Firstly, what a great forum, I think I have learnt a lot by lurking here, however I am still not able to get my VLAN working. I wonder if someone can look at my VLAN description and see what I am doing wrong?
I have 17 (very) small businesses and 2 apartments that will be sharing one Comcast business internet connection.
Each business has 2 physical cat6 connections from their office to the patch panel in the "network closet" and from there to the multiport switch. This is to enable 2 computers or one computer and a VOIP connection per office as a basic system. Should an office need more, they could purchase their own switch or router.
My goal is to provide Internet access for each business and that they cannot "see" or access the other business' networks, yet can use the 2 ports in their office as a network for their computers and printers etc as well as connect to the internet
One of the businesses is a cafe and will have a POS system that requires internet access
I may add a communal network printer in the future..
Between the Cisco DPC3000 cable modem and the Cisco SG200-50 "smart switch" I have an ASUS RT-AC66U router, which is currently the DHCP server assigning ip addresses in the 192.168.1.xxx range. It also provides wifi for the buildings guests.
I also have in my building network a Digimerge security camera DVR that is connected to the internet so that I can remotely access and control security camera feeds.
I have a Trigon building access control system that connects to the internet for programming
A VOIP dialer for the building access control system that dials me if someone needs the doors buzzed open outside of building opening hours.
A Honeywell wifi programmable thermostat.
My wife and I will be living in one of the apartments and we have a second Asus RT-AC66U Router for our own internet access and networking needs. Behind that router will be several computers, network printers, IPads and networked entertainment systems.
I would also like to bring the thermostat into our apartments network and all the building management equipment described above.
With the "smart" switch left in the default "out of the box" setup all connections work and connect to the internet but of course can "see" each other as they are on the default VLAN of 1. I have tried to set up the VLANS per the Cisco instructions.
Each business gets a VLAN ID number that corresponds to the number of the room they are in and a VLAN name that describes the room and floor they are on.
I then assign the VLAN mode that the physical ports will need to be (the Cisco default is Trunk), "access" for the ports that run to a room and "general" for the port that runs to the router. Frame type "admit all", Administrative PVID is 1.
I then assign the room's physical ports to the room's VLAN and the routers port in the web based "port to VLAN" table.
In the "Port VLAN membership table" the ports end up as members of the Administrative LANs of 1(Untagged, PVID), the default VLAN and the correct VLAN number for that room VLAN xxx (Untagged).
The port that the ASUS router is on has all the VLANS assigned to it as Untagged except the default VLAN (Tagged and PVID)
I cannot get a computer in any of the businesses' rooms to access the internet, I cannot even ping the switch.
In my apartment I am still on the default VLAN (1) and can connect without a problem.
I also have the apartment router connected without a problem on the default VLAN. it is serving out ip addresses in the apartment in the range of 192.168.2.xx. this router did this without my input.
I have been told differing stories of what is wrong. Several people including a Cisco tech have told me I need to purchase a 300 series level 3 switch as the switch needs to handle the DHCP. Others who administer networks have told me that my 200 switch should be able to handle this simple VLAN setup but have not succeeded in assisting me. Others have told me that the problem is that the ASUS routers cannot handle VLANS and that I need VLAN capable Routers (unfortunately most "small business" VLAN capable routers only handle 16 VLANs such as the Cisco RV 220 and 180).
On top of all of this I have been told by someone that to completely separate the traffic from each business I need the "protected port" function that is only available in the Cisco 300 series switches and that I need to purchase a Cisco ISA 550/570 Integrated security appliance. I cannot make out if that is in addition to a router or to replace it?
Also that the businesses need to purchase switches that have "collision detection capabilities" if they want more than one computer on a port.
Any assistance would be greatly appreciated. I am the building owner and not a "network admin". My experience is limited to home routers, switches and bridges up to this point.
I feel that what I have should be up to the task but feel I am missing something when building my VLANS on this network.
I have 17 (very) small businesses and 2 apartments that will be sharing one Comcast business internet connection.
Each business has 2 physical cat6 connections from their office to the patch panel in the "network closet" and from there to the multiport switch. This is to enable 2 computers or one computer and a VOIP connection per office as a basic system. Should an office need more, they could purchase their own switch or router.
My goal is to provide Internet access for each business and that they cannot "see" or access the other business' networks, yet can use the 2 ports in their office as a network for their computers and printers etc as well as connect to the internet
One of the businesses is a cafe and will have a POS system that requires internet access
I may add a communal network printer in the future..
Between the Cisco DPC3000 cable modem and the Cisco SG200-50 "smart switch" I have an ASUS RT-AC66U router, which is currently the DHCP server assigning ip addresses in the 192.168.1.xxx range. It also provides wifi for the buildings guests.
I also have in my building network a Digimerge security camera DVR that is connected to the internet so that I can remotely access and control security camera feeds.
I have a Trigon building access control system that connects to the internet for programming
A VOIP dialer for the building access control system that dials me if someone needs the doors buzzed open outside of building opening hours.
A Honeywell wifi programmable thermostat.
My wife and I will be living in one of the apartments and we have a second Asus RT-AC66U Router for our own internet access and networking needs. Behind that router will be several computers, network printers, IPads and networked entertainment systems.
I would also like to bring the thermostat into our apartments network and all the building management equipment described above.
With the "smart" switch left in the default "out of the box" setup all connections work and connect to the internet but of course can "see" each other as they are on the default VLAN of 1. I have tried to set up the VLANS per the Cisco instructions.
Each business gets a VLAN ID number that corresponds to the number of the room they are in and a VLAN name that describes the room and floor they are on.
I then assign the VLAN mode that the physical ports will need to be (the Cisco default is Trunk), "access" for the ports that run to a room and "general" for the port that runs to the router. Frame type "admit all", Administrative PVID is 1.
I then assign the room's physical ports to the room's VLAN and the routers port in the web based "port to VLAN" table.
In the "Port VLAN membership table" the ports end up as members of the Administrative LANs of 1(Untagged, PVID), the default VLAN and the correct VLAN number for that room VLAN xxx (Untagged).
The port that the ASUS router is on has all the VLANS assigned to it as Untagged except the default VLAN (Tagged and PVID)
I cannot get a computer in any of the businesses' rooms to access the internet, I cannot even ping the switch.
In my apartment I am still on the default VLAN (1) and can connect without a problem.
I also have the apartment router connected without a problem on the default VLAN. it is serving out ip addresses in the apartment in the range of 192.168.2.xx. this router did this without my input.
I have been told differing stories of what is wrong. Several people including a Cisco tech have told me I need to purchase a 300 series level 3 switch as the switch needs to handle the DHCP. Others who administer networks have told me that my 200 switch should be able to handle this simple VLAN setup but have not succeeded in assisting me. Others have told me that the problem is that the ASUS routers cannot handle VLANS and that I need VLAN capable Routers (unfortunately most "small business" VLAN capable routers only handle 16 VLANs such as the Cisco RV 220 and 180).
On top of all of this I have been told by someone that to completely separate the traffic from each business I need the "protected port" function that is only available in the Cisco 300 series switches and that I need to purchase a Cisco ISA 550/570 Integrated security appliance. I cannot make out if that is in addition to a router or to replace it?
Also that the businesses need to purchase switches that have "collision detection capabilities" if they want more than one computer on a port.
Any assistance would be greatly appreciated. I am the building owner and not a "network admin". My experience is limited to home routers, switches and bridges up to this point.
I feel that what I have should be up to the task but feel I am missing something when building my VLANS on this network.