How to configure the switch to separate traffic between departments using VLAN? (V4.80 version)

Zyxel_Melen
Zyxel_Melen Posts: 2,637  Zyxel Employee
Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate
in Port & VLAN settings

The example shows administrators how to set up the switch to make separate traffic between departments. Using Static VLAN, hosts accessing the same VLAN will only be able to communicate with hosts accessing the same VLAN.

image.png

Note:

All network IP addresses and subnet masks are used as examples in this article. Please replace them with your actual network IP addresses and subnet masks. This example was tested using XGS2220-30.

Configure Switch-1

  1. Use AdministratorPC to set VLAN 1 in Switch-1: Port 1, 2 as Normal port. (Prevent VLAN 1 broadcast packets to port 1, 2). Enter the web GUI and go to Menu > Switching > VLAN > VLAN Setup > Static VLAN > Select VID 1 > Add/Edit. Select port 1, 2 as Normal. Click “Apply”.
    image.png
  2. Use AdministratorPC to create VLAN 10 in Switch-1: Enter the web GUI and go to Menu > Switching > VLAN > VLAN Setup > Static VLAN > Add/Edit. Enable the Active setting. Type the Name and VLAN Group ID=10. Select port 1, 5 as Fixed and uncheck Tx Tagging (Untagged) on port 1 and check Tx Tagging (Tagged) on port 5. Click “Apply”.
    image.png
  3. Use AdministratorPC to create VLAN 20 in Switch-1: Enter the web GUI and go to Menu > Switching > VLAN > VLAN Setup > Static VLAN > Add/Edit. Enable the Active setting. Type the Name and VLAN Group ID=20. Select port 2, 5 as Fixed and uncheck Tx Tagging (Untagged) on port 2 and check Tx Tagging (tagged) on port 5. Click “Apply”.
    image.png
  4. Set the PVID on Switch-1: Go to Menu > Switching > VLAN > VLAN Setup > VLAN Port Setup. Set port 1 as PVID=10 (VLAN 10) and port 2 as PVID=20 (VLAN 20).
    image.png

Configure Switch-2

  1. Use AdministratorPC to set VLAN 1 in Switch-2: Port 3, 4 as Normal port (this prevents VLAN 1 from broadcasting packets to port 3, 4). Enter the web GUI and go to Menu > Switching > VLAN > VLAN Setup > Static VLAN > Select VID 1 > Add/Edit. Select port 3, 4 as Normal. Click “Apply”.
    image.png
  2. Use AdministratorPC to create VLAN 10 in Switch-2. Enter the web GUI and go to Menu > Switching > VLAN > VLAN Setup > Static VLAN > Add/Edit. Enable the Active setting. Type the Name and VLAN Group ID=10. Select port 3, 5 as Fixed and uncheck Tx Tagging (Untagged) on port 3 and check Tx Tagging (tagged) on port 5. Click “Apply”.
    image.png
  3. Use AdministratorPC to create VLAN 20 in Switch-2. Enter the web GUI and go to Menu > Switching > VLAN > VLAN Setup > Static VLAN > Add/Edit. Enable the Active setting. Type the Name and VLAN Group ID=20. Select port 4, 5 as Fixed and uncheck Tx Tagging (Untagged) on port 4 and check Tx Tagging (tagged) on port 5. Click “Apply”.
    image.png
  4. Set the PVID on Switch-2: Go to Menu > Switching > VLAN > VLAN Setup > VLAN Port Setup. Set port 3as PVID=10 (VLAN 10) and port 4 as PVID=20.
    image.png

The test Result

  1. The PC in the same VLAN can ping each other. PC-1 can ping PC-3 successfully, but PC-1 cannot ping PC-2.
    image.png
    image.png
  2. PC-2 can ping PC-4 successfully, but PC-2 cannot ping PC-3.
    image.png
    image.png

Zyxel Melen


Categories

Switch FAQ Tag

EnglishTiếng ViệtРусскийไทย中文(台灣)