Netgear GS748T - setting up several VLAN's but having DHCP broadcasting across all ports
I have a Netgear GS748T switch with 25 different VLAN's - eventually I want each VLAN to be on a different IP range but that isn't a priority for now. I have configured the VLAN's using 802.1Q (rather than port-based) and mapped the appropriate ports to them, but when I connect a DHCP server to the switch, none of the devices are picking up addresses.
There is one page on the Netgear for configuring VLANS - e.g. VLAN 5 has ports 1,2,3 assigned to it; but there is also a separate page for PVID's which is confusing me - ports 1,2,3 also have to belong to PVID 5 for them to be grouped together. Each port on the switch can only belong to one PVID. Even when I created the VLANS and assigned port memberships, any devices I plugged in weren't separated from each other until I went to the PVID page and assigned them there.
The documentation from Netgear isn't very helpful. I'm also confused by the 'T,' 'U' and blank boxes on the VLAN as to what difference they make. What VLAN membership, and what PVID mapping, do I configure to allow all ports to be separate but still see a single DHCP server?
There is one page on the Netgear for configuring VLANS - e.g. VLAN 5 has ports 1,2,3 assigned to it; but there is also a separate page for PVID's which is confusing me - ports 1,2,3 also have to belong to PVID 5 for them to be grouped together. Each port on the switch can only belong to one PVID. Even when I created the VLANS and assigned port memberships, any devices I plugged in weren't separated from each other until I went to the PVID page and assigned them there.
The documentation from Netgear isn't very helpful. I'm also confused by the 'T,' 'U' and blank boxes on the VLAN as to what difference they make. What VLAN membership, and what PVID mapping, do I configure to allow all ports to be separate but still see a single DHCP server?
ASKER
Thanks Rick for the info on the different tag types. Explains it a bit better than Netgear's attempt. The GS748T will be connected to a Cyberoam CR50i router/firewall - I have to get a more detailed look through this device to see what it can and can't do.
What I have is a serviced office with several tenants - I want each tenant to be on their own separate network but still all be able to see a single DHCP server, so I would imagine I will have to create several sub-interfaces on the Cyberoam if this is possible - each tenant being given addresses like 10.0.100.x, 10.0.101.x, 10.0.102.x etc. I am not on-site until next week to see, but does the Cyberoam have a way of interpreting VLAN tags? I.e. all requests from a particular VLAN number get assigned to one of these particular subnets?
What I have is a serviced office with several tenants - I want each tenant to be on their own separate network but still all be able to see a single DHCP server, so I would imagine I will have to create several sub-interfaces on the Cyberoam if this is possible - each tenant being given addresses like 10.0.100.x, 10.0.101.x, 10.0.102.x etc. I am not on-site until next week to see, but does the Cyberoam have a way of interpreting VLAN tags? I.e. all requests from a particular VLAN number get assigned to one of these particular subnets?
Yes that device does support 802.1q VLANs. So this is a case where your switch port connected to the router would be tagged for each of the VLANs and the routing would be done by the Cyberoam. The port on the router would also be tagged for each of those VLAN.
It also supports DHCP relay which is what you need to get DHCP requests from the various VLANs to the server on another VLAN.
It also supports DHCP relay which is what you need to get DHCP requests from the various VLANs to the server on another VLAN.
ASKER
Ok I'm a bit clearer on things now!
So say, on the Netgear:
port 1 is going to the Cyberoam. I'll put it in VLAN 1.
port 2,3,4 are in VLAN 2.
port 5,6,7 are in VLAN 3.
Do I keep all PVID's as 1?
In the VLAN membership, VLAN 1: all ports are left blank except for port 1 which has 'T' marked in it.
VLAN 2: all ports left blank except 2,3,4 which have 'U' marked in it.
VLAN 3: all ports left blank except 5,6,7 which have 'U' marked in it.
I am going to set the DHCP relay on the Cyberoam to point to a Windows server which is to be kept separate from all the tenants but give out IP addresses.
Am I correct with the above? This should give me something to work with on Monday!
So say, on the Netgear:
port 1 is going to the Cyberoam. I'll put it in VLAN 1.
port 2,3,4 are in VLAN 2.
port 5,6,7 are in VLAN 3.
Do I keep all PVID's as 1?
In the VLAN membership, VLAN 1: all ports are left blank except for port 1 which has 'T' marked in it.
VLAN 2: all ports left blank except 2,3,4 which have 'U' marked in it.
VLAN 3: all ports left blank except 5,6,7 which have 'U' marked in it.
I am going to set the DHCP relay on the Cyberoam to point to a Windows server which is to be kept separate from all the tenants but give out IP addresses.
Am I correct with the above? This should give me something to work with on Monday!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
That looks to have answered everything I need, and more. Thanking you in advance Rick. I will give this a go next week and let you know how I get on.
OK Good Luck.
ASKER
Rick, you are a star. I used every bit of that information! I grouped all the ports into the appropriate groups, using T and U as described, but this didn't work until I also went into the PVID section and added the ports there too.
So for example, ports 5,6, 7 (U) and 47 (T) were tagged in VLAN 3, and then in the PVID page I added ports 5,6,7 to PVID 3, and just left 47 out of all the groups. Worked a treat. And the Cyberoam has separate interfaces for each VLAN and is doing DHCP for all the devices too.
Would have taken a lot longer without your help! Thanks again.
So for example, ports 5,6, 7 (U) and 47 (T) were tagged in VLAN 3, and then in the PVID page I added ports 5,6,7 to PVID 3, and just left 47 out of all the groups. Worked a treat. And the Cyberoam has separate interfaces for each VLAN and is doing DHCP for all the devices too.
Would have taken a lot longer without your help! Thanks again.
ASKER
First class
The T means you want the port in the VLAN to be tagged which adds VLAN information to every packet. It is normally used when you need to have more than one VLAN on a port like between switches or in some situations to a router. PC’s, servers, printers etc are not normally tagged.
The U means untagged which is what you normally use for devices. It means that packets to and from that port will be in that VLAN but will not have the extra tag bits in them.
As for DHCP you normally set up a scope of addresses to be used based on the IP subnet of the devices or per mac address which you specify.
What is it you are trying to do exactly? The reason I ask is because by nature VLANs are isolated from each other and require routing to communicate. Since that is a layer 2 switch you would need an external router or layer3 switch somewhere to perform that function.