- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Goal: Create VLANs to separate wifi and wired traffic.
Equipment: 1234 switch and 3430 router.
Where I'm at:
- Created VLANs 1 and 2 on the switch.
- Assigned switchports to their approiate VLANs
- Changed switchport connecting to the router to trunk mode.
- Changed router's interface encapsulation to 802.1q
- Created a sub-interface for each VLAN (eth 0/1.1 and eth 0/1.2)
- assigned VLANs 1 and 2 to their respective sub-interface (using vlan-id)
- assigned IP addresses (with subnet mask) on different subnets to the sub-interfaces
- 'no shutdown' on the interface and sub-interfaces
As I understand it, these steps are sufficient to set up two VLANs. However, I could not access the router or ping the sub-interfaces from either VLAN (using a pc assigned a static ip address on the VLAN's subnet and connected to the appropriate VLAN port). Is there something I'm missing?
Thanks.
Accepted Solutions

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Not the Solution
- Report Inappropriate Content
Dear halgrind,
Yeah you could achieve that by using ACL's in which you can define that the segment of the WiFi clients is not permited to access your wired VLAN.
Thanks,

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Accept as Solution
- Report Inappropriate Content
Re: Creating subinterfaces for VLANs
Hi!,
Can you post the extract of your configuration without sensitive information. A first clue that I have is how's the firewall working!? did you apply rules on private interfaces for allow communication!?
Do you assign switchports correctly on the NV1234?
If you attach the configuration files would be more easily identify the issue.
Thanks,
David
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Accept as Solution
- Report Inappropriate Content
Re: Creating subinterfaces for VLANs
Thanks, I did not think about the firewall.
I applied the existing "private" security zone to both and it's working.
However, I'd like to separate the traffic if possible. Guests can access the wifi and I'd like to keep the wired VLAN secure. How would I set up the firewall to do this?

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Not the Solution
- Report Inappropriate Content
Dear halgrind,
Yeah you could achieve that by using ACL's in which you can define that the segment of the WiFi clients is not permited to access your wired VLAN.
Thanks,

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Accept as Solution
- Report Inappropriate Content
Re: Creating subinterfaces for VLANs
- I went ahead and flagged this post as “Assumed Answered.” If any of the responses on this thread assisted you, please mark them as either Correct or Helpful answers with the applicable buttons. This will make them visible and help other members of the community find solutions more easily. If you still need assistance, I would be more than happy to continue working with you on this - just let me know in a reply.
Thanks,
Noor

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Accept as Solution
- Report Inappropriate Content
Re: Creating subinterfaces for VLANs
I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post and unmark it and select another in its place with the applicable buttons. If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.
Thanks,
Noor