VLAN Configuration

Started by cosmarchy, January 31, 2022, 07:55:58 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

cosmarchy

January 31, 2022, 07:55:58 AM
Hi,

I've a couple of questions regarding setting up a VLAN.  First, a brief outline of what I have and what I'm trying to achieve.
I have three 5-port Netgear GS105Ev2 ProSafe switches connected to a router.  I believe the question to be more about VLANs rather than the switches...

In any case, they are connected as follows:

Switch_1 (192.168.1.9)
port 1 - router
port 2 - device_1.1
port 3 - device_1.2
port 4 - device_1.3
port 5 - to switch_2

Switch_2 (192.168.1.10)
port 1 - from switch_1
port 2 - device_2.1
port 3 - device_2.2
port 4 - device_2.3
port 5 - to switch_3

Switch_3 (192.168.1.11)
port 1 - from switch_2
port 2 - device_3.1
port 3 - device_3.2
port 4 - device_3.3
port 5 - device_3.4

a simple daisy chain where port 5 of the previous switch connects to port 1 of the next switch.

I'd like to configure to provide the following VLANs:

VLAN1
router
device_1.1
device_1.2
device_2.1
device_2.2
device_3.1
device_3.2
device_3.3

VLAN2
router
device_2.3

VLAN3
router
device_3.4

So, device_3.4 routes through switches 3->2->1 to access the router on its own separate VLAN3 as does device_2.3 routes through switches 2->1 to the router on its own VLAN2.  All other devices are on the same VLAN1.

Basically I want three networks separate from one another which all have access to the internet but not each other.

My first question is whether this is configuration possible?  Can a single port be shared across multiple VLANs as is the case with the router

The second question is if it is possible how do you configure the switches to achieve this?


Do the switch configurations look like this?
------------------------------
Switch_1
VLAN1
port 1 - untagged
port 2 - untagged
port 3 - untagged
port 4 - untagged

VLAN2
port 1 - untagged

VLAN3
port 1 - untagged
------------------------------
switch_2
VLAN1
port 2 - untagged
port 3 - untagged

VLAN2
port 4 -untagged
------------------------------
switch_3
VLAN1
port 2 - untagged
port 3 - untagged
port 4 - untagged

VLAN3
port 5 - untagged
------------------------------

Next, what to do about tagged ports.  I'm guessing that switch1.port5, switch2.port1, switch2.port5 and switch3.port1 all marked as tagged but do you do this for every VLAN - does each VLAN have to specify a tagged port even though these ports are the same on every VLAN?

What about PVID.  I don't understand why you need a PVID to assign the port and VLAN when you are already doing this by choosing to mark the ports untagged against a VLAN.

Thanks





icecream-guy

#1
January 31, 2022, 08:09:27 AM
I think what you are talking about is trunking VLANs between the Switches

check this reference

https://kb.netgear.com/11673/How-do-I-setup-a-VLAN-trunk-link-between-two-NETGEAR-switches
:professorcat:

My Moral Fibers have been cut.

deanwebb

#2
January 31, 2022, 08:39:22 AM
Daisy-chained switches [shudder]... please promise me not to add another switch to the chain. Also, is the chaining to solve a distance issue? If so, I can understand. If it's to solve a port density in a small area issue, then I'd go with a single switch with more ports on it.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

cosmarchy

#3
January 31, 2022, 08:47:11 AM
That partially answers some of the questions.  It details that you have to mark ports tagged in both VLANs but I'm not sure about switch_2 requiring a VLAN3 in order to know how to route data through to switch_1 - I'm assuming switch_2 would contain a VLAN3 which contains nothing more than port1 and port5 tagged??

In short, do all switches need contain an appropriate VLAN entry even though none of the ports on a particular switch belongs to a VLAN so that this provides a route through for VLANS up or downstream???

Ideally I wouldn't have daisy chained these as Im aware there are a few issues doing it this way but I had not choice in this situation owing to distance and physical routing.  There is no intention of adding more as if more capacity was required, I'd expand the number of ports at each switch as and when necessary  :)

deanwebb

#4
January 31, 2022, 12:04:24 PM
My vendor-independent thought is that, no, only the access switches hosting the VLANs or distribution switches provisioning the VLANs need to know. Everything else is a routing table. However, the Netgear requirements may vary.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

icecream-guy

#5
January 31, 2022, 03:36:29 PM
however if you wanted port in VLAN 5 on switch 1, and switch 3, it would have to be trunked through switch 2, 1 to 2 and 2 to 3

:professorcat:

My Moral Fibers have been cut.
Print
Go Up Pages1
User actions