VLAN implementation on LAN

SOLVED
TommyYap
Comes here often

VLAN implementation on LAN

Hello experts, i am new to meraki and vlan. Apologies for the newbie questions.

 

Currently company is running on a normal LAN with static IP on the server and switches etc... Recently i brought in a MX250 and MS350-24P to buff up the network. I have came up with some plans on the VLAN distribution for the office. I have some issue in mind before doing VLAN:

 

  • Can i maintain the current LAN setting or do i need to re-configure the IP schema?
  • If i configure the specific port on MS350 onto a VLAN ID and i plug in a client device, will it get LAN ip or VLAN ip?
  • What will happen to those static IP like servers, can client still access those application as normal?
  • Because i only have 1 MS350 to do VLAN, can i combine VLAN setting onto my Lv2 managed switch example Netgear Prosafe XS716T?  
1 ACCEPTED SOLUTION
cmr
Kind of a big deal
Kind of a big deal

@TommyYap the idea of VLANs is to separate the network into logical zones as I think you wish to do.  Initially if you enable VLANs but leave everything in VLAN 1 then all your existing devices should continue to work as they do now.  If you create a second VLAN then you will need to create a VLAN interface in both the original VLAN1 and the new VLAN.  This allows devices in each VLAN to talk to each other.  As an example the IP addressing could be as below:

 

Original network:                192.168.0.0/24

New VLAN1:                      192.168.0.0/24 <- the same as above

New VLAN1 interface IP:   192.168.0.1

New VLAN2:                      172.18.0.0/16

New VLAN2 interface IP:   172.18.0.1

Default route of 0.0.0.0/0    192.168.0.254 (IP address on MX in VLAN1)

 

A device on VLAN1 would have an IP address of 192.168.0.n with a subnet mask of 255.255.255.0 and a gateway of 192.168.0.1

A device on VLAN2 would have an IP address of 172.18.n.n with a subnet mask of 255.255.0.0 and a gateway of 172.18.0.1

 

To access the internet a device on VLAN2 would go to the L3 device (MS) and then onto VLAN1 and out through the MX.

View solution in original post

10 REPLIES 10
ww
Kind of a big deal
Kind of a big deal

Hi ,

Yes you can keep the subnet of you current lan and assign it to a Layer3 vlan.

 

In order to communicate between the vlans you need a Layer3 vlan interface for each vlan. (on mx or ms. )

The server static settings (gateway ip) must be the layer3 interface ip you create

 

When you assign a switchport to a vlan the clients is using that vlan you assigned.

 

Yes you can build a trunk between ms(or mx) and the netgear

cmr
Kind of a big deal
Kind of a big deal

@TommyYap the idea of VLANs is to separate the network into logical zones as I think you wish to do.  Initially if you enable VLANs but leave everything in VLAN 1 then all your existing devices should continue to work as they do now.  If you create a second VLAN then you will need to create a VLAN interface in both the original VLAN1 and the new VLAN.  This allows devices in each VLAN to talk to each other.  As an example the IP addressing could be as below:

 

Original network:                192.168.0.0/24

New VLAN1:                      192.168.0.0/24 <- the same as above

New VLAN1 interface IP:   192.168.0.1

New VLAN2:                      172.18.0.0/16

New VLAN2 interface IP:   172.18.0.1

Default route of 0.0.0.0/0    192.168.0.254 (IP address on MX in VLAN1)

 

A device on VLAN1 would have an IP address of 192.168.0.n with a subnet mask of 255.255.255.0 and a gateway of 192.168.0.1

A device on VLAN2 would have an IP address of 172.18.n.n with a subnet mask of 255.255.0.0 and a gateway of 172.18.0.1

 

To access the internet a device on VLAN2 would go to the L3 device (MS) and then onto VLAN1 and out through the MX.

TommyYap
Comes here often

@cmr Thank you for your detailed explanation, I understand most of it from logical point of view. I think my first step is to enable VLAN and maintain at VLAN1 like you mentioned. 

 

  • However moving forward VLAN2, physically on my device do i need to configure the port on the MX250 or on the MS350 or both? 
  • Because we do not have many managed switches, what will happen when a unmanaged switch uplink onto the MS350? 

 

Using your example, assuming all my servers are static assign into 192.168.0.0/24.

 

  • I can not physically plug or logical  assign into VLAN 2 172.18.0.0/16, unless i change static assign into 172.18.0.0/16 right? 
  • Currently I have a DHCP server of 192.168.0.0/24 with some reserved IP. Do I need to create another DHCP pool of 172.18.0.0/16?

 

Sorry for some beginners questions and thank you for your patience. 

cmr
Kind of a big deal
Kind of a big deal

@TommyYap You can only have one VLAN on an unmanaged switch, so where an unmanaged switch is connected to the MS350 you would set that port to access mode (single untagged VLAN).  I would configure the port on the MS350 and have that do the routing with it connected via a single VLAN to the MX250.

 

In my example if you set a port to VLAN2 then yes you will need to change the static IP address on the device connected to it to be in the 172.18.0.0/16 range.  I would create a second DCHP pool on your existing server and set the helper address on VLAN2 on the switch to point to the server.  Alternatively you can use the switch as a DHCP server itself for VLAN2 (or indeed VLAN 1 as well if you wished to).

TommyYap
Comes here often

@cmr Okay so i guess i can't really implement VLAN fully yet due to many unmanaged switches and devices already running on 192.168.0.0/24 including servers. Maybe i could do something about my netgear managed switches. 

 

Thanks a lot

cmr
Kind of a big deal
Kind of a big deal

@TommyYap if you have some managed switches then you can at least start to divide traffic into separate VLANs by having one of them directly connected to the MX.  You could then have the unmanaged switches hanging off that in their own zones.

TommyYap
Comes here often

Hi @cmr sorry if it is a late reply. I am trying to implement VLAN slowly however i am stuck, below are my steps:

 

  1. Under addressing & VLAN, I change LAN setting from Single LAN to VLAN and remain default VLAN1 192.168.0.0/24 MX IP is my gateway 192.168.0.1 everything is fine and working.
  2. I created VLAN2 192.168.1.0/24 MX IP 192.168.1.1
  3. Port 3 of MX250 is Trunk Native VLAN1 allowed all VLANs.
  4. Port 3 of MX250 connected to port 24 of MS350. 
  5. I tried configured port 15 of MS350 to be Access port VLAN2. 
  6. I plugged LAN from my laptop onto port 15 of MS350, unable to get valid ip address and unable to access internet. 
  7. I plugged into any other ports on MS350 is able to get ip from VLAN1 and access internet

 

Hope you can enlighten where have I done wrong or missing steps before i continue. 

cmr
Kind of a big deal
Kind of a big deal

@TommyYap have you created a DHCP scope for the 192.168.1.0/24 subnet on the MX:

cmr_0-1617215654510.png

 

TommyYap
Comes here often

Thank you so much you are a life savior. 

Bruce
Kind of a big deal

Is port 24 of the MS350 configured as a trunk, with native VLAN 1?

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels