Menu
What's new
By:
Filters Better Search

VLAN question

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

P

PennLib

Occasional Visitor
Yes, I'm new here. I've searched all over the net, including many mfgrs sites and still can't find an answer. I was impressed with what I read here so here goes.

I help out at a small, local library. We have 23 what we call "patron" computers, they are for public use. We also have 10 computers which are used by staff.

We have Comcast Cable coming in on a Motorola Cable Modem, SB5120. That runs directly to a Cisco Linksys WRT54G wireless router. That is wired directly (one wire each) to two TrendNet TE100-S24 switches. From those two items to the patch panel.

There is also a Sharp MX-2600N network printer and a Dlink DNS-321 network storage device.

The Linksys router is handling DHCP for all but 2 computers, the network printer, the NAS.

13 of the public access computers must be able to print to the Sharp printer. The print process and access to the public computers is controlled by software called Envisionware and must use static IP's.

We would like to segment these two groups into two VLANs. Currently all the staff computers are part of a "workgroup" to share resources but if a patron brings in a wireless device (or a plug-in laptop) and they click on "My Network Place" -> "Entire Network" -> "Microsoft Windows Network" they can see the workgroup and all the shared resources. Not good.

Any suggestions or can I offer additional info?????

Thanks.

Bill
 
PennLib said:
Yes, I'm new here. I've searched all over the net, including many mfgrs sites and still can't find an answer. I was impressed with what I read here so here goes.

I help out at a small, local library. We have 23 what we call "patron" computers, they are for public use. We also have 10 computers which are used by staff.

We have Comcast Cable coming in on a Motorola Cable Modem, SB5120. That runs directly to a Cisco Linksys WRT54G wireless router. That is wired directly (one wire each) to two TrendNet TE100-S24 switches. From those two items to the patch panel.

There is also a Sharp MX-2600N network printer and a Dlink DNS-321 network storage device.

The Linksys router is handling DHCP for all but 2 computers, the network printer, the NAS.

13 of the public access computers must be able to print to the Sharp printer. The print process and access to the public computers is controlled by software called Envisionware and must use static IP's.

We would like to segment these two groups into two VLANs. Currently all the staff computers are part of a "workgroup" to share resources but if a patron brings in a wireless device (or a plug-in laptop) and they click on "My Network Place" -> "Entire Network" -> "Microsoft Windows Network" they can see the workgroup and all the shared resources. Not good.

Any suggestions or can I offer additional info?????

Thanks.

Bill
Click to expand...

At the very least you need a wireless router that supports VLAN's and swap out the TE100-S24 unmanaged switches from managed switches.
 
Chadster's advice is correct as a start. This article might help explain the concepts further.
VLAN How To: Segmenting a small LAN

Does Envisionware require just the printer have a static IP or all devices?
Click to expand...

I have already downloaded and printed that particular article. It helped, A LOT!

The Envisionware program requires both the printer and the Envisionware "server" to be static IPs, all the other public computers are served via DHCP via the Cisco Linksys WRT54G wireless router. What EV does is provide access control to 15 of the public computers. Patrons can sit at a computer and enter their library card number for access or go to the front desk and gain access that way. An EV print client is installed on all these public computers. The balance of the public computers are locked into a web application that searches libraries for books, we call it a "web catalog", no printing required from them.

At the very least you need a wireless router that supports VLAN's and swap out the TE100-S24 unmanaged switches from managed switches.
Click to expand...

Can you provide some hardware suggestions bearing in mind that the library, as is to be expected, is "financially" challenged????

Thanks for the help.

Bill
 
PennLib said:
I have already downloaded and printed that particular article. It helped, A LOT!

The Envisionware program requires both the printer and the Envisionware "server" to be static IPs, all the other public computers are served via DHCP via the Cisco Linksys WRT54G wireless router. What EV does is provide access control to 15 of the public computers. Patrons can sit at a computer and enter their library card number for access or go to the front desk and gain access that way. An EV print client is installed on all these public computers. The balance of the public computers are locked into a web application that searches libraries for books, we call it a "web catalog", no printing required from them.



Can you provide some hardware suggestions bearing in mind that the library, as is to be expected, is "financially" challenged????

Thanks for the help.

Bill
Click to expand...

Well I can only recommend from my experience and what I think is best for the application.

You will have a higher one time cost with my suggestion but your network will not need to be upgraded for many years and the reliability of the network is worth the cost IMO.

Also other users here will have some great suggestions for lower cost setups.

Hardware suggestions:

Cisco 1921 router
Cisco SG500 switch
Any professional grade AP that support VLAN
 
PennLib said:
Can you provide some hardware suggestions bearing in mind that the library, as is to be expected, is "financially" challenged????
Click to expand...
Fortunately, "smart" / managed switches have come down in price significantly.
Since you have two switches, however, you need ones that pay attention to VLAN tags. Here are a few we have tested that do:
TRENDnet TEG-160WS
NETGEAR GS108T
TP-LINK TL-SG2216
 
chadster766 said:
Well I can only recommend from my experience and what I think is best for the application.

You will have a higher one time cost with my suggestion but your network will not need to be upgraded for many years and the reliability of the network is worth the cost IMO.

Also other users here will have some great suggestions for lower cost setups.

Hardware suggestions:

Cisco 1921 router
Cisco SG500 switch
Any professional grade AP that support VLAN
Click to expand...

I think I would go with the Cisco 891 K9 pack, gives you 8 ethernet ports, you can setup the vlans there and and keep the controls on the router. The 891 has a fairly decent web setup for basics including the vlans, it will also do DHCP for multiple ip subnets. Or go with the W model for a wap in one box. It also has a pretty active support group on cisco's site for questions and answers with a lot of cut and paste configs and how to's.
 
VLAN quetion

Wow, talk about a FAST response! I've been looking at hardware all morning based on all your suggestions.

I really like Cisco products, I've had friends that have used them in the past and nothing but good to say about them. Problem is most of the models suggested are over $500. I was hoping to be able to reuse some of the current components.

Would this scenario work?

Internet comes in on the Motorola Cable Modem, SB5120, then to the Cisco Linksys WRT54G wireless router for NAT capabilities (turn off the DHCP capability and turn off the wireless capability), then to a NetGear M4100-D12G (with DHCP server turned on), from there one wire to each of the two TrendNet TE100-S24 switches, each of which would be a separate VLAN (one for the public and one for staff) and one wire to the network printer. An inexpensive wireless router could then be added to the public TrendNet switch.

Thanks again.

Bill
 
PennLib said:
Wow, talk about a FAST response! I've been looking at hardware all morning based on all your suggestions.

I really like Cisco products, I've had friends that have used them in the past and nothing but good to say about them. Problem is most of the models suggested are over $500. I was hoping to be able to reuse some of the current components.

Would this scenario work?

Internet comes in on the Motorola Cable Modem, SB5120, then to the Cisco Linksys WRT54G wireless router for NAT capabilities (turn off the DHCP capability and turn off the wireless capability), then to a NetGear M4100-D12G (with DHCP server turned on), from there one wire to each of the two TrendNet TE100-S24 switches, each of which would be a separate VLAN (one for the public and one for staff) and one wire to the network printer. An inexpensive wireless router could then be added to the public TrendNet switch.

Thanks again.

Bill
Click to expand...

That 54G has to go, invest in the Cisco, you will never, 10 years ?, have to buy another one. I always liked the 54g's, I've installed a lot of them in small business places and homes where there are 2-15 users but in a nutshell, IMO, they are toys. I still run a SMC7008abr at home and it works for that and I like the 8 Ethernet ports for my two network printers, I like to replace it with an 891 but I still have a few months of covering my daughters wedding last month :D
My setup here has the POE daughter card which activates POE on ports 0-3, by default port 0 is the management port for access to the gui, vlan1, I moved it to Ethernet port 4, ethernet ports 0-2 is vlan5, Ethernet port is vlan7. The K9 pack has the security firewall software with a decent basic setup. The 891 also handles DHCP pretty well. The Default setup is 10.10.10.x for the vlan1 management, I assigned 10.10.11.10-251 vlan5 and 10.10.12.10-251 for future expansion so it DHCP's three networks nicely.
 
Last edited:
Let the router serve DHCP. since it is providing internet access. If you have the switch serving DHCP, make sure it hands out proper gateway and DNS so that clients can reach the internet.

If I understand you correctly, you will have the NETGEAR as a managed switch (thought you had limited budget?) and all the devices on one dumb switch will be on one VLAN and all the devices on the other on a second VLAN. Then you'll put a wireless AP on another?

You'll need to set up the VLANs so that each has access to the printer and internet, but not to each other. Not difficult to do.
 
If I understand you correctly, you will have the NETGEAR as a managed switch (thought you had limited budget?) and all the devices on one dumb switch will be on one VLAN and all the devices on the other on a second VLAN. Then you'll put a wireless AP on another?
Click to expand...

The reason I looked at the Netgear M4100 is that it's available for about $195-$200, that's pretty much the total budget for this venture :'-((

Beyond that, your analysis is correct. All devices on one dumb switch would be one VLAN, all the devices on the other dumb switch would be the other VLAN. We do have an inexpensive wireless point not being used and that would go into the public VLAN dumb switch as wireless is not needed for the staff side. This would use mostly components already here with only one purchase. I'll suggest upgrading the router in next years budget.

I've read the VLAN how to here (and it's great) and also downloaded and started to read the docs on the M4100. Already had docs on the Netgear 108. I had downloaded them before as they had a fairly good explanation of how to set up a VLAN.

Yeah, I'm new to all this. Other than networking 4 or 5 computers at home, I've never really done any of this. But hey, that's how you learn.;-))

So I assume what I described above will work (other than letting the router continue to be the DHCP server)???

Thanks. This will be fun?

Bill
 
You don't even need to spend that much for the M4100. A GS108T or inexpensive other 8 port smart switch will do.

I have plenty of routers and APs sitting around that SNB can contribute. PM me and we'll set it up.
 
OK, thanks to all for the help. Switch should be here next week. I have 2 implementation questions.

There will be 1 VLAN for staff and 1 VLAN for public. The network printer, which both VLANs need access to, will be on a 3rd VLAN. Which would be better:

1. Make the printer VLAN a member of the staff and public VLANs

OR

2. Make the staff and public VLANs a member of the printer VLAN

OR

3. Do you need to make them both reciprocal

This is more general question. If any of the computers are running NetBIOS, should it be turned off? I'd like to keep this as simple as possible.

Thanks again.

Bill
 
PennLib said:
OK, thanks to all for the help. Switch should be here next week. I have 2 implementation questions.

There will be 1 VLAN for staff and 1 VLAN for public. The network printer, which both VLANs need access to, will be on a 3rd VLAN. Which would be better:

1. Make the printer VLAN a member of the staff and public VLANs

OR

2. Make the staff and public VLANs a member of the printer VLAN

OR

3. Do you need to make them both reciprocal

This is more general question. If any of the computers are running NetBIOS, should it be turned off? I'd like to keep this as simple as possible.

Thanks again.

Bill
Click to expand...

I would setup 3 vlans, one for managing the router, one for secure/staff and one for public. Put the printer on the public one I think.
 
I would setup 3 vlans, one for managing the router, one for secure/staff and one for public. Put the printer on the public one I think.
Click to expand...

I meant the question more along the lines of "Does it matter which I do first?".
Hence the:

1. Make the printer VLAN a member of the staff and public VLANs

OR

2. Make the staff and public VLANs a member of the printer VLAN


Of course in the interim period, one of the TrendNet TE100-S24 dumb switches decided to go belly up. 11 ports out of the 24 bad.

Bill
 
I know this may be a bit too late in the process, but couldn't the segmentation have been satisfied with subnetting and some static routes? If the idea is to keep the public/wifi access from accessing the staff computers, a static route could have done it, no?
 
You must log in or register to reply here.

Similar threads

ddaenen1
Do i need an IoT VLAN
2
Replies
33
Views
3K
Tech9
Tech9
P
Tutorial Subnetting isolation without a VLAN switch
Replies
6
Views
934
Justinh
J
D
Capturing inbound/outbound traffic that was (somewhat) split through two interfaces with tcpdump
Replies
5
Views
993
drmnsamoliu
D
A
WAX630E: VLANs Not Behaving Correctly
Replies
1
Views
1K
Ashkaan
A
RMerlin
  • Locked
Beta Asuswrt-Merlin 3006.102.1 Beta is now available for WIfi 7 devices
3 4 5
Replies
97
Views
14K
RMerlin
RMerlin
Similar threads
Thread starter Title Forum Replies Date
P vlan hardware Other LAN and WAN 24

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Members online

Total: 589 (members: 26, guests: 563)
Top