I have a question for you network experts. So I purchased several of the little GS305E switches for the purpose of separating untrusted devices from others, and to improve performance. I unboxed one of the switches, hooked it to the ISP router. Hooked up some test systems, an Xbox to one port and a PC on the third.
I set the switch to advanced 802.1Q and setup the VLANS and ports as follows. All ports are untagged.
PORT 1 VLANS 1, 2, 3 PVID 1 Router (DHCP - Single network, no subnets)
PORT 2 VLANS 1, 2 PVID 2 Xbox
PORT 3 VLANS 1, 3 PVID 3 PC
Now both VLANS 2 and 3 are able to get to the internet, as needed. But when I fire up the Xbox and start a game, all 3 switch ports go to showing high activity (blinking fast). Now I realize I have all ports on VLAN 1, so packets from the Internet can get back to either VLAN, whichever is needed. But I thought a switch was a little more intelligent than a hub. I was thinking when the router sent a packet back to the Xbox, the switch would send it only on port 2, and discard for port 3 because it knows there is no device with that MAC on port 3. Wireshark running on the PC connected to port 3, shows lots of UDP packets destined for the Xbox, as it has the Xbox's MAC address as the destination address.
What gives? Have I grossly overestimated these little switches? Am I missing something in the configuration? Or more than likely, am I'm confused or stupid?
Can someone tell me why port 3 would be getting the traffic for a device on port 2, even when the packet isn't really a broadcast? And if it is a configuration issue, can you tell me what changes are needed?
I set the switch to advanced 802.1Q and setup the VLANS and ports as follows. All ports are untagged.
PORT 1 VLANS 1, 2, 3 PVID 1 Router (DHCP - Single network, no subnets)
PORT 2 VLANS 1, 2 PVID 2 Xbox
PORT 3 VLANS 1, 3 PVID 3 PC
All untagged? Something very wrong with your network design..
If the plan is to deal with multiple networks (IP subnets, firewalled security zones, ...), you need some router infrastructure, able to deal with the subnets, correctly handle the NATed Internet access. This also means strict 802.1q VLAN segregation. means With the common consumer and many SOHO routers, this isn't possible.
What you have configured is causing (wanted or unwanted?) what is named asymmetric VLANs. Aware some vendors explicitly allowed the configuration of asymmetrical VLAN - this always required some dedicated control, not available on the big majority of generic VLAN capable and configurable switches. I fear you are on the wrong path, this has nothing in common with an industry standard 802.1q VLAN implementation.
My understanding is I only need to use tags for the trunking between the switches. At this point I only have the one switch connected, directly to the router. Once the other switches are in place, I would have tagging between the trunk ports. Is this ok? Or should I be using tagging with the current single switch setup?
Also, I want to keep this simple and use only a single network, with no subnets. This is a home network with less than 30 devices. My main goal was to separate untrusted and unimportant devices like TVs, kids smart devices and computers, from the devices my wife and I use for work. Given this, I was hoping to avoid the complexity of subsets and configuring routers, maintaining routes, etc.
