NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
JGS524PE tagged VLAN port, no access to WAN
Hi community, I set up 802.1q VLAN 10 (Port 1U,2U,3U, 23T) PVID Port1=10;Port2=10,Port3=10 VLAN 20 (Port 4U,5U,6U, 23T) PVID Port 4=20,Port5=20, Port6=20 PVID for Port 23 is 1 I want all VL...
nurbi wrote:
VLAN 10 (Port 1U,2U,3U, 23T) PVID Port1=10;Port2=10,Port3=10
VLAN 20 (Port 4U,5U,6U, 23T) PVID Port 4=20,Port5=20, Port6=20
PVID for Port 23 is 1
What you have configured are two networks, VLAN 10 and VLAN 20, with port 1..3 configured as access ports for VLAN 10, and ports 4..6 configured as access ports for VLAN 20.
Port 23 is configured like a trunk, carrying both VLAN 10 and VLAN 20 as tagged, except that you want to send untagged frames coming in on port 23 to VLAN 1 on top of the tagged VLAN 10 and 20.
nurbi wrote:
I have to set Port 23 to an untagged member and set PVID to e.g. 10 and then VLAN 10 member could access WAN, VLAN 20 could not (as expected)
This isn't what you documented above.
Unclear what is WAN in this design - probably an untagged network, a single subnet, handling one single IPv4 subnet, and act as a DHCP for this single IP subnet, too.
I want all VLAN members to have access to Port 23 where my WAN (and my DHCP) is. But above config does not work. (unexpected)
The switch does what you have configured as per the above description.
If this device making up "WAN" (or some intermediate IP subnet) does serve as two networks, tagged as VLAN 10 and VLAN 20, and hand over to the port 23 accordingly, this could work. If this "WAN" is made up from a typical consumer or SOHO Internet connection router, with one local IP subnet, and one network, not in two tagged VLANs
Afraid, this is expected to me.
What is the exact plan, the intention to operate two independent networks, on this switch for VLAN 10 and VLAN 20?
Why do you split the ports 1..3 and 3..6 to two networks - considering at the end of the day both should be make up one single network?
Have some asymmetrical VLAN config in mind?
I have to set Port 23 to an untagged member and set PVID to e.g. 10 and then VLAN 10 member could access WAN, VLAN 20 could not (as expected)
Reads like an attempt to proof on how one could half-isolate two networks resp. VLANs.
nurbi wrote:
Whom of us did bot understand 802.1q VLAN: Me or my switch?
The switch just does does what you configure....
schumaku wrote:
except that you want to send untagged frames coming in on port 23 to VLAN 1I want to send untagged incoming frames to VLAN10 and VLAN20 at the same time, but I can configure only one PVID.
schumaku wrote:
Unclear what is WAN in this design[1]-----[2] ))) WiFi link ((([3]------[JGS524 Switch Port 23]
1 = Internet with fixed IP via optical fiber
2 = LigoWave AP in router mode (DHCP running here), dial in via PPPoE
3 = LigoWave AP in station mode
I have no tool to see what happens to the traffic sent out on port 23. Is it arriving tagged at device 3? Is 3 scrapping it, because it can't deal with VLAN tags? Or is 3 responding but all my traffic ends up in VLAN 1?
schumaku wrote:
What is the exact plan, the intentionI want to isolate two user groups. Members of VLAN 10 should not see devices of VLAN 20. But both need to use the only available internet connection. Or is this simply not possible with a VLAN switch? Do I need a router between WAN and the VLANs?
Best, Nurbi
You can't magically merge what should be two or more dedicated networks into one by sending untagged traffic to a port and assign it to one network.
Of course your WAN device does receive the tagged frames for VLAN 10 and VLAN 20 - however your router does not know about the two VLANs so it won't handle these - because it does not recognize it because of the tags.
If you want to isolate two networks, define two networks, and handle each individually. on the complete data path. Here again, no way to magically make one network out of two .... Completely against 802.1q.
Your WAN device should allow two VLANs, each with an own IP subnet, and bot e.g. many2one NATed for example to your router real WAN (public IP) adapter.
What you have in mind could be some asymmetric VLAN config which would allow certain isolation, but only under some special conditions. Something which isn't a normal 802.1q config....
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
