Jerry3
asked on
2 vlans connecting to router (internet), how?
Hi there
I have a NetGear GS716T and a 108T 8 port switch, both are smart switches. I can use vlan on themm. I am new to this but I managed to connect using port based vlan.
What I want to do in the first place:
I would just like to have 2 vlans for my computers that don't see each other. Both vlans can have access to internet (port 16 of GS716T is connected to Drytek Vigor 2950 router) and to a NAS server (port 15).
vlan0 has ports 1-8 and vlan1 has ports 9-14.
Using port based vlan it is easy, I just make vlan0 select ports 1-8 and 14-15 and in vlan1 I select ports 9-16. Both vlans have access to internet and nas and they can not see each other.
Now that I have another switch 108T the port based vlan is not very good as I can not have on this switch members from vlan1 or vlan0, but just from one vlan (depending on which port on 716T the second switch is plugged, if I plug it in 1-8 then all the 108t is vlan0 from 9-14 it is vlan1.
Everything understandable up to here. I wanted to make a tag based vlan, but here I have a problem. I can not set the 2 vlans to access to shared lan and internet router. If the PVID setting of the internet (port 16) is 1 (vlan0) than it works for this vlan, but not for the other. I tried setting on vlan0 the port 16 to be untagged and on vlan1 to be tagged but same thing. port 16 is still unreachable to the members of vlan1 ( the ports that have default PVID of 2)...
I read about layer 3 switches I don't have one. Is there any solution to this? tag based vlan should be more flexible, why can't I do samer thing as with port based vlan?
I know, I can move all the vlan1 members to one switch and the others to the other, but I still like to hear a solution, as I really would like to mix on priority on switches not location.
Yours
Jerry
PS - All my computers and everything is on the same subnet, 192.168.0.x.
I have a NetGear GS716T and a 108T 8 port switch, both are smart switches. I can use vlan on themm. I am new to this but I managed to connect using port based vlan.
What I want to do in the first place:
I would just like to have 2 vlans for my computers that don't see each other. Both vlans can have access to internet (port 16 of GS716T is connected to Drytek Vigor 2950 router) and to a NAS server (port 15).
vlan0 has ports 1-8 and vlan1 has ports 9-14.
Using port based vlan it is easy, I just make vlan0 select ports 1-8 and 14-15 and in vlan1 I select ports 9-16. Both vlans have access to internet and nas and they can not see each other.
Now that I have another switch 108T the port based vlan is not very good as I can not have on this switch members from vlan1 or vlan0, but just from one vlan (depending on which port on 716T the second switch is plugged, if I plug it in 1-8 then all the 108t is vlan0 from 9-14 it is vlan1.
Everything understandable up to here. I wanted to make a tag based vlan, but here I have a problem. I can not set the 2 vlans to access to shared lan and internet router. If the PVID setting of the internet (port 16) is 1 (vlan0) than it works for this vlan, but not for the other. I tried setting on vlan0 the port 16 to be untagged and on vlan1 to be tagged but same thing. port 16 is still unreachable to the members of vlan1 ( the ports that have default PVID of 2)...
I read about layer 3 switches I don't have one. Is there any solution to this? tag based vlan should be more flexible, why can't I do samer thing as with port based vlan?
I know, I can move all the vlan1 members to one switch and the others to the other, but I still like to hear a solution, as I really would like to mix on priority on switches not location.
Yours
Jerry
PS - All my computers and everything is on the same subnet, 192.168.0.x.
By trunking the two switches, you can continue to use port-based VLAN-ing...
It will simply be one big 48 port switch; instead of a 24 + 24.
If you have managed switches, I would strongly encourage you to use some redundant links between the two switches and also use channel bonding; not just trunking.
This way, your inter-switch link would be N times as fast as a single link.
It will simply be one big 48 port switch; instead of a 24 + 24.
If you have managed switches, I would strongly encourage you to use some redundant links between the two switches and also use channel bonding; not just trunking.
This way, your inter-switch link would be N times as fast as a single link.
ASKER
Hm, thank you both but... it seems I am too "newbie" to really understand what you are saying to me :-((((
I connected switched using port 1 on switch 1 to port 1 on switch 2. Now both switches work without trunking as one big switch... I though I need trunking if I want to make redundant connections as you told me.
Anyway, this "one big switch" has a bad flaw :-( From my management web page I can only access the first switch 16 ports obviously, not the 8 ports of the other switch. So how can I set the second switch port 2 to be on vlan0 and port 3 to be on vlan1? I can only access port 0 on my first switch to be vlan0 and that way all the 8 ports in switch2 will be vlan0 also... Am I missing something here?
How do I switch the port to access mode?
I connected switched using port 1 on switch 1 to port 1 on switch 2. Now both switches work without trunking as one big switch... I though I need trunking if I want to make redundant connections as you told me.
Anyway, this "one big switch" has a bad flaw :-( From my management web page I can only access the first switch 16 ports obviously, not the 8 ports of the other switch. So how can I set the second switch port 2 to be on vlan0 and port 3 to be on vlan1? I can only access port 0 on my first switch to be vlan0 and that way all the 8 ports in switch2 will be vlan0 also... Am I missing something here?
How do I switch the port to access mode?
ASKER
<quote> Set the port to your modem and the port to your NAS on both vlans (1 and 0) in access mode. </quote>
That's the problem, I can only set ports to untagged or tagged or not available :-( I did set both to be U or both to be T or one U and one T but I can still only connect from vlan0 to the net, not from vlan1 (this is because I set up PVID for modem and NAS to be vlan0. But I can not set both here, just one Vlan ID is permitted.
That's the problem, I can only set ports to untagged or tagged or not available :-( I did set both to be U or both to be T or one U and one T but I can still only connect from vlan0 to the net, not from vlan1 (this is because I set up PVID for modem and NAS to be vlan0. But I can not set both here, just one Vlan ID is permitted.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
"tagged and untagged" are equivilent to "access and trunk"
just set all of your ports to untagged; then; set your trunk port to tagged.
Set your tagged port to use both 0 and 1 vlans.
Set your untagged port connected to your NAS or modem to use both vlans.
Set the rest to use which ever they should be.
just set all of your ports to untagged; then; set your trunk port to tagged.
Set your tagged port to use both 0 and 1 vlans.
Set your untagged port connected to your NAS or modem to use both vlans.
Set the rest to use which ever they should be.
as for the management interface, you will still need to access each switches management interface separately
the switches will not "merge", but simply act as a team to accomplish the general switching goal.
the switches will not "merge", but simply act as a team to accomplish the general switching goal.
redrawn;
Any of the blue ports are one big virtual switch; any of the yellow are one big virtual switch; ignore green. obviously it has to be there, but green is the technical implementation of the yellow/blue logicial diagram
trunked-switches.png
Any of the blue ports are one big virtual switch; any of the yellow are one big virtual switch; ignore green. obviously it has to be there, but green is the technical implementation of the yellow/blue logicial diagram
trunked-switches.png
ASKER
Thank you very much for all your trouble. It is the same config as I thought but it doesn't work for me.
Let me explain... for now let's put aside the switch 2 (8 port one), let's say I only have 1 switch (16 port one). Ok, I wouldn't need to use the IEEE802.1Q vlan then but let's just pretend ;-)
I have 16 ports, port 15 is NAS and port 16 is Internet router.
I want computers from ports 1-13 on vlan0 (ID=1 - default) and I want computer on port 14 to be separated on vlan1 (ID=2).
I select IEEE 802.1Q VLAN, my setting now are like this: VLAN management has all ports selected except port 13. They are selected as Untagged.
NAS and Internet are also selected as Untagged (port 15-16).
On vlan1 (ID=2) I have selected only port 13, 14 and 15, all of them untagged.
The last setting is the PVID for ports (this is some kind of default value). All the ports have PVID=1 except port 13 has PVID=2.
Now my problem is I can not access the router (port 16) using computer on port 13. I guess this has something to do with PVID=2 on port 13 and PVID=1 on port 16. But I can not set PVID to 1 and to 2. But from my understanding if one is not using trunk with the other switch it is irrelevant for Untagged ports what this value is. Apparently it is not.
If I set another PVID od let's say computer on port 1 to ID=2 then this computer can see my 13 port computer but they can not see the internet (port 16).
I have confused my problem I think with 2 switches. My problem starts with a SINGLE switch. I can not get 2 vlans to have access to port 16 (internet), I have access to this port only from vlan0 (because PVID setting is set to ID=1 and that's vlan0).
Using port based VLAN this problem does not exists, but I can not use port based VLAN between 2 switches then :-(
I am not sure if you understand, my English is not my first language.
1. Vlan1
Let me explain... for now let's put aside the switch 2 (8 port one), let's say I only have 1 switch (16 port one). Ok, I wouldn't need to use the IEEE802.1Q vlan then but let's just pretend ;-)
I have 16 ports, port 15 is NAS and port 16 is Internet router.
I want computers from ports 1-13 on vlan0 (ID=1 - default) and I want computer on port 14 to be separated on vlan1 (ID=2).
I select IEEE 802.1Q VLAN, my setting now are like this: VLAN management has all ports selected except port 13. They are selected as Untagged.
NAS and Internet are also selected as Untagged (port 15-16).
On vlan1 (ID=2) I have selected only port 13, 14 and 15, all of them untagged.
The last setting is the PVID for ports (this is some kind of default value). All the ports have PVID=1 except port 13 has PVID=2.
Now my problem is I can not access the router (port 16) using computer on port 13. I guess this has something to do with PVID=2 on port 13 and PVID=1 on port 16. But I can not set PVID to 1 and to 2. But from my understanding if one is not using trunk with the other switch it is irrelevant for Untagged ports what this value is. Apparently it is not.
If I set another PVID od let's say computer on port 1 to ID=2 then this computer can see my 13 port computer but they can not see the internet (port 16).
I have confused my problem I think with 2 switches. My problem starts with a SINGLE switch. I can not get 2 vlans to have access to port 16 (internet), I have access to this port only from vlan0 (because PVID setting is set to ID=1 and that's vlan0).
Using port based VLAN this problem does not exists, but I can not use port based VLAN between 2 switches then :-(
I am not sure if you understand, my English is not my first language.
1. Vlan1
This:
PC1->Port1
Internet->Port2
PC2->Port3
Vlan1->Port1 + 2
Vlan2->Port2 + 3
wont work.
You need to use layer 3 (IP routing) to do this.
Simply stated, layer 2 is not capable of doing what your wanting it to do... unless i'm misunderstanding you.
What you should do at this point is this: (image).
Put in a VLAN-capable router and do the "router on a stick" layout. google it; its a standard layout.
Separate your IP addressing schemes (use 192.168.0.x for almost all of your computers; use 192.168.1.x for the pc in port 13).
router-on-a-stick.jpg
PC1->Port1
Internet->Port2
PC2->Port3
Vlan1->Port1 + 2
Vlan2->Port2 + 3
wont work.
You need to use layer 3 (IP routing) to do this.
Simply stated, layer 2 is not capable of doing what your wanting it to do... unless i'm misunderstanding you.
What you should do at this point is this: (image).
Put in a VLAN-capable router and do the "router on a stick" layout. google it; its a standard layout.
Separate your IP addressing schemes (use 192.168.0.x for almost all of your computers; use 192.168.1.x for the pc in port 13).
router-on-a-stick.jpg
ASKER
Yes that is what I wanted... That is what I can do with primitive port based vlan with no problem?!
Trunking works from 2 switches I just tested it. But as I said, the networks are strictly separated (not like using port based vlan) and I can not make a port "lives" in 2 vlans, so one vlan can not access my NAS and internet ;-(
Should I use port based vlan and move all the computers in vlan0 to switch 1 and all the computers on vlan2 to switch 2 :-/ ?
I'll try to use the router combination. My Dratek Vigor 2950 is I guess a powerfull router and can also do vlan. I was even thinking to put one switch to one router LAN port (it has 4) and the other to the other port, maybe this is the way to go.
It is stil beyond my knowledge why port based vlan can have "shared port" and the more powerfull tagged based one can not :-( and the networks have to be separated completely (no shared resources).
Is this router combination much stress to the router?
Trunking works from 2 switches I just tested it. But as I said, the networks are strictly separated (not like using port based vlan) and I can not make a port "lives" in 2 vlans, so one vlan can not access my NAS and internet ;-(
Should I use port based vlan and move all the computers in vlan0 to switch 1 and all the computers on vlan2 to switch 2 :-/ ?
I'll try to use the router combination. My Dratek Vigor 2950 is I guess a powerfull router and can also do vlan. I was even thinking to put one switch to one router LAN port (it has 4) and the other to the other port, maybe this is the way to go.
It is stil beyond my knowledge why port based vlan can have "shared port" and the more powerfull tagged based one can not :-( and the networks have to be separated completely (no shared resources).
Is this router combination much stress to the router?
ASKER
So to say: this works: http://kb.netgear.com/app/answers/detail/a_id/11673/kw/trunking/r_id/100109
But then I can not make a shared port, like a port to connect to my router and access the net.
But what if I join switches together using router LAN ports? Mybe then both vlans could talk to the internet, but I guess still not both see my NAS.
But then I can not make a shared port, like a port to connect to my router and access the net.
But what if I join switches together using router LAN ports? Mybe then both vlans could talk to the internet, but I guess still not both see my NAS.
Set those ports to permit both vlans (1 and 0).
Set the port to your modem and the port to your NAS on both vlans (1 and 0) in access mode.
Set the port to one of your computers to access mode, VLAN1
Set the port of one of your computers to access mode, VLAN0
Basicly, for the link between the 2 switches, you want trunking mode, not access mode.