What's new

VLAN How To: Segmenting a small LAN

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Try to keep your VLAN ID's above 10 - many routers use internal VLAN's below that value to facility the routing inside (Guest Network, DMZ's for example)...

Best practice is to go above VLAN100...
 
Sorry, VLAN2 config JPG was not a full screen. Here is the full screen.
Dieter
 

Attachments

  • VLAN2 Update.jpg
    VLAN2 Update.jpg
    46.1 KB · Views: 966
Try to keep your VLAN ID's above 10 - many routers use internal VLAN's below that value to facility the routing inside (Guest Network, DMZ's for example)...

Best practice is to go above VLAN100...
I'll try it...
 
Doug,
Got a call back from Linksys Tier 2 support. He confirmed that The LGS308 does not do inter-Vlan routing. It requires a Vlan-aware router.

Can you please confirm that the Netgear GS108Tv2, can do inter-Vlan routing?

Thanks.
 
Last edited:
Try connecting your PC to port 8 on the switch. You should then be able to set the PVID on ports 5-6 to 2 and the PVID on port 7 to 3.
 
I have done that, and it does not work. Whenever I set the PVID on ports 5-6, it removes PVID from VLAN1. Unless I'm missing something.

I just read the VLAN section of the GS108Tv2 manual. It seems to work like the LGS308. It possibly is different from the 108Tv1...

Are you sure the GS108T does inter-Vlan routing?
 
Last edited:
Be very careful before you go spending more money on something that may not work right. Inter-Vlan routing is when you want to route traffic between your VLANs. Meaning you want the VLANS to talk to each other. That does not seem to be what you want. It seems you want the VLANS to not talk to each other but to talk to the internet. Now this can be done with a Layer3 switch that can route between VLANs but it will mean some changes to your network (like default gateway). My recommendation would be for you to get a router that is VLAN aware and use your current managed switch. This would be best practice (unless your network is real big and then best practice would be to have both a VLAN aware router and a Layer3 switch for inter-vlan routing).
 
Thank you, abailey. This is what Linksys said.
Linksys makes the LRT214 which supports 802.1Q (5 tagged VLANs). It provides segmentation between users in different SSIDs/VLANs. "With inter-VLAN routing, Traffic traverses easily between VLANs." But it seems overkill for what I need.

Is any one aware of other "cheap" routers which do 802.1Q, VLAN tagging?
 
There are cheap routers that can do what you need. The problem is, usually the cheaper you go, the more you need to know. In other words the cheaper ones usually assume you know more about networking and thus they save money on their user interfaces. Some of them make you use command line to set the router up. Mikrotik and Ubiquiti are two vendors that come to mind that have good, cheap routers. I am not very familiar with Mikrotik but here is a cheap, decent, Ubiquiti router. It does have a wizard to help you with initial setup but you will need to put some time into the config as the learning curve is fairly steep. The Ubiquiti router would hook to the internet in your case and you could put the Asus router in AP mode for your wireless.
 
Thank you.
Netgear Tier 2 support said the the GS108Tv2 will work as long as I use static IPs on the VLAN devices. It does 802.1q, and they said that you can make Port 1 (which the router is connected to), member of the other VLANs. But their switch will not work with DHCP requests coming from the VLANs.
 
I think going with a VLAN aware router will open a can of worms for me. All I was trying to accomplish was to take advantage of VLAN security features. Separate my VoIP and streaming devices from my computers. Since ALL devices have to access the internet, apparently this is not doable without a VLAN aware router. (Maybe the GS108Tv2 would work as long as I use static IPs on all devices.)
I might just go ahead and try the Netgear switch...
 
Give it a try - the GS108T is a decent managed switch...

http://kb.netgear.com/24754/What-is-VLAN-Routing

http://kb.netgear.com/24755/How-do-I-configure-VLAN-Routing-on-a-smart-switch

And a third party perspective that may be related to what you would like to do

http://riceball.com/d/content/vlans-netgear-gs108t
These are great articles, thanks.
Do you now which Netgear switch is covered by Step 6 "how to I configure VLAN Routing on a smart switch"?
http://kb.netgear.com/24755/How-do-I-configure-VLAN-Routing-on-a-smart-switch

The screen shots of the Routing > IP > IP Configuration screen does not appear to be the GS108Tv2.

Thanks.
 
I would first of all like to thank the author for these 2 great articles. There are tons of general guides and manuals about VLANs these days, but those two are probably the only one that actually in details describe the actual implementation on most known consumer/SOHO switches.

I did manage to get the tagged VLANs (802.1Q) working with DHCP, mutiple switches AND VLAN-aware router - the whole shebang. However, I tried to poke around the simple setup with not vlan-aware router and no tagging and....it just didn't work :O

I basically followed this guide:
https://www.smallnetbuilder.com/lan...how-to-segment-a-small-lan-using-tagged-vlans
and my setup is following:
router<--port1-->switch<---port4-->PC
vlan1 contains all 8 ports untagged
vlan 2 contains port 1+4 untagged
port 4 PVID = vlan2


In other words, exactly, as in the guide.

1. DHCP isn't leasing me any IPs - I get APIPA
2. Even with static IP (incl. router as gateway), I cannot ping either the router itself or anything else....

All the devices are on the same subnet.

Switch is a Netgear108Tv2 with the latest firmware (5.4.2.27)


What am I doing wrong ??:(
 
I would first of all like to thank the author for these 2 great articles. There are tons of general guides and manuals about VLANs these days, but those two are probably the only one that actually in details describe the actual implementation on most known consumer/SOHO switches.

I did manage to get the tagged VLANs (802.1Q) working with DHCP, mutiple switches AND VLAN-aware router - the whole shebang. However, I tried to poke around the simple setup with not vlan-aware router and no tagging and....it just didn't work :O

I basically followed this guide:
https://www.smallnetbuilder.com/lan...how-to-segment-a-small-lan-using-tagged-vlans
and my setup is following:
router<--port1-->switch<---port4-->PC
vlan1 contains all 8 ports untagged
vlan 2 contains port 1+4 untagged
port 4 PVID = vlan2


In other words, exactly, as in the guide.

1. DHCP isn't leasing me any IPs - I get APIPA
2. Even with static IP (incl. router as gateway), I cannot ping either the router itself or anything else....

All the devices are on the same subnet.

Switch is a Netgear108Tv2 with the latest firmware (5.4.2.27)


What am I doing wrong ??:(
I'm seeing the exact same problem as you, with a Linksys LGS308. I've been told by Netgear that the GS108Tv2 should work as long as the all devices are on the same subnet and have static IPs. But apparently it does not work... but hope we can get an answer to this problem.

Example 2 in the article I believe was done with the GS108Tv1, since I could not find the setup screen, which allows for a VLAN TYPE = IEEE 802.1Q setting (vs Type = Port), in the GS108tV2 manual. I wonder if something in the firmware has changed between the GS108Tv1 vs GS108Tv2?
 
Last edited:
Hello DREID,
Is the SG200-08 firmware the same as the SG300 you are using?
I think the inter-VLAN routing problems mentioned with the above switches can be solved with the SG200-08.
Can you please confirm that?
Thanks.
 
Just learned that the SG300 can be either a L2 or L3 switch. Not the SG200.
Oh well...
 
I'm seeing the exact same problem as you, with a Linksys LGS308. I've been told by Netgear that the GS108Tv2 should work as long as the all devices are on the same subnet and have static IPs. But apparently it does not work... but hope we can get an answer to this problem.
Example 2 in the article I believe was done with the GS108Tv1, since I could not find the setup screen, which allows for a VLAN TYPE = IEEE 802.1Q setting (vs Type = Port), in the GS108tV2 manual. I wonder if something in the firmware has changed between the GS108Tv1 vs GS108Tv2?
Yes, the author mentions, that it's a GS108Tv1 switch. I just don't get it, that then means, that Netgear has just removed the portVLAN functionality in the V2 release, which just doesn't make sense, or it's just a bug they don't care to fix.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top