---------------------switch config---------------------
module 2 type J9033A
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
untagged A1-A24,B1-B24,C1-C24,D1-D24,E1-E23
no untagged E24
exit
vlan 2
name "Guest"
untagged B18
tagged A1-A24,B1-B24,C1-C24,D1-D24,E1-E23
exit
vlan 10
name "management"
ip address 10.0.10.1 255.255.255.0
untagged E24
exit
management vlan 10
1-ip routing must have disable with no ip routing command)
2-no needed ip default gateway command
3-no needed ip helper-address
4-all port untag vlan 1 and tag vlan 2 for flexible
access point connection
5-interface e24 only switch managemet with 10.0.10.0 network
6-add "management vlan 10" command for better securiy switch logon
telnet or wen only this port
7-no need vlan 1 and vlan 2 ip address
so we make strongly sperate two vlan
8-access point configuration will remain the same
and you can connect any port
--------------------firewall config--------------------
firewall configuration will remain the same
only added two dhcp scobe
for 10.14.0.0 network
for 10.15.0.0 network
scobe 1 default gateway address
for 10.14.0.0 must have 10.14.40.254
scobe 2 default gateway address
for 10.15.0.0 default gateway 10.15.10.253
and deny lan to lan routing between interface 0/0 and 0/3
in this way we use access list on firewall:)
your swich role only L2 on network
most secure and easy config
please test
cenk
