Good Evening.
I need some help with a simple network configuration:
I actually have one physical LAN including a shared printer, a shared gateway/firewall (Cisco) for internet access, two Access Points all connected via a D-LINK DGS 1210 24 ports.
I'd like to create two VLANs, as two different companies are using the same LAN and pcs of each company can see the other company ones, but they need to both have access to the printer, the gateway/dhcp (192.168.2.1) and one access point each.
I was thinking about this setup:
VLAN 1: ports of Company 1 + printer port + router port + access point 1 port
untagged – ports of company 2 not member
VLAN 2: ports of Company 2 + printer port + router port + access point 2 port untagged – ports of company 1 not member
Is it a correct configuration?
Step 2: PVID: how do I configure PVID of the shared ports (printer and Router)?
I mean, e.g., if port 3 belongs to company 1 it will be PVID=1, but what about PVID for shared ports, e.g. number 16 (the router port)? If i set PVID= 2 company 2 (VLAN 2) will be able to access the internet via the router but not company 1…
Thanks in advance for the support.
Best Answer
Interfaces that have multiple VLANs are trunks. You can configure a trunk to a router, but you will need to use subinterfaces on the router. Most end-devices, e.g. printers, don't understand VLAN tagging on trunks. Some servers can be configured to use VLAN tagging and trunks.
You will either need to use separate printers, or you will need to configure routing between the VLANs (default on a router). If you want to restrict everything between the VLANs, except the printer, you will need to create ACLs to block everything, except the printer.
This is a fairly common configuration.