1 port per vlan across 6 switches

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered
I have a 136 unit  apt property that has 6 X440 switches, 3 in one closet and 3 in another, not stacked but  connected together. Port 1 of switch 1 is connected to the firewall that is VLAN capable. All ports are currently in the default VLAN.

This is a 55+ complex that the customer assumed that most of the tenants would use the provided wifi (c35 with 54 APs) for their internet. One port was provided for each unit in case they wanted to use for a PC. 

The complex is approx 70% occupied and over half have their own wireless router that they are using. We were only to provide the network and the wireless and not provide support to the tenants. This was a bad decision!!

We have had more than one apt plugging in Uverse/cable gateways that they brought with them, or wireless routers and plugging in the lan port of routers into the wall jack, so now there are multiple devices with DHCP handing causing all sorts of havoc.

I have meters setup and working on all of the ports for free or paid levels of service and all of that is working.

What I am trying to do now is set up each port on a separate VLAN so that each apt is isolated, but I cant seem to get this configuration figured out. The router will provide DHCP per VLAN. 

How is the best way to get this configured?
Photo of Kurt Hansen

Kurt Hansen

  • 210 Points 100 badge 2x thumb
  • Frustrated

Posted 2 years ago

  • 0
  • 1
Photo of Kevin Kim

Kevin Kim, Employee

  • 2,266 Points 2k badge 2x thumb
I would use the port isolation feature or the private VLAN to isolate ports from each other at layer 2 without creating a VLAN for each port.
Photo of Jeremy

Jeremy, Embassador

  • 9,788 Points 5k badge 2x thumb
Ditto
Photo of Kurt Hansen

Kurt Hansen

  • 210 Points 100 badge 2x thumb
Ok I will look at that.

Does port 1 that goes to the router and the ports that are linking the switches together then belong to all private VLANs?
Photo of Kevin Kim

Kevin Kim, Employee

  • 2,266 Points 2k badge 2x thumb
I think you can go with the port isolation feature first before going towards the private VLANs.

# configure ports <port_list> isolation [on|off] 
Photo of Stephen Williams

Stephen Williams, Employee

  • 8,950 Points 5k badge 2x thumb
Kurt,

Make sure you don't turn on isolation on your uplink port.  That would not be good.  Just your edge ports.

Any port in isolation mode can only talk to a port not in isolation mode
Photo of Kurt Hansen

Kurt Hansen

  • 210 Points 100 badge 2x thumb
Thank you all for the help. Looks like this was the fix.