NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

flipfl0p's avatar
flipfl0p
Aspirant
Mar 04, 2017
Solved

Simple VLAN without VLAN-aware router and DHCP aka Port-based VLAN

I did manage to get the tagged VLANs (802.1Q) working with DHCP, mutiple switches AND VLAN-aware router - the whole shebang. However, I tried to poke around with the simple setup with not vlan-aware ...
GS108Tv2
port-based
Solutions
Troubleshooting
vlan
  • flipfl0p's avatar
    flipfl0p
    Mar 07, 2017

    DaneA

    Thanx a lot for the time and effort. Looks like, I'm ending up as that guy I mentioned before, who got it working...somehow :O

    Actually, I tried all kinds of combinations and...eneded up with exactly the same setup I began with...and this time it was working! With DHCP and everyting!
    So the approach the Asymmetric VLAN is very simple:

    E.g. 

    - define VLAN 10 + 20

    - define the trunk/gateway - VLAN50 (or keep the default VLAN1)

    - make ports 2+3 only members of VLAN10 and VLAN 20 respectively

    - make all ports needing access to the outside network (extra switch of router) members of VLAN50

    - set port 1 to PVID50

    - set port 2+3 to PVID10 and PVID20 respectively

     

    And the setup works as intended  - port 2+3 are online, but cannot talk to each other as they are on different VLANs.

    Now, the biggest question still remains - Why the #¤%# didn't it work before ???!!!!!

    A few reboots were made, yes, but otherwise, nothing else!

    Additional question:

     - What exactly are Tagged VLANs needed for then comparing the Untagged if the asymmetric VLANs support the network segmentation and DHCP ?

DaneA's avatar
DaneA
NETGEAR Employee Retired
Mar 05, 2017

Hi flipfl0p,

 

Welcome to the community! :) 

 

As I understand your network setup, port 4 of the GS108Tv2 is directly connected to the PC and you want to get an IP address through VLAN 10.  Kindly try to set a static IP address on the PC that is within the IP range of the router.  Are you able to get replies when you ping the IP address of the router? 

 

If ever you are not able to get replies when you ping the IP address of the router, set the PVID of port 1 to 10 and check if you are now able to get replies when you ping the IP address of the router. 

 

 

Regards,

 

DaneA

NETGEAR Community Team

flipfl0p's avatar
flipfl0p
Aspirant
Mar 05, 2017

Hi DaneA, 

As I wrote in the first post, the PC connected to port 4 is already using a static IP and it's in the same subnet as the router, and I'm not able to ping anything. In fact, I'm not receiving a single byte back on the NIC as I monitor the status. 

All network devices now are configured using static IPs - PC, switch and the router behind it.

 

I now tried setting port 1 to PVID 10 - no effect, as before, I'm not getting as signel byte back on the NIC's interface :manfrustrated:

  • DaneA's avatar
    DaneA
    NETGEAR Employee Retired
    Mar 06, 2017

    flipfl0p,

     

    Kindly try the steps below:

     

    1. On VLAN 1, all ports are set to untagged. 

    2. On VLAN 10, port members would be ports 1 and 4.  Set port 1 as untagged with PVID of 1.  Then, set port 4 as untagged with PVID of 10. 

    3. Create VLAN 100.  The port members would be ports 1, 4 and 8.

    4. On VLAN 100, set port 1 as untagged with PVID of 1.  Then, set port 4 as untagged with PVID of 10. Then, set port 8 as untagged with PVID 100.

    5. Connect the router on port 8. 

    6. Check if the PC connected on port 4 that has a static IP address will be able to get replies when you ping the IP address of the router.  Also, check if it will acquire an IP address from the router. 

     

    What we've tried to setup from the steps above is called Asymmetric VLAN.  

     

    Let us know the results.

     

     

    Regards,

     

    DaneA
    NETGEAR Community Team

    • flipfl0p's avatar
      flipfl0p
      Aspirant
      Mar 06, 2017

      Ok, tried all that, the short answert - no effect at all.

      1-6 - check!

      Static or DHCP-lease - not a single frame received on the NIC. 

       

      Actually, after studying the document provided, the Assymetric VLAN was exactly what I dod from the beginning:

      - created VLAN X for a client machine

      - created VLAN Y for the "uplink"/trunk port

      - assigned the client machine port to VLAN Y

      - assigned the uplink port to VLAN X

      - connected the router to the uplink port

       

      I connected another client machine on port 5 in the same manner - assigned port5 to VLAN10. I did manage to have machines on port 4+5 to ping each other as they should as they were both on VLAN10. However, no connection to the gateway or anything else.....

       

      I did all the steps a few times and kept the ping to the router on. I noticed, that while creating VLANS and assigning the respective ports to them, the ping was alive. But the connection was totally cut off as soon as I put port4 (client port) to PVID10. As I understand, all those untagged VLANs are actually able to talk to each other as long as they're on the same subnet, otherwise, inter-vlan routing is needed, right ?

       

      Any other good ideas ?

       

      P.S. I did a factory reset of the switch before trying those steps just to make sure it's "clean".

    • flipfl0p's avatar
      flipfl0p
      Aspirant
      Mar 07, 2017

      DaneA

      Thanx a lot for the time and effort. Looks like, I'm ending up as that guy I mentioned before, who got it working...somehow :O

      Actually, I tried all kinds of combinations and...eneded up with exactly the same setup I began with...and this time it was working! With DHCP and everyting!
      So the approach the Asymmetric VLAN is very simple:

      E.g. 

      - define VLAN 10 + 20

      - define the trunk/gateway - VLAN50 (or keep the default VLAN1)

      - make ports 2+3 only members of VLAN10 and VLAN 20 respectively

      - make all ports needing access to the outside network (extra switch of router) members of VLAN50

      - set port 1 to PVID50

      - set port 2+3 to PVID10 and PVID20 respectively

       

      And the setup works as intended  - port 2+3 are online, but cannot talk to each other as they are on different VLANs.

      Now, the biggest question still remains - Why the #¤%# didn't it work before ???!!!!!

      A few reboots were made, yes, but otherwise, nothing else!

      Additional question:

       - What exactly are Tagged VLANs needed for then comparing the Untagged if the asymmetric VLANs support the network segmentation and DHCP ?

      • DaneA's avatar
        DaneA
        NETGEAR Employee Retired
        Mar 07, 2017

        flipfl0p,

         

        I'm glad that its now working. :)   I have just read your feedback 14 hrs ago and I was wondering why it didn't work instantly.  

         

        As you can observed, no tagging is involved and as far as I know, all VLANs should be in the same subnet in implementing asymmetric VLANs. 

         

        On the other hand, the usual VLAN configuration wherein tagging is needed, you can have each VLAN on their own subnet.  You could also set inter-VLAN routing when needed as long as the switch supports the inter-VLAN routing feature or if not, you could use a VLAN-aware router that supports inter-VLAN routing.  

         

         

        Regards,

         

        DaneA

        NETGEAR Community Team

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More