5 Replies Latest reply on Feb 20, 2013 12:50 PM by noor

    Creating subinterfaces for VLANs

    halgrind New Member

      Goal: Create VLANs to separate wifi and wired traffic.

       

      Equipment: 1234 switch and 3430 router.

       

      Where I'm at: 

      • Created VLANs 1 and 2 on the switch. 
      • Assigned switchports to their approiate VLANs
      • Changed switchport connecting to the router to trunk mode. 
      • Changed router's interface encapsulation to 802.1q
      • Created a sub-interface for each VLAN (eth 0/1.1 and eth 0/1.2)
      • assigned VLANs 1 and 2 to their respective sub-interface (using vlan-id)
      • assigned IP addresses (with subnet mask) on different subnets to the sub-interfaces
      • 'no shutdown' on the interface and sub-interfaces

       

      As I understand it, these steps are sufficient to set up two VLANs.  However, I could not access the router or ping the sub-interfaces from either VLAN (using a pc assigned a static ip address on the VLAN's subnet and connected to the appropriate VLAN port). Is there something I'm missing?

       

      Thanks.

        • Re: Creating subinterfaces for VLANs
          dcorrea Visitor

          Hi!,

           

          Can you post the extract of your configuration without sensitive information. A first clue that I have is how's the firewall working!? did you apply rules on private interfaces for allow communication!?

           

          Do you assign switchports correctly on the NV1234?

           

          If you attach the configuration files would be more easily identify the issue.

           

          Thanks,

           

          David

            • Re: Creating subinterfaces for VLANs
              halgrind New Member

              Thanks, I did not think about the firewall.

               

              I applied the existing "private" security zone to both and it's working.

               

              However, I'd like to separate the traffic if possible.  Guests can access the wifi and I'd like to keep the wired VLAN secure.  How would I set up the firewall to do this?

                • Re: Creating subinterfaces for VLANs
                  dcorrea Visitor

                  Dear halgrind,

                   

                  Yeah you could achieve that by using ACL's in which you can define that the segment of the WiFi clients is not permited to access your wired VLAN.

                   

                  Thanks,

                    • Re: Creating subinterfaces for VLANs
                      Employee

                      halgrind - I went ahead and flagged this post as “Assumed Answered.”  If any of the responses on this thread assisted you, please mark them as either Correct or Helpful answers with the applicable buttons.  This will make them visible and help other members of the community find solutions more easily.  If you still need assistance, I would be more than happy to continue working with you on this - just let me know in a reply.

                       

                      Thanks,

                      Noor

                        • Re: Creating subinterfaces for VLANs
                          Employee

                          I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post and unmark it and select another in its place with the applicable buttons.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

                           

                          Thanks,

                          Noor