Create simple VLAN config between GS1200 and GS1900

Momro

Hi everyone,

I would like to set up a small guest VLAN with a very limited amount of network devices. I have spent quite a few hours to read myself into VLANs and how that technology is to be implemented, so please bear with my noobish question. I know how difficult it can be to read a beginner's question, so I will try my best to explain myself in as much detail as possible so you don't have to do the guessing work ;-)

I have a GS1900-24 running in the basement and just bought a GS1200-5 which is supposed to handle 2 devices in internal network and 2 devices in guest network. All devices are VLAN-unaware (simple routers and notebooks)

I am currently not using any VLAN internally, so I suppose everything is running on something like VLAN1. I would then create a guest VLAN on 10.

Configuring the GS1900-24:

Port 23 as PVID 10, connect to guest internet router. In VLAN port config, I would set VLAN 1 as forbidden and 10 as untagged.

Port 24 as trunk port, connect to GS1200 on port 1. No PVID configured. VLAN port config to "tagged" for VLAN 1 and 10.

Port 1-22 all as PVID 1, connected to all kinds of devices :-D (i.e. firewall etc.) VLAN 10 would be forbidden, VLAN 1 untagged. (default state)

Go on to GS1200:

Port 1 (connected to the GS1900) as tagged egress member for VLANs 1 and 10. (weird it does not use "trunk"). No PVID configured

Port 2 and 3 as untagged egress member for VLAN 1. PVID for both ports to 1. VLAN10 is non-member.

Port 4 and 5 as untagged egress members for VLAN 10. PVID for both ports to 10. VLAN1 is non-member.

Do you think that would be the correct setup?

I would really appreciate your support and help :-)

Xydocq

hello @Momro

PVID specifies the native VLAN (untagged VLAN) for a Port, so all your Ports that use VLAN1 need to have PVID set to VLAN1 no matter if it is a trunk or access Port.

Only Port 24 on GS1900-24 and Port 1 on GS1200-5 need VLAN10 tagged.

You should be fine with everything else.

Zyxel_Melen

Hi @Momro,

Your configurations are correct. In addition, the switch-connected ports can be VLAN 1 untagged members since the PVID is 1 by default. (I assume "No PVID configured" means the PVID is 1 as default) In my experience, I will not change to a tagged member, although it also works.