XGS1250-12, router-on-a-stick, and VLAN trunking

ObliteRon
ObliteRon Posts: 3
I recently purchased the XGS1250-12 and need some help with configuring VLANs.

In short, I have a cable modem with a single multi-gig Ethernet port, which I plan to connect to port 10 on the XGS1250-12.
Then, I have a connection between port 11 and a router, that will be configured as a router-on-a-stick, to NAT Internet traffic for my LAN back to the XGS1250-12's remaining ports.

I created VLAN 100 on the XGS1250-12. Because the cable modem doesn't know anything about VLANs, I set PVID on port 10 to 100. Correct?
What else must be done on the XGS? I believe port 11 needs to be configured as a trunk port, but I don't know how that is done.
Anything else I'm missing, as far as the switch-side is concerned?

All Replies

  • Zyxel_Adam
    Zyxel_Adam Posts: 134  Zyxel Employee
    Hi @ObliteRon,

    Welcome to Zyxel Community.

    I will help you to answer your question one by one:
    I created VLAN 100 on the XGS1250-12. Because the cable modem doesn't know anything about VLANs, I set PVID on port 10 to 100. Correct?
    For configuring the VLAN and PVID to port 10 of XGS1250-12 is correct.

     I have a connection between port 11 and a router, that will be configured as a router-on-a-stick, to NAT Internet traffic for my LAN back to the XGS1250-12's remaining ports.
    Do you mean that when the traffic from XGS1250 goes to the "router" to do NAT, and the traffic will back to the XGS1250 via the same cable then goes to the Internet via your modem? If it's the case, we suggest you to separate the WAN and LAN traffic between router and XGS1250 by connecting one more cable and assign different VLAN ID for them.

    Please correct me if I am wrong on your scenario.
    Adam
  • ObliteRon
    ObliteRon Posts: 3
     I have a connection between port 11 and a router, that will be configured as a router-on-a-stick, to NAT Internet traffic for my LAN back to the XGS1250-12's remaining ports.
    Do you mean that when the traffic from XGS1250 goes to the "router" to do NAT, and the traffic will back to the XGS1250 via the same cable then goes to the Internet via your modem? If it's the case, we suggest you to separate the WAN and LAN traffic between router and XGS1250 by connecting one more cable and assign different VLAN ID for them.

    Please correct me if I am wrong on your scenario.
    Yes, I agree it would be easier if I had two connections between the router and the XGS1250, however my router only has a single SFP+ connection, plus 8 GbE connections, and I want to be able to utilize >1GbE  Internet service. Hence, why I need to use the single connection.
  • Zyxel_Adam
    Zyxel_Adam Posts: 134  Zyxel Employee
    @ObliteRon

    Thanks for your reply.

    Now I understand the reason for only connecting singe link from switch to router.
    If you would like to implement this scenario, you may check if your router is able to assign multiple VLANs on the same port and give each VLAN a subnet. 

    For our switch, it needs to create VLANs and tagged all VLANs for port 11.
    Adam
  • ObliteRon
    ObliteRon Posts: 3
    edited May 5
    @Nebula_Adam

    Is it enough to have VLAN1 for my LAN traffic and VLAN100 for the Internet/cable modem? Or do I need a third VLAN?

    And then, how exactly should I set each port on the VLAN settings page of the XGS1250-12? I see for each port and each VLAN, I can set Non-Member, Tag Egress Member, and Untag Egress Member.
  • Zyxel_Adam
    Zyxel_Adam Posts: 134  Zyxel Employee
    edited May 6
    @ObliteRon,

    Is it enough to have VLAN1 for my LAN traffic and VLAN100 for the Internet/cable modem? Or do I need a third VLAN?
    For VLAN 1, it depends on if you need to separate your LAN traffic or not. For instance, split the traffic of voice and data on LAN.  The VLAN 100 between switch and modem will not be an issue.

    how exactly should I set each port on the VLAN settings page of the XGS1250-12? I see for each port and each VLAN, I can set Non-Member, Tag Egress Member, and Untag Egress Membe
    As you can see these 3 members are differentiate by color. 

    • non-member is to forbidden traffic on a VLAN.
    • Tag Egress Member is to make a port tagged out.
    • Untag Egress Member is to make a port untagged out
    I tried to make an example that may regarding to your scenario if you would like to separate LAN 1 and LAN2.

    Adam