In this article, we will focus on setting up VLANs for Alta Labs switches. This process will work on all Alta Labs switches.
If you are wondering why you might want to set up switches, please stay tuned to our Knowledgebase as we'll have an article posted soon that covers the pros and cons of using VLANs.
Let's Get Started
You'll want the switch powered on and managed in a controller. The process will be the same on our cloud hosted controller, Control (the hardware appliance hosting our controller), as well as the self-hosted options of Docker and LXD.
It's important to note that, generally speaking, VLANs terminate at the router. We strongly recommend that you configure the router for the desired VLAN number on the correct interface along with DHCP for that VLAN (if desired) to ensure minimal disruption to the network. We also highly recommend setting DHCP Lease Times on all pertinent subnets to a low value, such as 1-2 minutes. This will allow you to make changes and see them reflected in 1-2 minutes. If you have a device on the network with a 12 hour lease, then change the VLAN (which, in turn, changes the subnet), then you will need to reboot the device, cycle the link on that device, or wait a minimum of 6 hours for the DHCP half life to renew.
- To ensure the best performance, please verify that your switch is up to date on firmware.
- Once the switch has updated, if applicable, start by clicking the icon of the switch to bring up the switch configuration pane
- On the switch configuration pane, there are 2 main areas of focus relating to VLANs.
The Green box is a VLAN drop down selector. Changing this dropdown to another VLAN will allow you to make VLAN specific changes on this switch.
The Yellow + icon allows you to add a new VLAN to the switch - We're going to click the + icon to add the VLAN 10 to this switch
Make sure to use the same VLAN number that was configured on your router, VLAN numbers are how routers, switches, and APs tag or untag data in transit
The Note field can be empty, but is a useful option to keep track of what VLAN is intended for what audience
Optionally, you may choose to enable IGMP Snooping. If there is a fair amount of streaming on the network where one source is sent to multiple devices on the network, IGMP Snooping can be leveraged to drastically reduce the traffic load on the network. AVPro Edge, Dante, Sonos, etc. are all great examples of where IGMP Snooping should be used
Don't forget to click Save - Now if you return to the VLAN dropdown, you'll see VLAN 10 as an option and if you select it, you'll see how the ports are tagged for VLAN 10.
Note that every interface now has a T inside a purple circle, compare that to the U in the white circle when we have VLAN 1 selected
The U in a white circle means that the selected VLAN is Untagged for that specific port
The T in a purple circle means that the selected VLAN is Tagged for that specific port
In this configuration, we could, for example, configured an AltaPass or a new SSID for the AP plugged into interface #1, tag it with VLAN 10 and the traffic will pass and be tagged appropriately.
With only that change being implemented, the AP itself will still be on VLAN 1 because interface #1 is still Untagged for VLAN 1 - Let's change that, let's put that AP on VLAN 10. Start by clicking the interface, this will bring up that specific interface's configuration. We'll select the Native VLAN option and set it to Custom -> 10
and click Save
This is a great example of not heeding the earlier warning of changing DHCP Lease Times. Now that I've clicked Save, the original IP address shown in the GIF above for the AP is no longer responding to pings because the VLAN rules do not allow for that. Luckily, because I'm using an Alta switch, I can simply power cycle the AP from the switch to force the AP to refresh its IP configuration:
And when the AP comes back online, it has the IP address of 192.168.20.8 which is appropriate for the VLAN & DHCP configuration in the router.
It's important to note that VLAN and subnet have no correlation to each other. In this example, VLAN 10 maps to 192.168.20.0/24 in my router. For practical purposes, VLAN numbers can range from 1 to 4094, although this will vary depending on vendor. For example, Alta supports the full range of VLANs, practically 1-4096. - We can take this a step further because, at this point, a client could plug into interface #1, have their network interface configured for VLAN 1, plug in and be on VLAN 1, which may be a security concern in your network. We have an easy fix, though! Return to the interface configuration and set the Allowed VLANs to only your desired VLAN, in our example, that's VLAN 10:
Don't forget to click Save
Now that we've configured the switch properly, only VLAN 10 traffic will flow through interface #1, all other traffic will be dropped.
Comments
0 comments
Article is closed for comments.