Hello experts, i am new to meraki and vlan. Apologies for the newbie questions.
Currently company is running on a normal LAN with static IP on the server and switches etc... Recently i brought in a MX250 and MS350-24P to buff up the network. I have came up with some plans on the VLAN distribution for the office. I have some issue in mind before doing VLAN:
Solved! Go to solution.
@TommyYap the idea of VLANs is to separate the network into logical zones as I think you wish to do. Initially if you enable VLANs but leave everything in VLAN 1 then all your existing devices should continue to work as they do now. If you create a second VLAN then you will need to create a VLAN interface in both the original VLAN1 and the new VLAN. This allows devices in each VLAN to talk to each other. As an example the IP addressing could be as below:
Original network: 192.168.0.0/24
New VLAN1: 192.168.0.0/24 <- the same as above
New VLAN1 interface IP: 192.168.0.1
New VLAN2: 172.18.0.0/16
New VLAN2 interface IP: 172.18.0.1
Default route of 0.0.0.0/0 192.168.0.254 (IP address on MX in VLAN1)
A device on VLAN1 would have an IP address of 192.168.0.n with a subnet mask of 255.255.255.0 and a gateway of 192.168.0.1
A device on VLAN2 would have an IP address of 172.18.n.n with a subnet mask of 255.255.0.0 and a gateway of 172.18.0.1
To access the internet a device on VLAN2 would go to the L3 device (MS) and then onto VLAN1 and out through the MX.
Hi ,
Yes you can keep the subnet of you current lan and assign it to a Layer3 vlan.
In order to communicate between the vlans you need a Layer3 vlan interface for each vlan. (on mx or ms. )
The server static settings (gateway ip) must be the layer3 interface ip you create
When you assign a switchport to a vlan the clients is using that vlan you assigned.
Yes you can build a trunk between ms(or mx) and the netgear
@TommyYap the idea of VLANs is to separate the network into logical zones as I think you wish to do. Initially if you enable VLANs but leave everything in VLAN 1 then all your existing devices should continue to work as they do now. If you create a second VLAN then you will need to create a VLAN interface in both the original VLAN1 and the new VLAN. This allows devices in each VLAN to talk to each other. As an example the IP addressing could be as below:
Original network: 192.168.0.0/24
New VLAN1: 192.168.0.0/24 <- the same as above
New VLAN1 interface IP: 192.168.0.1
New VLAN2: 172.18.0.0/16
New VLAN2 interface IP: 172.18.0.1
Default route of 0.0.0.0/0 192.168.0.254 (IP address on MX in VLAN1)
A device on VLAN1 would have an IP address of 192.168.0.n with a subnet mask of 255.255.255.0 and a gateway of 192.168.0.1
A device on VLAN2 would have an IP address of 172.18.n.n with a subnet mask of 255.255.0.0 and a gateway of 172.18.0.1
To access the internet a device on VLAN2 would go to the L3 device (MS) and then onto VLAN1 and out through the MX.
@cmr Thank you for your detailed explanation, I understand most of it from logical point of view. I think my first step is to enable VLAN and maintain at VLAN1 like you mentioned.
Using your example, assuming all my servers are static assign into 192.168.0.0/24.
Sorry for some beginners questions and thank you for your patience.
@TommyYap You can only have one VLAN on an unmanaged switch, so where an unmanaged switch is connected to the MS350 you would set that port to access mode (single untagged VLAN). I would configure the port on the MS350 and have that do the routing with it connected via a single VLAN to the MX250.
In my example if you set a port to VLAN2 then yes you will need to change the static IP address on the device connected to it to be in the 172.18.0.0/16 range. I would create a second DCHP pool on your existing server and set the helper address on VLAN2 on the switch to point to the server. Alternatively you can use the switch as a DHCP server itself for VLAN2 (or indeed VLAN 1 as well if you wished to).
@cmr Okay so i guess i can't really implement VLAN fully yet due to many unmanaged switches and devices already running on 192.168.0.0/24 including servers. Maybe i could do something about my netgear managed switches.
Thanks a lot
@TommyYap if you have some managed switches then you can at least start to divide traffic into separate VLANs by having one of them directly connected to the MX. You could then have the unmanaged switches hanging off that in their own zones.
Hi @cmr sorry if it is a late reply. I am trying to implement VLAN slowly however i am stuck, below are my steps:
Hope you can enlighten where have I done wrong or missing steps before i continue.
Thank you so much you are a life savior.
Is port 24 of the MS350 configured as a trunk, with native VLAN 1?