T

9 Messages

 • 

152 Points

Mon, Aug 9, 2021 10:01 PM

How to set up VLAN with new Ruckus hardware

Hi everyone,

we just built a house and we have the following network components:

  • Netgear R7800 router with OpenWRT

  • Ruckus ICX7150-C12P switch

  • 2x Ruckus R320 APs (one on each level)

I am completely new to Ruckus, VLANs and OpenWRT. My target is to have two VLANs, one for IOT/HomeKit components (we will go with Apple HomeKit for home automation) and the other one for laptops. Both VLANs should be independently from another with the exception of Homekit and Homebridge (I run Homebridge on a QNAP NAS). I also want to be able to limit the internet access for single IOT components for privacy purposes.

In a second step I would like to channel selected components through Wireguard VPN on the router.

What have I done so far:

1. Got the setup working without VLANs etc.

2. Set up the separate Wi-Fis (one for default and one for IOT).

3. I gave the IOT W-Fi the VLAN ID 2 and the default one has 1 by default.

4. I tagged the ports for the APs and the one for the router as tagged in VLAN 2 and left them as untagged in VLAN 1.

This is where the problems starts and I am stuck. VLAN 2 components do not have access to the internet anymore. I already watched a bunch of videos and read through the forum, but I was not able to get it set up properly. It would be great, if you guys could enlighten me some.

Thanks a lot in advance!

14 Messages

 • 

192 Points

2 m ago

Hello Thomas,

Which firmware are you using on Ruckus APs, try using unleashed.

Try as below

A

1: Configure the VLANs on the ICX7150 Switch(Vlan 1 and Vlan 2).

2: Configure SSIDs on the unleashed AP and map to newly created vlans as needed.

3: In the OpenWRT router firmware configure routing for the new vlans created on the switch for communication.

(edited)

9 Messages

 • 

152 Points

@Vijay_Kuniyal Thanks! Can you add a little more detail on how I execute those steps?

I am using unleashed, but the VLAN config is in the switch config

(edited)

14 Messages

 • 

192 Points

@thomas_engelmann

1: Use this doc for vlan mapping to the SSID.

https://docs.commscope.com/bundle/unleashed-200.9-onlinehelp/page/GUID-13F1D151-3C8F-418E-AE52-085924715CE4.html

a: Create WLAN>>>Show Advanced Options>>>WLAN Priority>>>Access VLAN (Enter VLAN ID)

2: For Switch Config

Use this guide, first verify the software version on the ICX for support as well.

https://docs.commscope.com/bundle/fastiron-09000-l2guide/page/GUID-10ADCCC3-0D45-43EE-951E-F3C649A8CF92.html 

This video explains, how you can do inter vlan routing on the switch.
https://www.youtube.com/watch?v=fpicvYXWRhU 


(edited)

9 Messages

 • 

152 Points

2 m ago

@Vijay_Kuniyal Thanks!

I still have issues with tagging the VLANs.

I have the two VLANs created, but am struggling with tagging (or not) the ports correctly.

1/1/2 and 1/1/4 are my AP ports, so I assume I need to tag them into both VLANs and leave them as untagged in the default VLAN?

1/1/1 is my "uplink" port to the router. I left it as untagged in VLAN 1 and added it as tagged to VLANs 2 and 3.

With this configuration only the default VLAN has internet connection. How do I need to do the tagging, so that for now all 3 VLANs have the internet connection through 1/1/1?

Thanks again!

(edited)

14 Messages

 • 

192 Points

@thomas_engelmann 

Question: 1/1/2 and 1/1/4 are my AP ports, so I assume I need to tag them into both VLANs and leave them as untagged in the default VLAN?

Answer: Keep them tagged with both vlans 2 and 3.

Question:1/1/1 is my "uplink" port to the router. I left it as untagged in VLAN 1 and added it as tagged to VLANs 2 and 3.


Answer: remove tag on it, keep it untagged in vlan 1.

Add a default-route on the Switch pointing to the Netgear IP(Gateway).

9 Messages

 • 

152 Points

2 m ago

@Vijay_Kuniyal Thanks again. I have tried this with the following result:

SSH@ICX7150-C12-Switch(config-vlan-2)#show ip

     Switch IP address: 192.168.1.155  

           Subnet mask: 255.255.255.0  

Default router address: 192.168.1.1    

   TFTP server address: 192.168.1.1    

Configuration filename: None

        Image filename: None

            DNS Server: 192.168.1.1

                IP MTU: 1500

This looks good, but still no internet connection. My assumption is that there is no DHCP provided to the VLAN. Do I need to configure that separately?

14 Messages

 • 

192 Points

Hello @thomas_engelmann,

Yes, you need DHCP, hope you have below config on the Switch.

Switch Config.

vlan 2 Home_Network
router-interface ve 2
tag e1/1/2, 1/1/4

interface ve 2
ip adress 192.168.2.1/24

vlan 3 IOT_Network
router-interface ve 2
tag e1/1/2, 1/1/4

interface ve 3
ip adress 192.168.3.1/24


ip dhcp-server pool HOME_NETWORK
network 192.168.2.0 255.255.255.0
exclude-address 192.168.2.1 192.168.2.10

ip dhcp-server pool IOT_NETWORK
network 192.168.3.0 255.255.255.0
exclude-address 192.168.3.1 192.168.3.10

ip route 0.0.0.0 0.0.0.0 192.168.1.1

9 Messages

 • 

152 Points

@Vijay_Kuniyal I did not create any router-interfaces, but will do that now - thanks! 

9 Messages

 • 

152 Points

@Vijay_Kuniyal I had to install the router image first. I did that and now I will work on what you recommended above. Thanks again!

9 Messages

 • 

152 Points

OK, I got the router image installed and "working" - baby steps. Still issues:

1. I cannot log into the switch with ssh anymore. The serial port works well, but is in another room. Would like to log-in via any ssh device again

2. I added the interface that @vijay recommended, but still no internet. I assume still an DHCP issue, as the DHCP server runs on the OpenWRT router. I already added the router as the ip route to the VLAN, so not sure which problem remains.

3. Internet is slower than before now in VLAN 1. I assume something is wrong with the routing, although I did not change something there, as I wanted to have one network untouched and working.

Thanks again!

14 Messages

 • 

192 Points

Hi Thomas,


Problem 1: 


Use this 

vlan 1 Route
router-interface ve 1
tag "interface connecting to wrt"

interface ve 1
ip adress 192.168.1.X/24

Try to SSH this IP and see it if works, once you will be able to ping  the switch from WRT network.

once problem 1 is solved.

2: Config the DHCP on the switch just to verify if you are getting IP address on the SSIDs.

Vijay Kuniyal

9 Messages

 • 

152 Points

1 m ago

It seems like I got everything set up properly now. There was also quite a big portion of config necessary on the OpenWRT router side necessary.

@Vijay_Kuniyal Thanks so much for your help!

14 Messages

 • 

192 Points

Important Announcement