NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

mrmabmn's avatar
mrmabmn
Aspirant
Aug 18, 2017
Solved

GS510TLP inter vlan

How do you configure the GS510TP for inter vlan communication.    I am new to VLANs, I have a single GS510TPL.  How do I configure 3 VLAN to create 3 separate networks which can communicate on the ...
Hardware
Installation
  • Hopchen's avatar
    Hopchen
    Aug 18, 2017

    Hi,

     

    I have tried to outline for you, what you need to do.

     

    1. You must add an IP addresses to each of your VLAN interfaces under "Routing" --> "VLAN" --> "VLAN Routing". You have to create the VLANs first. I think you have already do this?

     

    2. Static routes needs to be done on your Internet router for Internet access to these VLANs. You need static on your router so that the router can be made aware of the networks on the switch.

     

    3. You need a DHCP server in each VLAN as your switch does not support DHCP relay from what I know. You cannot do the DHCP from the router as it will not be aware of the VLANs on your switch and the switch itself can't do DHCP server either, I think. The alternative is of course static IP addresses. That will work, but that is a pain for a large network.


    Here is an example of a config. I am using your 3 VLANs for explanation + a VLAN used for routing to the Internet (VLAN 99). I have left VLAN 1 alone here.
    VLAN 10 = 192.168.0.0 /24
    VLAN 20 =172.16.20.0 /24
    VLAN 30 = 192.168.77.0 /24
    VLAN 99 = 192.168.99.252 /30

     

    Router IP: 192.168.99.254 /30

     

    Switch VLAN interface IPs (set these under: "Routing" --> "VLAN" --> "VLAN Routing").
    Routing VLAN 99 IP: 192.168.99.253 /30
    VLAN 10 IP: 192.168.0.250 /24
    VLAN 20 IP: 172.16.20.250 /24
    VLAN 30 IP: 192.168.77.250 /24

     

    - Go to the routing table of the switch ("Routing" --> "Routing Table") and set the default gateway for the switch to: 192.168.99.254
    - Turn on "Routing Mode" on the switch, under "Routing" --> "IP".
    - Devices in VLAN 10 must have and IP of 192.168.0.x, with a default gateway address of: 192.168.0.250
    - Devices in VLAN 20 must have and IP of 172.16.20.x, with a default gateway address of: 172.16.20.250
    - Devices in VLAN 30 must have and IP of 192.168.77.x, with a default gateway address of: 192.168.77.250
    - On the switch port that connects to the router, you want to untag that port for VLAN 99 and set a PVID of 99.
    - On the switch ports that connects to VLAN 10 common non VLAN-aware devices, you want to untag those ports for VLAN 10 and set PVID of 10.
    - On the switch ports that connects to VLAN 20 common non VLAN-aware devices, you want to untag those ports for VLAN 20 and set PVID of 20.
    - On the switch ports that connects to VLAN 30 common non VLAN-aware devices, you want to untag those ports for VLAN 30 and set PVID of 30.

     

    On the router you need to set static routes back to the subnets that the router is not aware of: 192.168.0.0 /24 and 172.16.20.0 /24 and 192.168.77.0 /24

     

    So, three static routes in total on the router. They should look like this.

    Destination network: 1192.168.0.0
    Subnet mask: 255.255.255.0
    Gateway/Router/Next Hop: 192.168.99.253

     

    Destination network: 172.16.20.0
    Subnet mask: 255.255.255.0
    Gateway/Router/Next Hop: 192.168.99.253

     

    Destination network: 192.168.77.0
    Subnet mask: 255.255.255.0
    Gateway/Router/Next Hop: 192.168.99.253


    Hope that makes sense. Else let me know :)


    Cheers

mrmabmn's avatar
mrmabmn
Aspirant
Aug 24, 2017

Good day Hopchen,

 

Sorry about the lack of detail, the ping to 192.168.1.1 from VLAN30 was successful, but nothing was visible on wireshark.  The ping to 8.8.8.8 from VLAN30 was NOT successful, again nothing visible on wireshark.

 

I set the filter to icmp only, and pinged both 192.168.1.1 and 8.8.8.8 from VLAN30 and nothing was visible on wireshark. The ping to 192.168.1.1 was successful, the ping to 8.8.8.8 was NOT successful.

 

Pinging 192.168.1.1, 192.168.1.250, and 8.8.8.8 from a computer on the VLAN99 (192.168.1.x) with the wireshark filter set to icmp on Port 7 was successful to each address; however NOTHING was visible on Wireshark.

Hopchen's avatar
Hopchen
Prodigy
Aug 24, 2017

Hi,

 

Hmmm....

 

You are pinging correctly, so that is good. We should see that traffic is wireshark.

I am wondering why Wireshark is not picking it up. I think your port mirror is OK.

 

Do a quick control test.

- Plug the PC in port 7, into port 6 (still VLAN20).
- Start wireshark capture on that PC, with the filter: icmp
- Then Ping 172.16.20.250 and 192.168.1.1 and 8.8.8.8.

 

Do you see anything in Wireshark. If not, you must be capturing with the wrong interface. Also try and see if you see the pings with no filter on.


Let me know.

Thanks

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More