pass the VLAN dedicated to the guests.
The other provider has set up the FORTIGATE to broadcast the DHCP and the associated VLAN on the DMZ port to the OUT port of the UCOPIA.
I have to broadcast VLAN 420 from the IN port to the ZYXEL switch and to the LIGOWAVE terminals.
However, when I am connected to the UCOPIA on the IN port, I manage to get the desired IP and to reach the portal, but when I test on the ZYXEL switch, it is impossible to get the dedicated VLAN.
I put myself on another port of the ZYXEL, I TAG the VLAN in question. I have modified the ID of my VLAN on my computer in DHCP that does not work. I tried to use static IP but still nothing. I can't even ping the gateway.
The ZYXEL port to which the UCOPIA is connected is TAGGED on the dedicated VLAN. I have also tried Untagged and excluding all the other VLANs but it is impossible to get this network.
Do you have any other ideas for me?
Here, you can see my diagram network:
MyNetwork
I resolved my problem.
I configured Switch like that:
Untagged dedicated VLAN
But i forgot to change the PVID VLAN.
I changed it and that work !
I have this very cheap all in one machine (modem + wifi router) provided by my service provider. I have disabled the wifi on it and bought a netgear nighthawk. Now i am trying to set it up that some devices are connected to wifi and some are connected using wire to the modem. I am trying to figure out how i can have DHCP enabled on both machine and also have access to machines connected to modem. So my setup is as follow.
Modem has 4 LAN ports and have 3 devices and the the nighthawk wifi router connected to it. The access IP of the modem is 192.168.1.1 and starting IP is 192.168.1.2 with subnet mask 255.255.255.0 and have DHCP enabled to provide IPs to everything connected to it.
The WIFI router access IP is IP 192.168.0.1 has starting IP 192.168.0.2 with subnet mask 255.255.255.0 and DHCP enabled to provide IP to everything connected to it.
I would like devices connected to WIFI router to have access to devices connected to Modem and vice versa.
Can someone help me figure this out.
On your configuration you have 2 NAT one from the ISP and another one from your access point/router (nighthawk). Meaning that you have 2 networks with different IP ranges.
This is how I configure the LAN when I have multiple routers to extend the coverage.
Assign an IP address to the nighthawk on the range of 192.168.1.x/255.255.255.0 ex 192.168.1.2
Disable the DHCP on the nighthawk
Connect your ISP router to a LAN interface on the Nighthawk.
What will happen is that your nighthawk will be just an access point, all the DHCP will be at the ISP router meaning that all ips will be on the same range. If you connect your ISP to the Nighthawk WAN interface it is going to go nowhere because some of them are programmed to do a NAT between the Lan an Wan interfaces.
I also configure the DHCP to assign ip's from 192.168.1.100 to 192.168.1.200 range, all devices from 1 to 99 are routers, access points, servers, cameras, printers or devices that need an static ip address. Then I have segments ex. routers are 1-9, printers 10-29, etc etc. By doing this I will now what device is or their purpose on the network.
Hope it helps.
hello everyone I am setting up a network I had two mikrotik routers one is the main(mikrotik 1) and secondary router (mikrotik 2). Mikrotik 1 is having dhcp client ether 3 taking everyone information from dhcp. both routers are connected to each other on ether 1 and with the ip address of 192.168.199.1/24 on mikrotik 1 and 192.168.199.2/24 on mikrotik 2. I am trying to run pppoe on mikrotik ethernet 2 but I cannot ping mikrotik 1 default gateway that is acting as default gateway for the network.
I tried creating static routes everything I know of I tried but it did not work
All replies are appreciated!!
Thanks
This config always works good. And for [mikrotik2]> ping 192.168.199.1 will work too.
[mikrotik2]> ping mikrotik1_default_gateway will work only if nat enabled. Don't forget reset configuration after last test.
Just in advance im sorry for my limited expertise with networking, i know the basics tho...
So the issue i have which i am hoping someone can shed some light on..
I want to have 2 routers, each with either own vlan, and i want one router to be able to talk the other but not vise versa,
So my Main router (192.168.1.1) is connected to the modem,
I want to get a second router and connect it to my main router,
The second router i want to have its own vlan (192.168.2.1)
Now that part is pretty easy, here is where i am in over my head
I want the computers on my Main router, to be able to access the ones on the second router... like ping, RDP, ETC
BUT - i dont want the computers on the second router to have access to the ones on the main router.....
Is this possible?
Thank you,
If you are using home routers the key is in the WAN interface.
All the hosts connected in the LAN ports can access the hosts in the WAN port, but not viceversa. Your border router act this way: if you want a hosts communicate directly from WAN to LAN you have to forward a port. For example, if you have DVR with cameras and you want to monitor them from Internet, you will have to forward the ports the DVR uses.
So, you could connect in the 192.168.2.1 subnet (just to clarify, this is not a VLAN, this is a subnet, or you can also call it just a net, VLANs are another thing) the PCs that you don´t want to be accessed from the other hosts.
VLANs are kind of partition of a LAN where the broadcast can propagate inside it but cannot go out. They are used for security, performance and easy of administration. They belong to the 2nd. layer of the OSI model.
The final topology in your case is as follows:
Let´s separate your computers in two groups: group A are the ones you don´t anyone has access and group B are the ones you want to be accessed from another PCs.
First you have your modem connected to the router that will act as border router. It´s LAN IP will be 192.168.1.1/24 (/24 is a notation for the subnet mask 255.255.255.0).
To that router you will connect to it´s LAN ports the group B PCs with IPs ranging from 192.168.1.2 to 192.168.1.254 (.0 is reserved, .1 is you border router and .255 is also reserved).
Also to that router you will connect the second router to its WAN port. In the second router you will set an static IP in its WAN port that belongs to the subnet of the border router. For example 192.168.1.2.
The second router LAN IP will be 192.168.2.1/24. Finally, you will connect the group A PCs to the second router LAN ports. With IPs from 192.168.2.2 to 192.168.2.254. This will be the more "protected" LAN.
I hope this could help!
I have 3 separate vlans and subnets (192.168.175.0/24,192.168.176.0/24, 192.168.178.0/24). I need to have the ability to print from a single network printer from any server on these subnets. I have created a 4th vlan for this purpose but I'm not really sure how to configure the intervlan routing on the main switch where these vlans are.
I'm using a Cisco 3560G and trying to use the routing wizard.
Okay, so... Routing between VLAN's is really very simple. First, a VLAN is nothing more than a broadcast domain. When you try and send a packet to a machine, an ARP broadcast goes out to see if any hosts on the local broadcast domain (VLAN) have the IP address. If so, they respond with the MAC address. When an ARP response isn't received, the packet is sent to the router to do something else with it. If the address is not part of the local broadcast domains network (identified via the subnet mask), it's sent to the networks router.
Take the following in to consideration: You have 4 VLAN's... VLAN1, VLAN2, VLAN3 and VLAN4. Each has their own /24 network: 192.168.1.0/24, 192.168.2.0/24, 192.168.3.0/24 and 192.168.4.0/24 . What you should have on your router is something like this:
(interface names may be different, but you'll get the idea)
int fa0/0
no shut
int fa0/0.1
encapsulation dot1q 1
ip address 192.168.1.1 255.255.255.0
int fa0/0.2
encapsulation dot1q 2
ip address 192.168.2.1 255.255.255.0
int fa0/0.3
encapsulation dot1q 3
ip address 192.168.3.1 255.255.255.0
int fa0/0.4
encapsulation dot1q 4
ip address 192.168.4.1 255.255.255.0
The "encapsulation dot1q #" is telling the router, "Encapsulate any L2 frames on this interface with VLAN ID #" . VLAN's are a L2 concept, not L3. So, that in mind, it's important to understand we need to "transport" that L2 connectivity back to the switch and the hosts on the switch.
With the above configuration, interface fa0/0 should be connected to a trunk port on the switch. If you're plugged in to a Cisco switch, "switch port mode trunk" should do the trick. If you're using a non-cisco switch, it will most likely be:
switchport untagged vlan 1 <- default vlan
switchport tagged vlan 2,3,4 <- other VLAN's allowed
That in mind, any hosts should be on ports in their respective VLAN:
Again, if cisco: switch access vlan #
If not, most likely: untagged vlan #
For each port that has a host.
Each host in each VLAN should have their respective gateways as their default gateway... i.e. VLAN 1 should have the IP of fa0/0.1 (192.168.1.1) . VLAN 2 - fa0/0.2 (192.168.2.1) .
This is a very simple methodology. I'd recommend you grab the CCENT or CCNA library, as it can greatly help you understand these concepts.