Hope someone can help me with this.
I have a 6248 which connects all machines at site across a fibre link to our server switches elsewhere.
I have a Netgear DGFV338 router which is to be used for public wireless access. I don't want guests to get onto our network to browse the net (192.168.100.0/24)
The switch was running VLAN1 default up until last week.
I have since created a VLAN 400 on one port (connected router) with a different IP range (10.10.10.0/24) and trunked this across the fibre link and allowed both VLAN 1 and 400.
The problem i have is that the Netgear router is responding to DHCP requests which i can only presume is being broadcast from the switch as no other routing is in place. The connection from the switch here goes over the trunk to the other 6248 in the datacentre which also has the same port configured with VLAN 400. This port is then connected directly to a Sonicwall interface ready for outbound service however this is not configured yet.
I might have missed something easy here but it though VLANS were indeed separate broadcast domains and thus DHCP requests coming from the 192.168.100.0 (VLAN1) network should not get to the router sitting in VLAN400 10.10.10.0.
I have posted my switch config below if anyone cane help.
I have truncated the config due to 5 stack members.
Many Thanks
S
!Current Configuration:
!System Description "PowerConnect 6248P, 2.2.0.3, VxWorks5.5.1"
!System Software Version 2.2.0.3
!
configure
vlan database
vlan 400
exit
hostname "SW_Ch"
sntp unicast client enable
sntp server 192.168.100.10
stack
member 1 5
member 2 5
member 3 2
member 4 5
member 5 2
exit
ip address 192.168.100.9 255.255.255.0
ip name-server 192.168.100.10
ip name-server 192.168.100.11
logging web-session
logging file warning
logging 192.168.100.34
level notice
exit
logging 192.168.100.44
level notice
exit
ip routing
interface vlan 400
name "Public WLAN"
routing
ip address 10.10.10.1 255.255.255.0
exit
username "xxxxx" password xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx level 15 encrypted
username "xxxxx" password xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxlevel 15 encrypted
monitor session 1 destination interface 1/g27
spanning-tree mst configuration
name "xx-xx-xx-xx-xx-xx"
exit
!
interface ethernet 1/g1
spanning-tree portfast
exit
!
interface ethernet 1/g2
spanning-tree portfast
exit
!
interface ethernet 1/g3
spanning-tree portfast
exit
!
interface ethernet 1/g4
spanning-tree portfast
exit
!
interface ethernet 1/g5
spanning-tree portfast
exit
-----------------------------------------------
!
interface ethernet 2/g40
description 'Public Wireless AP VLAN'
spanning-tree portfast
switchport mode general
switchport general pvid 400
no switchport general acceptable-frame-type tagged-only
switchport general allowed vlan add 400
exit
------------------------------------------------
!
interface ethernet 2/g45
description 'Fibre connection'
spanning-tree portfast
switchport mode trunk
switchport trunk allowed vlan add 1,400
----------------------------------------------------
exit
