cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
New Contributor

Creating subinterfaces for VLANs

Jump to solution

Goal: Create VLANs to separate wifi and wired traffic.

Equipment: 1234 switch and 3430 router.

Where I'm at: 

  • Created VLANs 1 and 2 on the switch. 
  • Assigned switchports to their approiate VLANs
  • Changed switchport connecting to the router to trunk mode. 
  • Changed router's interface encapsulation to 802.1q
  • Created a sub-interface for each VLAN (eth 0/1.1 and eth 0/1.2)
  • assigned VLANs 1 and 2 to their respective sub-interface (using vlan-id)
  • assigned IP addresses (with subnet mask) on different subnets to the sub-interfaces
  • 'no shutdown' on the interface and sub-interfaces

As I understand it, these steps are sufficient to set up two VLANs.  However, I could not access the router or ping the sub-interfaces from either VLAN (using a pc assigned a static ip address on the VLAN's subnet and connected to the appropriate VLAN port). Is there something I'm missing?

Thanks.

1 Solution

Accepted Solutions
Highlighted
Contributor
Contributor

Re: Creating subinterfaces for VLANs

Jump to solution

Dear halgrind,

Yeah you could achieve that by using ACL's in which you can define that the segment of the WiFi clients is not permited to access your wired VLAN.

Thanks,

View solution in original post

0 Kudos
5 Replies
Highlighted
Contributor
Contributor

Re: Creating subinterfaces for VLANs

Jump to solution

Hi!,

Can you post the extract of your configuration without sensitive information. A first clue that I have is how's the firewall working!? did you apply rules on private interfaces for allow communication!?

Do you assign switchports correctly on the NV1234?

If you attach the configuration files would be more easily identify the issue.

Thanks,

David

Highlighted
New Contributor

Re: Creating subinterfaces for VLANs

Jump to solution

Thanks, I did not think about the firewall.

I applied the existing "private" security zone to both and it's working.

However, I'd like to separate the traffic if possible.  Guests can access the wifi and I'd like to keep the wired VLAN secure.  How would I set up the firewall to do this?

Highlighted
Contributor
Contributor

Re: Creating subinterfaces for VLANs

Jump to solution

Dear halgrind,

Yeah you could achieve that by using ACL's in which you can define that the segment of the WiFi clients is not permited to access your wired VLAN.

Thanks,

View solution in original post

0 Kudos
Highlighted
Anonymous
Not applicable

Re: Creating subinterfaces for VLANs

Jump to solution

- I went ahead and flagged this post as “Assumed Answered.”  If any of the responses on this thread assisted you, please mark them as either Correct or Helpful answers with the applicable buttons.  This will make them visible and help other members of the community find solutions more easily.  If you still need assistance, I would be more than happy to continue working with you on this - just let me know in a reply.

Thanks,

Noor

Highlighted
Anonymous
Not applicable

Re: Creating subinterfaces for VLANs

Jump to solution

I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post and unmark it and select another in its place with the applicable buttons.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

Thanks,

Noor