albion01
New Around Here
For simplification sake I am going to limit this discussion to four devices. I have a Sinicwall NSA220 Firewall/Router sitting at my gateway serving internet to the network. It contains 4 adapters. 10.0.1.0/24 (Domain Network), 10.0.15.0/24 (Wifi NEtwork), 10.0.11.0/24 (Guest Wifi Network), X.X.X.X (WAN). I've obfiscated my WAN IP to X.X.X.X for security sake. All networks are routed properly to allow communication between all three LANs and out to the internet from all three LANs.. The Sonicwall is connected to a Netgear M4100-50G 50 port Layer 2 switch. Also connect to the switch are two Asus RT-N66U routers acting as APs running Tomato Shibby 1.28 v130.
My Switch has 3 VLANS. VLAN 1 - Domain Network Ports 1-24 untagged. VLAN 15 - Internal Wifi Network ports 27-48 untagged. VLAN 11- Guest Wifi NEtwork ports 25 untagged, 26 tagged and 28-48 tagged. The PVID is set to VLAN 1 for ports 1-24, VLAN 11 for ports 25 and 26, and VLAN 15 for ports 27-48.
The router is connect to port 1 of the switch for the 10.0.1.0/24 network, port 25 for 10.0.11.0/24 and port 27 for 10.0.15.0/24. The two Asus APs are connected from port 28 and 29 on the switch to port 1 on each of the APs. WAN is disabled on both APs and the wireless mode for 2.4 GHz is set to Access Point.
On the first AP I've followed these steps.
Basic -> Network: I created a new LAN adapter called br1 and and gave it 10.0.11.15 as an IP (the br0 adapter IP is 10.0.15.15.) I also setup a DHCP range of 10.0.11.100-10.0.11.105 on the br1 adapter.
Advanced -> Virtual Wireless: I created a new interface wl0.1 with the SSID guest and set LAN1 (br1) as the Bridge.
Advanced -> VLAN: Enabled Trunk VLAN support override then rebooted.
Advanced -> VLAN: There's already a VLAN created for my 10.0.15.0/24 network on all ports untagged except for the WAN port (that's been disabled).
Advanced -> VLAN: I created a new VLAN (VID 11) for the 10.0.11.0/24 network and rebooted.
Here's where my problem starts. I need to tag the AP's VLAN 11 on port 1. When I try that it tells me I must also tag port 1 on all interfaces. The error that pops up reads, "Port 1 cannot be assigned to more then one VLAN unless frames are tagged on all VLANs Port 1 is a member" That's fine tagging port 1 for VLAN 15 should work even though my switch knows which VLAN to send untagged packets too. After I tag port 1 on VLAN 15 and reboot, the AP is unresponsive. No ping, no ssh, no telnet, no web GUI. If I move the Ethernet cable from port 1 to port 2 (or any other untagged VLAN 15 port) on the AP, packets start to flow again. I am able to get to the web UI, telnet, etc... Am I doing something fundamentally wrong in my VLAN setup across the network? Is there a problem with the Asus RT-N66u on Shibby and VLAN trunking? Any help would be greatly appreciated.
Thanks
My Switch has 3 VLANS. VLAN 1 - Domain Network Ports 1-24 untagged. VLAN 15 - Internal Wifi Network ports 27-48 untagged. VLAN 11- Guest Wifi NEtwork ports 25 untagged, 26 tagged and 28-48 tagged. The PVID is set to VLAN 1 for ports 1-24, VLAN 11 for ports 25 and 26, and VLAN 15 for ports 27-48.
The router is connect to port 1 of the switch for the 10.0.1.0/24 network, port 25 for 10.0.11.0/24 and port 27 for 10.0.15.0/24. The two Asus APs are connected from port 28 and 29 on the switch to port 1 on each of the APs. WAN is disabled on both APs and the wireless mode for 2.4 GHz is set to Access Point.
On the first AP I've followed these steps.
Basic -> Network: I created a new LAN adapter called br1 and and gave it 10.0.11.15 as an IP (the br0 adapter IP is 10.0.15.15.) I also setup a DHCP range of 10.0.11.100-10.0.11.105 on the br1 adapter.
Advanced -> Virtual Wireless: I created a new interface wl0.1 with the SSID guest and set LAN1 (br1) as the Bridge.
Advanced -> VLAN: Enabled Trunk VLAN support override then rebooted.
Advanced -> VLAN: There's already a VLAN created for my 10.0.15.0/24 network on all ports untagged except for the WAN port (that's been disabled).
Advanced -> VLAN: I created a new VLAN (VID 11) for the 10.0.11.0/24 network and rebooted.
Here's where my problem starts. I need to tag the AP's VLAN 11 on port 1. When I try that it tells me I must also tag port 1 on all interfaces. The error that pops up reads, "Port 1 cannot be assigned to more then one VLAN unless frames are tagged on all VLANs Port 1 is a member" That's fine tagging port 1 for VLAN 15 should work even though my switch knows which VLAN to send untagged packets too. After I tag port 1 on VLAN 15 and reboot, the AP is unresponsive. No ping, no ssh, no telnet, no web GUI. If I move the Ethernet cable from port 1 to port 2 (or any other untagged VLAN 15 port) on the AP, packets start to flow again. I am able to get to the web UI, telnet, etc... Am I doing something fundamentally wrong in my VLAN setup across the network? Is there a problem with the Asus RT-N66u on Shibby and VLAN trunking? Any help would be greatly appreciated.
Thanks
