NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

nurbi's avatar
nurbi
Aspirant
Nov 07, 2022

JGS524PE tagged VLAN port, no access to WAN

Hi community, I set up 802.1q VLAN 10 (Port 1U,2U,3U, 23T) PVID Port1=10;Port2=10,Port3=10 VLAN 20 (Port 4U,5U,6U, 23T) PVID Port 4=20,Port5=20, Port6=20   PVID for Port 23 is 1   I want all VL...
Solutions
nurbi's avatar
nurbi
Aspirant
Nov 08, 2022
schumaku wrote:
except that you want to send untagged frames coming in on port 23 to VLAN 1

I want to send untagged incoming frames to VLAN10 and VLAN20 at the same time, but I can configure only one PVID.

 

schumaku wrote:

Unclear what is WAN in this design

[1]-----[2] )))  WiFi link  ((([3]------[JGS524 Switch Port 23]

1 = Internet with fixed IP via optical fiber

2 = LigoWave AP in router mode (DHCP running here), dial in via PPPoE

3 = LigoWave AP in station mode

 

I have no tool to see what happens to the traffic sent out on port 23. Is it arriving tagged at device 3? Is 3 scrapping it, because it can't deal with VLAN tags? Or is 3 responding but all my traffic ends up in VLAN 1?

schumaku wrote:

What is the exact plan, the intention

I want to isolate two user groups. Members of VLAN 10 should not see devices of VLAN 20. But both need to use the only available internet connection. Or is this simply not possible with a VLAN switch? Do I need a router between WAN and the VLANs?

 

Best, Nurbi

 

 

 

schumaku's avatar
schumaku
Guru - Experienced User
Nov 08, 2022

You can't magically merge what should be two or more dedicated networks into one by sending untagged traffic to a port and assign it to one network.

 

Of course your WAN device does receive the tagged frames for VLAN 10 and VLAN 20 - however your router does not know about the two VLANs so it won't handle these - because it does not recognize it because of the tags.

 

If you want to isolate two networks, define two networks, and handle each individually. on the complete data path. Here again, no way to magically make one network out of two .... Completely against 802.1q.

 

Your WAN device should allow two VLANs, each with an own IP subnet, and bot e.g. many2one NATed for example to your router real WAN (public IP) adapter.

 

What you have in mind could be some asymmetric VLAN config which would allow certain isolation, but only under some special conditions. Something which isn't a normal 802.1q config....

 

 

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More