GS1910-24 VLAN Not Working

kmcontact
kmcontact Posts: 6  Freshman Member
First Comment

Hello,

Before I address my issue I would like to tell that I am not a switch specialist at all and that many of the articles listed here in the forum confused me. The switch GUI often seems to differ from SW version to version, many of the screenshots discussed here are not available on my devices. Thus I decided to directly ask my questions. Please let me know when you are missing pices of information; I'll be happy to provide it for further clarification.

I am working with GS1900-24 (Firmware V2.7) and GS1910-24 (SWV2.00 (AAAX.0)C0) switches. What I try to do is as follows:

Scenario 1: Use local GS1910-24 to strip VLAN tagging provides by a NAS

Scenario 2: Connect a GS1910-24 and a GS1900-24 using a Link Aggregation and allow VLAN 50 (and other VLANs) only to use that link.

The setup used in Scenario 1 depicts the figure below.

I first need to make port 20 aware of VLAN50. Because the NAS does the tagging I need to accept a NAS frame and forward it to the switch engine. On port 2 I then need to remove the VLAN tag when the frame leaves the switch.

The VLAN configuration menue only provides one interface shown in the next figure.

Here I set 50 as the PVID of port 20. On port 2 I add VLAN 50 to the list of allowed VLAN's und strip the tag when the data leaves the switch.

However ICMP ping shows that the connection attempt times out - all packages are lost. Assuming a wrong interpretation of the switch online help I got a little desperate and also tried:

None of the above settings strip the VLAN ID - leaving me at a loss.

Regarding Scenario 2 I have the following setup:

The challenge is the same. Transport VLAN 50 NAS2 packets on GS1900-24 to GS1910-24 using the aggregated link with the VLAN trunk and next allow the PC on GS1910-Gi2 to connect to NAS2 (and NAS1 of course).

First I setup a static link aggregation on GS1910

and next on the GS1900-24

Both switches can ICMP ping each other and I am able to open the swich's web interface; thus L2 connectivity seems to be o.k..

Next I defined VLAN 50.

Then I assigned VLAN 50 to port 8 (NAS 2 port) and ports 23, 24 (aggregated link)

Back on the GS1910 I tried

Anyhow, whatever I try I am unable to connect to NAS 1 or 2 using the PC. Thus I assume that the VLAN is not transported through the aggregated link or that I am missing something. Also I assume that my VLAN configuration is missing something. Unfortunately I cannot arp -a on the switch in order to identify configuration issues.

Can some please lend me a hand.

Regards

Martin

All Replies

  • PeterUK
    PeterUK Posts: 3,443  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited November 27

    Can't say I understand GS1910-24 VLAN setup the GS1900-24 I get if you try Scenario 1 with GS1900-24  you likely get it right.

    for Scenario 1 with the GS1910-24 maybe have port 2 port VLAN as 50

  • kmcontact
    kmcontact Posts: 6  Freshman Member
    First Comment

    Peter, thank you for your fast reply. Just tried it - does not make any difference.

    Thank you

  • PeterUK
    PeterUK Posts: 3,443  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    How is the NAS setup with tag VLAN and IP ? you sure its a tag ?

  • kmcontact
    kmcontact Posts: 6  Freshman Member
    First Comment

    The NAS is a Synology device supporting 802.1Q. This is a four byte tag inserted by the switch just in front of the Ethernet tag. The NAS network config consists of an IP, Netmask, default GW, a DNS spec and the VLAN ID (50).

  • PeterUK
    PeterUK Posts: 3,443  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited November 27

    So with the GS1900-24 for Scenario 1 what should work is

    port 2 VID 50

    VLAN50 port 2 untag port 20 tag

    PC on port 2 can connect to NAS on port 20

  • Zyxel_Kay
    Zyxel_Kay Posts: 1,170  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - WLAN Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security

    Hi @kmcontact

    Let’s address your concerns step by step.

    Scenario 1

    From the topology you shared, we’re unable to determine if there is a router present in your network setup. Could you please confirm if there is one?

    Additionally, could you share the IP address configuration of your PC? Specifically:

    • Is it in the same subnet as your NAS1?

    If yes, the adjustments suggested by @PeterUK should work. To clarify:

    1. Port 20: Tagged for VLAN 50 (to receive traffic from the NAS with VLAN tagging).
    2. Port 2: Untagged for VLAN 50 (to strip the VLAN tag for your PC).
    3. Set the PVID of Port 2 to VLAN 50 to ensure untagged traffic is associated with the correct VLAN.

    If this configuration doesn’t resolve the issue, please let us know.

    Scenario 2

    To troubleshoot the aggregated link:

    1. Please confirm the type of link aggregation you are using:
      • Static LAG or
      • LACP (Link Aggregation Control Protocol).
      For static LAG, ensure both switches are configured identically. For LACP, both devices must also have LACP enabled.
    2. Assign VLAN settings to the LAG group rather than individual ports. Since ports 23 and 24 on the GS1900-24 are part of LAG1, VLAN 50 should be applied to LAG1 instead of the physical ports.

    Additional Resources

    To better understand link aggregation and VLAN configurations, we recommend the following guides:

    Let us know if you need further assistance or if you encounter any additional issues.

    Kay

    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

  • kmcontact
    kmcontact Posts: 6  Freshman Member
    First Comment

    HelloPeter, Hello Kay,

    Today I am on a customers site and unable to work on the HS19xx configuration. Tomorrow I will continue and provide you with the results of your suggestions.

    Thank you very much

    Martin

  • kmcontact
    kmcontact Posts: 6  Freshman Member
    First Comment

    Hello Peter, hello Kay,

    Sorry about my late response…

    Regarding to Kay's request what follows is a brief description of my LAB setup.

    We have the two switches GS1910 (192.168.10.2) and GS1900 (192.168.10.16) hosting the VLAN 50 (192.168.50.0/24). A PC2 (192.168.50.10) connects to the GS1910 and a second PC1 (192.168.10.10) connects to the GS1900. As PC2 resides in VLAN50 all devices member of VLAN50 (192.168.50.0/24) should be visible. So I would expect to see NAS1 and NAS2.

    From the PC1 point of view things are different because the PC1 is a member of the 192.1687.10.0/24 network. Routing device connecting VLAN50 with the 192.168.10.0/24 net is a firewall (FW). This FW comes with physical interfaces like LAN1 and LAN2. LAN1 connects to the 192.168.10.1, so the FW acts as the 19.168.10.0/24 default gateway. LAN2 also connects to the GS1900 switch . On the FW I set up a virtual interface on LAN2 representing VLAN50. IP's are: VLAN50_IF: 192.168.50.1, VLAN50_Net: 192.168.50.0/24.

    When implementing FW rules the FW automatically adds the required routes:

    Route 8 is the default route and route 9 provides the interface to the remaining networks. "all-nets" simply means 0.0.0.0. So one should be able to connect to LAN1 devices via route 9. The policies are:

    "DiskStation"s is a logical IP group containing the two NAS IPs (192.168.50.2 and 192.168.50.3). The rule "all_tcpudpicmp" basically is an any to any rule allowing all tcp and udp traffic on ports 1-65535 and ICMP.

    VLAN50-2-LAN1 is the corresponding any to any rule into the reverse direction.

    We should get scenario 1 working when using both switches with a PC in VLAN50 network.

    Once this scrnario is o.k. I will cope with the interface between networks.

    Have a nice weekend and please accept my apologies for the very late response.

    Martin

  • PeterUK
    PeterUK Posts: 3,443  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    So everything should be working? PC2 can go to NAS1 and NAS2 with PC1 goes by firewall gateway to get to NAS 1 and NAS2

    If your looking to have PC1 go to NAS without going by the firewall gateway then there are two other ways

    One is that you get a L3 switch which PC1 can route to it as gateway to go the NAS that also connect to the switch as a gateway.

    The other is have PC1 have VLAN and untag networks by like Hyper-V Virtual Ethernet in windows so it can get to VLAN 50 without a gateway and untag as 192.168.10.10 with gateway