NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Having trouble implementing vlan on Prosafe switch
I'm in the process of slowly upgrading my home network. I originally aquired the Prosafe JGS524PE switch for the POE capabilities for my security cameras. Now I'm trying to ditch the ISP supplied H...
OK, trunking problem solved, although I'm confused as I'm sure I'd already tried those settings with no success. The switch was fine, but I needed to add vlan3 as a PVID for Eth2 on the ERX. Now I can plug into port 16 and get assigned a vlan3 address from the ERX DHCP server. If I change a port to vlan4, the same applies. I can login to the camera on port12/vlan8 so the firewall settings are working also. Here is a pic of the ERX settings to clarify for anyone else dealing with similar issues. Thanks for the help all.
Don't think this is a switch config issue. The switch does only handle the VLANs ... and what is configured does go in and out there.
The schema does look incomplete to me, e.g. VLAN 3 is missing on the ERX (it only seems to exist on the switch), the APAC connects to a port with only VLAN 6 and 7. Add all subnet (untagged)/VLAN(tagged) details for all ERX ports, ...
The purpose of the ERX is only to add routing capabilities for the local [V]LAN, while the Internet access happens on VLAN 1 to the Huawei?
Last but not least, what is "NAT" used in your description?
I wasn't sure whether this is a switch issue or a router one, but figuring the switch side of things was simpler, should be easier to diagnose or rule out. Given your comment, it looks like there isn't anything obvious wrong with my switch config so I'll move over to the Ubiquiti community to see if they can help. If I succeed there I'll update this post to close off.
The ERX schema is copied from the router configuration page (see image). Not Netgear product but for clarity I'll elaborate a little. I followed a guide in setting my ERX up as mentioned in the OP. That is where the eth4 settings comes from. I think the vlan3 is somehow default, as that was set up first and then the others added. The guide only used vlans for the AP and used separate switches on different ports to segregate the wired side so I'm extending it to add the vlans on the switch for eth2 and eth3. That may well be where my problem lies. I tried adding vlan3 yesterday as you suggested but that appeared to break things.
Yes, the current purpose of the ERX is limited to the vlan segregation testing, while I prove this all out. Once I have verified that I have vlans working and that the firewall rules allow the Home net to talk to the security subnet but not vice versa etc, then I will replace the Huawei with the ERX and reconfigure the switch so that all IP cameras are on vlan8 (security), office on vlan3 (Home) and AV stuff on vlan4 (IoT). The AP will also handle vlan3, vlan6 (guest) and vlan7 (wireless IoT). It would be possible to have 3 cables from the switch to the ERX rather than Tagging the trunk port but that seems a waste of ports so I'm attempting this.
NAT was me using the wrong acronym - I meant DNS server in this context.
Thanks again for you're help, it looks like my understanding of the switch settings was about right afterall. On to Ubiquiti...
OK, trunking problem solved, although I'm confused as I'm sure I'd already tried those settings with no success. The switch was fine, but I needed to add vlan3 as a PVID for Eth2 on the ERX. Now I can plug into port 16 and get assigned a vlan3 address from the ERX DHCP server. If I change a port to vlan4, the same applies. I can login to the camera on port12/vlan8 so the firewall settings are working also. Here is a pic of the ERX settings to clarify for anyone else dealing with similar issues. Thanks for the help all.
If you have to configure a PIVD it means there is non-tagged traffic flowing to that interface, and the router (or similar a switch) will allocate this traffic to the VLAN ID identified by the PVID. Check your design if the VLAN ID 3 is intended to be tagged or untagged on each trunk. If it's supposed to be tagged, there should not be any untagged traffic belonging to the #3. But then the #3 must be configured on the port as a VLAN, too - this is currently not very consistent in the config.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
