NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

LW100's avatar
LW100
Aspirant
Jan 04, 2025

Newbie to VLANs - GS308Ev4

All

 

Before I get into any detail around what I want to achieve long term, I have a very basic question.... please bear with, as first time I am trying to setup a VLAN... having looked at many sites/posts here and other sources of information, it is my understanding that the Router absolutely needs to be vlan aware...  however is that for all types of VLAN or just a properly implemented 802.1Q VLAN.  i.e for a Port based VLAN, does the router still need to be vlan aware ?

I am asking, as reading the following post:-

 

https://community.netgear.com/t5/Plus-and-Smart-Switches-Forum/Netgear-GS308E-Help-with-config/m-p/2339677

 

I interpreted that a port based could be setup to work with a non vlan aware router.   Maybe its how I read the post and the fact is that for any type of vlan, the router needs to support them but seeking some clarity before I pull my hair out as I cant seen to get even a basic setup working.

 

Thanks

 

4 Replies

  • NetworkNeb's avatar
    NetworkNeb
    Aspirant
    Jan 11, 2025

    Hello, I'm also a networking  Newb that has struggled to understand VLAN's and Subnetting. So, out of my probably 50 hours of trying figure out the nature of VLANS and sub-netting with my first home lab is this.


    1. Level 3 switches can VLAN route. I have GS308Ev4, a level 2 switch. This can read and push the tags to the correct port, but can not official tag the data.
    2. You need a Level 3 switch in order to VLAN route or a router to VLAN route. They should also be able to establish inter vlan communications if set up with the firewall.

    3. I despise VLANS.
    4. I'm still on the journey of learning this. So, if another post comes along please listen to them. I just wanted to save you some frustration if possible.
    5. If you have an ISP router that doesn't support Vlans or sub-netting, you can install opnsense as a router on as a virtual machine. However, I have not been able to configure the network correctly with a proxmox server running all VM's and the OPNsense router software. Keep in mind of double NATTING.... Due to sever anger that is only comparable to working on a car in the winter, or stubbing your toe on the corner of your desk that spills water on your computer. I have found that double Natting ISP Router > To OPNSense > Vlans is also a pickle to set up without proper equipment. My ISP router offers bridge mode to push the data to the OPNsense router, this takes out my wifi as my server is pieced together like Frankenstein's monster and have no wifi output on my server.

     

    Long story short:
    You need to invest in a new router or level 3 vlan switch to do what you want, or order a cheap PC from ebay and install opnsense with a NIC. Again, please keep in mind I am at the same level as you or dang near it. Everything just clicked about needing to have an official dedicated router and/or need a level 3 vlan capable switch. Hence is why I'm here..... I just googled if GS308Ev4 is a level 2 or level 3 switch.............Goodluck, happy networking, and I hope this saved some rage as I need someone else to balance out mine.

     

    Last thoughts:
    I'm also attempting the port based approach on GS308Ev4. I have no idea how well this will protect and isolate the networks as they are on the same sub-net. I'm attempting to establish a lot of isolating firewalls between each bridge and have 3 Ethernet cables for 3 virtual bridges. This will not be very secure if I exposed VM 104 to the internet but keep my truenas vm on the same network.

     

     

     

    • LW100's avatar
      LW100
      Aspirant
      Jan 12, 2025

      Thanks, appreciate the response.

      I am not trying to do anything near as complicated as it sounds like you are, but I will stop playing now until I sort out what I want to do router and mesh wise.

      I am currently in analysis paralysis with that discussion with myself..  😂

       

       

      • ErwinL's avatar
        ErwinL
        NETGEAR Moderator
        Jan 14, 2025

        Hello LW100

         

        And welcome to the NETGEAR Community! 🙂

         

        Indeed you need to have a router that knows VLAN specially if the DHCP server will be coming from the router for all VLANs. To many cases, VLANs are also configured on router for DHCP server purposes for each VLAN.

         

        For port based VLAN it literally diving the port into groups. With this configuration you will still need L3 networks for each group for each devices to communicate in their respective groups of VLAN.

         

        NetworkNeb

        1. Level 3 switches can VLAN route. I have GS308Ev4, a level 2 switch. This can read and push the tags to the correct port, but can not official tag the data.

        - Yes Vlan can route. GS308Ev4 is a plus switch and needs to be configured with VLANs as well.

        2.  You need a Level 3 switch in order to VLAN route or a router to VLAN route. They should also be able to establish inter vlan communications if set up with the firewall. 
        - Correct.

        3. I'm also attempting the port based approach on GS308Ev4. I have no idea how well this will protect and isolate the networks as they are on the same sub-net. I'm attempting to establish a lot of isolating firewalls between each bridge and have 3 Ethernet cables for 3 virtual bridges. This will not be very secure if I exposed VM 104 to the internet but keep my truenas vm on the same network.
        - It is suggested to have separate subnets for each VLAN for them not to communicate and have a separate broadcast domain.

         

        Have a lovely day,
        Erwin
        Netgear Team
         

  • NXIXN's avatar
    NXIXN
    Apprentice
    Jan 28, 2025

    Port based VLAN on GS308Ev4 will work in this type of example:

     

    Three VLANs:

     

    VLAN1

    VLAN2

    VLAN3

     

    PC1 connected to port 1

    PC2 connected to port 2

    PC3 connected to port 3

     

     

    Assign port 1 as your uplink to a non-vlan aware router. 

     

    This port 1 will have the following port based tagging:

     

    Router > Port 1 PVID = 1 untagged VLAN 1, Tagged VLANs 2 and 3

    PC1 > Port 2 PVID = 1 untagged VLAN 1

    PC2 > Port 3 PVID = 2 untagged VLAN 2

    PC3 > Port 4 PVID = 3 untagged VLAN 3

     

    Note: PC2 and PC3 must be set to static IP in the same subnet of the VLAN aware router as we expect that there is no other DHCP server to supply the other VLANs.

     

     

    For example: Router DHCP subnet is 192.168.1.0

     

    PC1 IP gets DHCP from router, i.e. 192.168.1.2 255.255.255.0 192.168.1.1

    PC2 IP set to static IP of 192.168.1.3 255.255.255.0 192.168.1.1

    PC3 IP set to static IP of 192.168.1.4 255.255.255.0 192.168.1.1

     

    Hope this helps.

     

     

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More