GS-1920 VLAN with link aggregation

otto001

Hi!

Coming from GS-1900 series, I purchased a used GS-1920 (not V2) 48 port switch.

(I still have some GS-1900 24 port switches in my house, but the "core" switch got too small with 24 ports).

However. I have the following setup on my GS-1900:

Internet coming in on (lets say) port 1 with vlan 10.

One of my servers has 4 ports with link aggregation - lets say ports 10-13.

"Normal" clients only have access to vlan 1.

The server should have access to vlan 1 and vlan 10.

I am already a little bit desperated, cause I spent several nights trying to achive this with the GS-1920 (with the GS-1900 it was pretty easy).

Could PLEASE someone tell me how to set this up with the GS-1920? As I am really a little bit desperated already it would be very kind if someone could give me instructions "for dummies"…

Best regards and thanks in advance,

Otto

Zyxel_Kay

Hi @otto001 ,

As per your previous information, the internet router is connected to Port 21, whether it's the previous switch GS1900-24 or the new switch GS1920-48, and it's not capable of handling VLANs. To enable the traffic from the internet router to be forwarded to the server, please follow these steps for Port 21:

• PVID = 10 (You can configure this setting under Advanced Application > VLAN > VLAN Configuration > VLAN Port Setup)
• For VLAN1, set it to "Normal"
• For VLAN10, configure it as a "Fixed" without TX Tagging

By configuring Port 21 as described, you'll ensure that the traffic from the internet router is correctly directed to the server.

Zyxel_Kay

Hi @otto001 ,

To better assist you, we'll need some additional information about your network setup.

1. Could you please share your network topology, specifically how the devices are interconnected? Is the DHCP server located on your router or elsewhere in the network?
   
2. Are the "Normal" clients intended to have internet access, or do they only need access to the internal network?
3. On your previous GS1900-24 Switch, did you configure the link aggregation mode as LAG (Static trunk) or LACP?

otto001

Hi!

sorry for not being too specific.

1. The idea is to have the "external router" seperated from the internal network using VLAN. So there is a opnsense VM running for routing, but the DHCP server is a different VM in the internal network. so only the opnsense VM (or the host where it is running on) should be able to access the "external router" using VLAN 10. Only the "server" should be able to access VLAN 1 and VLAN 10. For this I configured two different virtual network cards, one using VLAN 1, the other VLAN 10 on the debian/proxmox host. The "external router" (in my case a simple FritzBox for fibre channel access) should only be able to use VLAN 10.
2. The "normal clients" should only be able to access VLAN 1. Direct access to VLAN 10 should be forbidden.
3. Yes, I have been running the setup using LACP, which is working great.

Thanks in advance for your help!

Otto

Zyxel_Kay

Hi @otto001,

It would be incredibly helpful if you could provide a diagram of your network topology and share a screenshot of the VLAN and LACP configuration settings from your previous GS1900-24 switch. This will give us a clearer understanding of your setup.

Additionally, could you please specify the exact issue you're currently encountering? Are you experiencing problems with LACP on the GS1920-48, or are the "normal" client devices not receiving DHCP IP addresses and unable to access the internet?

otto001

I hope, the pictures help to clarify my situation. The "server" is spuckneu (the others are backup-servers currently turned off).

At this moment, the GS-1920 is turned off. My problem was that the clients could not even ping either the server or the server could not reach the Internet-gateway.

This is why I was asking for help "for dummies" on how to setup the GS-1920 for my situation.

Best regards and thanks in advance,

Otto

Zyxel_Kay

Hi @otto001

Thank you for providing detailed information and the network topology.

Based on the setup that you mentioned initially:

• Port 1 for the Internet: VLAN10
• Port 10-13 for Server(VM with DHCP server): VLAN1+VLAN10

Here the guidance to setup your GS1920-48:

For VLAN Configuration

1. Navigate to Advanced Application > VLAN > VLAN Configuration > Static VLAN Setup. Configure VLAN1 and VLAN10 as follows:
   • VLAN1: Set all port to Fixed without TX Tagging
   • VLAN 10: Set Port 10-13 to Fixed with TX Tagging
     
2. Ensure that all your ports have PVID set to 1.
   

For LACP Configuration (Please configure this before connecting the Ethernet cables):

1. Navigate to Advanced Application > Link Aggregation > Link Aggregation Setting. Activate Static Trunk T1 and set Port 10-13 for T1.
   
2. Activate LACP for T1 at Advanced Application > Link Aggregation > Link Aggregation Setting > LACP.
   
3. Verify the LACP status on Advanced Application > Link Aggregation.
   

(Please note that if you only need Link Aggregation (LAG) and not LACP, you can skip the settings in steps 2-3.)

By following these steps, you should be able to set up your GS1920-48 switch to match your desired network configuration.

otto001

Hi!

thanks a lot! I am on a business trip today and tomorrow, will try this tomorrow evening and let you know if it works!

Thanks again!

Best regards,

Otto

otto001

Hi!

Unfortunately this settings did not work.

I have a working LACP config:

VLAN 1 seems to work, clients can reach the Server, but the server is not able to reach the external router.

I should mention, that the servers have VLAN configured for the bridge that connects to the external router like this:

auto vmbr1
iface vmbr1 inet static
       address 10.0.0.2/24
       gateway 10.0.0.9
       bridge-ports bond0.10
       bridge-stp off
       bridge-fd 0
       bridge-vlan-aware yes
       bridge-vids 10
       post-up route del default dev vmbr1

The internet router can not handle vlan.

I played around with the tagging settings, but no success.

Do you maybe have any ideas how to proceed? I am not afraid of using the cli by the way, but I have never used it with zyxel switches…

Best regards and thanks in advance,

Otto

Zyxel_Kay

Hi @otto001 ,

Based on your previous config. for your GS1900-24, the LAG1(Port 1,8) which is connected to your internet router is inactive. To clone the setting to GS1920-48, please navigate to Advanced Application > Link Aggregation > Link Aggregation Setting and inactive your T1 on the GS1920-48.

Once T1 is inactive, the Link Aggregation Status may appear as follows:

Please be aware that configuring LACP on one end and not on the other may result in connection interruptions.

otto001

Hi,

ahm. sorry, this is my fault.

The port 1 above was just for simplicity in the example. In real the Internet-port is 21.

Port 1 and 8 are on a backup server which should be configured exactly as the main server (LAG on two ports, VLAN 1+10) - and there is even a third server for firewall backup, also the same.

Stupid /me did not mention this, sorry…

Best regards and thanks in advance,

Otto

Zyxel_Kay

Hi @otto001

To ensure we have a clear understanding of your network topology, could you please redraw the network topology diagram for both your previous GS1900-24 switch and the GS1920-48 switch, including all the port connections?

Additionally, to better understand your current GS1920-48 switch configuration and assist you more effectively, could you please collect the tech support file for the GS1920-48 and send it to us through private message? You can find this file in the web configurator under Management > Maintenance > Tech Support > All.