VLAN Setup with Netgear GS728TPP - Some ports are members of multiple VLANs
Hello, I have a home automation system that requires its own VLAN, as if it is on the same network as the other clients, it becomes unstable due to too much traffic...This is across two Netgear GS728TPP switches and one JGS524Ev2 switch.
- VLAN10 - Home Automation controller, touchpanels, etc. (Ports 1-12 on Switch 1, and Ports 1-7 on Switch 2)
- VLAN20 - Everything else (Remaining ports on Switch 1 and 2, and all of the JGS524Ev2)
There are three devices that would be members of both VLANs (Apple TV, Roku, and an HAI Alarm Panel).
I have set up all of the VLAN10 ports to be tagged. However, when I set their PVID to 10, nothing can communicate with each other, even within VLAN10.
I also tried to keep everything on PVID 1, and have them all members of VLAN1 as well, but I beleive that defeats the purpose of the VLAN, as I can still ping everything.
I also tried the VLAN only setting in Acceptable Fram Types, but that also prevented the system from being able to work.
I am at a loss of what to do. I can provide diagrams and a list of devices and their ports if it will help.
I have set up all of the VLAN10 ports to be tagged. However, when I set their PVID to 10, nothing can communicate with each other, even within VLAN10.
Set the ports connecting the switches as tagged ports with a PVID of 1. Then, set other ports as untagged ports. All members of VLAN 10 should have a PVID of 10 and all members of VLAN 20 should have a PVID of 20.
There are three devices that would be members of both VLANs (Apple TV, Roku, and an HAI Alarm Panel).
This is simply not possible resp. illegal in a 802.1q environment where each VLAN does represent it's own network, it's own brodcast domain, and has it's own IP subnetwork.
The reason why the UI does allow this is the possible concept of asymmetrical VLANs - however then both VLANs are on the same broadcast domain and IP subnet.
Hello, I have a home automation system that requires its own VLAN, as if it is on the same network as the other clients, it becomes unstable due to too much traffic...
Whatever "to much traffic" means.
Some IoJ microcontrollers don't like to be hit by massive amount of traffic, like broadcast or multicast. Anything else - except what's intended for the microcontroller MAC ... that's what switches are made for - will not hit the links to these devices.
A possible weak point might be the link between the two switches. Depending on the network usage, the link can be saturated, and e.g. UDP traffic might suffer from reaching the destination. Needless to say, multiple VLANs win't help here - much more creating a LAG/Port Aggregation so e.g. two Gigabit links can be shared.
After hughe amount of unsolicited broadcast, a popular performance and reliability killer is IGMP Multicast traffic used e.g. for Live TV if the network infrastructure is not properly configured for IGMP Snooping.
I find it always amazing to read the security or reliability advise to isolate IoJ devices onto a dedicated network resp. VLAN. This might be fine for IoJ doing it's local point-to-point communication, or for system designs where tie IoJ is fully cloud oriented, so the control and access can be done over the cloud. Not much fun of course of the Internet is down. And not the greatest WAF and usability having to change to a different wireless network to dim the light or change the music ... for the many devices which require the IoJ and the controller App on the same network.
