Can I use a VLAN?

[Kiangs]

Hi,

I've currently got 2 x Netgear GS108T 'smart' switches at opposite ends of the house linked together via CAT5e.

Currently I've got an ADSL modem/router connected to the first switch via Powerline adaptors.

However, due to a broadband upgrade this will soon be changed and I will have a separate modem and router. Which is where my problems start. I can't physically put the two in the same location.

I can't move the modem, so it will still be connected via the Powerline adaptors to where the first switch is located. Now, if I could locate the router here its fairly easy - into the router WAN port then from a LAN port into the switch and so on.

Unfortunately though I really don't want (aesthetics this time) the router at that location either - I want it connected to the second switch if at all possible.

I understand the GS108T's are capable of running VLANs but not sure if they offer a solution. I'm wondering if a VLAN can be set up so basically the modem and the router's WAN port can talk to each other but are isolated from the rest of the network?

Hope I'm making some sense explaining what I'm thinking!

ps In case you think I've missed the obvious - I can't move the Powerline adaptors either as speed is atrocious in the location of the second switch!

 

[jdabbs]

I haven't used a GS108T, but what you are asking for sounds doable.

Logical layout of a VLAN trunk:

Switch A
Port 1/VLAN X (tagged): uplink to switch B
Port 2/VLAN X (untagged): Modem
Port 3-whatever: Rest of the network (untagged VLANs)

Switch B:
Port 1/VLAN X (tagged): uplink to switch A
Port 2/VLAN X (untagged): Router WAN
Port 3-whatever: Rest of the network (untagged VLANs)

You could get away with not tagging frames on the trunk link, but setting things up this way will allow you to carry multiple VLANs on the same trunk link (useful if you want to put the remaining switch ports on the same network segment).

 

[Kiangs]

Thanks jdabbs

Hopefully after a couple of Google searches I'll follow exactly what you are saying and be able to configure it, but it sounds promising!

 

[jdabbs]

VLANs are relatively easy. The only gotchas you have to worry about are tagged vs untagged (always tag on trunk links, even though it isn't strictly necessary, untag everywhere else), and not doing anything fancy on VLAN 1 (usually the default/management VLAN).

 

[Kiangs]

Hello again,

I've run a test by setting up a VLAN but have encountered an issue which I can't explain. Whats happening is probably very logical to you guys.

As I haven't yet got a separate modem/router, I thought I'd run a test as follows:

Switch A
Port 1 - VLAN1 (Tagged), VLAN2 (Tagged) : Link to switch B
Ports 2 to 7 - VLAN1 (Untagged) : Other devices
Port 8 - VLAN2 (Tagged) : Modem/Router

Switch B
Port 1 - VLAN1 (Tagged), VLAN2 (Tagged) : Link to switch A
Ports 2 to 6 - VLAN1 (Untagged) : Other devices
Port 7 - VLAN1 (Untagged) : Link from switch C (Port 2)
Port 8 - VLAN2 (Tagged) : Link to switch C (Port 1)

Switch C - UNMANAGED
Port 1 - Link from switch B (Port 8)
Port 2 - Link to switch B (Port 7)

My thinking was this.... Traffic from the Modem/Router would enter switch A on port 8 and be tagged as VLAN2. It would be kept separate from the rest of the network on the default VLAN1. It would them be 'trunked' via Port 1 to switch B and exit untagged via Port 8. It then enters the unmanaged switch C on port 1 and then exits on port 2 back to switch B. My theory was that this would complete the link required to provide the internet link back to VLAN1 and hence all the other devices on the VLAN1 ports.

I was wrong. I get a switch loop !

Perhaps this won't actually be an issue when I separate the modem/router as originally described - as I say, I was just messing about testing.

But I would love to hear why this actually causes a switch loop, I'd appreciate a (simple!) explanation from you experts!

 

[jdabbs]

In the original design, the link between public (router WAN) and private LAN traffic was to be handled by the router.

Internet>Modem>in Switch A VLAN 2, out Switch A trunk link> in Switch B trunk link, out Switch B VLAN 2> in Router WAN, out Router LAN> in Switch B VLAN 1, out VLAN 1 devices on B and A (reachable back over the trunk link).

Thanks for taking the time to lay out your network. Switch ports A-8 and B-8 should be untagged. Do this, and it should work without a router on Switch B. Frames from VLAN 1 devices will be untagged, and as they hit the VLAN 2 port, the switch will tag them as VLAN 2 and forward them back to your modem.

I don't think a switch loop was created.
Some switches drop frames tagged with "incorrect" VLANs or lack of tagging. Your modem will be sending untagged frames to Switch A-8. They may be dropped. Switch A is responding with tagged VLAN 2 frames, which the modem may not be able to parse. Same goes for VLAN 1 devices on Switch B.

 

[Kiangs]

Hi jdabbs, thanks for replying.

Sorry, I've misled you with a mistake - a crucial typo in my last post. Ports A-8 and B-8 are indeed UNtagged.

I should also have described the results of my test...

Seconds after plugging in the link from switch C back to switch B the link lights flashed crazily on all ports!
I've also tried leaving out the third switch altogether and connecting port 8 directly to port 5 (or indeed any port 2-7) on switch B with exactly the same result.

Can't see any errors in my configuration, which is why I was wondering if somehow the traffic is looping between the VLANs but I'm really beyond the limit of my understanding here...

Any further thoughts would be gratefully appreciated.

 

[devnull]

Classic packet storm. The unmanaged switch doesn't recognize VLANs and is rebroadcasting MAC table broadcasts out all ports. Also connecting two ports on the same switch together is always a no-no.

The first switch will transmit a broadcast announcing it's version of the MAC table on the port to the next switch. The next switch will send the broadcast out all ports, including the second port connected to the first switch. Now the first switch thinks it received a broadcast announcement from the other switch (which is a retransmission of the broadcast the first switch created) and re-transmits the broadcast out all ports. This repeats and increases exponentially until the links are saturated. The same thing happens when you connect two ports on the same switch.

I'm pretty sure the GS108T can reduce broadcast floods if you set it up, but I haven't spent enough time configuring one to test this.

 

[devnull]

Also I would like to know why exactly the modem and router can't be in the same location.

 

[Kiangs]

Hi devnul

Thanks for the explanation, I'm hoping then that my test with the 3rd switch is effectively "null and void" and when I do get the new router (i.e. all set up as per original intention) it will be ok?

Or do you think I'll still get the broadcast flood problem?

Nb: The modem and router can't physically fit in the same location - its a very small cupboard - and the wife won't allow any alterations! At some point I intend to run a cable between the two locations, but for now I'm hoping I can use available technology to get me out a fix!

 

[devnull]

Try this VLAN configuration and see if it works when you get the new router.
Switch A, Port 2 => modem, configured as VLAN 2 tagged
Switch A, Port 1 => Switch B, Port 1, configured as trunk
Switch A, Port 3-8 => clients, VLAN 4 tagged

Switch B, Port 1 => Switch A, Port 1, trunk
Switch B, Port 2 => Router WAN Port, configured as VLAN 2 tagged
Switch B, Port 3 => Router LAN Port, configured as VLAN 4 tagged
Switch B, Port 4-8 => clients, VLAN 4 tagged

Note that you should connect the router directly to the modem first, since you will need to make certain that the internet connection works before you run this setup.

 

[Kiangs]

Thanks again, will try that when I get the new router (hopefully by the weekend...)

Good idea with the ethernet splitter but unfortunately it won't really help in my particular circumstances. As long as I can get the VLAN shenanigans sorted though it'll do fine for now. Fingers crossed!