Jimstigator
Junior Member
Hey there,
I am looking to introduce multiple VLANs to my network to improve security. I understand the easy concepts, but I am having trouble figuring out how I would set up what I am looking for on my switches, router, etc. Below is the layout of what I am trying to create... would love some input on how this is achieved.
Switches - Four connected SG500-52Ps. Switches are stacked, with the top plugging into an Edgemarc 4550 router. All devices in the buildings go into one of these 4 switches.
1) Use primary and guest VLAN that is auto determined based on MAC. When a user plugs into a data jack anywhere in the building, the switches will read MAC and either put it on the corporate network, or put them on a guest VLAN with internet only access.
2) For wireless AP's, use the built-in VLAN tagging feature on the AP to tag all data connected to the "GUEST" ssid and put it on the guest VLAN.
3) For remote cameras streaming to the office. Have two to three cameras that come into the building put on the guest, or another guest type VLAN (not corporate network).
I understand the concepts, somewhat, but am getting lost. On the router, I have the default VLAN1, and created guest VLAN2. On the switch, I have created a new VLAN2, but I get utterly lost trying to figure out the "Access, general, trunk" and "tagged" vs "untagged". The tabs "Interface", "Port to VLAN" and "Port VLAN Membership" get my head spinning.
Any advice would be greatly appreciated!
-Jim
I am looking to introduce multiple VLANs to my network to improve security. I understand the easy concepts, but I am having trouble figuring out how I would set up what I am looking for on my switches, router, etc. Below is the layout of what I am trying to create... would love some input on how this is achieved.
Switches - Four connected SG500-52Ps. Switches are stacked, with the top plugging into an Edgemarc 4550 router. All devices in the buildings go into one of these 4 switches.
1) Use primary and guest VLAN that is auto determined based on MAC. When a user plugs into a data jack anywhere in the building, the switches will read MAC and either put it on the corporate network, or put them on a guest VLAN with internet only access.
2) For wireless AP's, use the built-in VLAN tagging feature on the AP to tag all data connected to the "GUEST" ssid and put it on the guest VLAN.
3) For remote cameras streaming to the office. Have two to three cameras that come into the building put on the guest, or another guest type VLAN (not corporate network).
I understand the concepts, somewhat, but am getting lost. On the router, I have the default VLAN1, and created guest VLAN2. On the switch, I have created a new VLAN2, but I get utterly lost trying to figure out the "Access, general, trunk" and "tagged" vs "untagged". The tabs "Interface", "Port to VLAN" and "Port VLAN Membership" get my head spinning.
Any advice would be greatly appreciated!
-Jim
