How do I "split" GS1900-24 into 2 different IP Ranges?

mbc0
mbc0 Posts: 5
First Comment Friend Collector Second Anniversary
edited August 26 in Switch
Hi,

Not sure if I am over thinking this but I have just received a GS1900-24 and wish to use ports 9-16 in a different IP range

I have a Sophos XG Firewall DHCP server which has 2 networks

1 - 192.168.0.* I would like these to be ports 1-8, 17-24, 25
2 - 192.168.1.* I would like these to be ports 9-16

So do I need a VLAN to do this? (It is not what I though a VLAN was?) 

I have never setup a VLAN nor a managed switch hence why I am finding this tricky, I looked at the VLAN settings and probably think this is what I need but then there were ID's and tagged/untagged to think about! (no idea!) is there a guide for 5 year olds or can anyone push me in the right direction please?

Many Thanks in advance!

All Replies

  • Zyxel小編 Lucious
    Zyxel小編 Lucious Posts: 279
    25 Answers First Comment Friend Collector Third Anniversary
     Zyxel Employee
    edited May 2020
    Hi @mbc0

    Welcome to Zyxel community!

    Let's say you connect GS1900's port 24 (uplink port) to your Firewall (DHCP server), and other ports are for clients to get DHCP including 192.168.0.x and 192.168.1.x.

    On Firewall:
    Set VLAN 100 and 101 for DHCP server of the two networks, and both VLAN tagged-out the port connecting to GS1900.

    On GS1900:
    1. Create VLAN 100 & 101.

    2. VLAN100: Untagged port 1-8, 17-23, and Tagged port 24.

    3. VLAN 101: Untagged port 9-16, and Tagged port 24.


    4. Set PVID 100 for port 1-8, 17-23, and PVID 101 for port 9-16.


    Following this configuration, port 24 is uplink port of VLAN 100 & VLAN 101.
    Clients on port 1-8, 17-23 can get DHCP 192.168.0.x via VLAN 100.
    Clients on port 9-16 can get DHCP 192.168.1.x via VLAN 101.

    Zyxel_Lucious
  • mbc0
    mbc0 Posts: 5
    First Comment Friend Collector Second Anniversary
    Hi @mbc0

    Welcome to Zyxel community!

    Let's say you connect GS1900's port 24 (uplink port) to your Firewall (DHCP server), and other ports are for clients to get DHCP including 192.168.0.x and 192.168.1.x.

    On Firewall:
    Set VLAN 100 and 101 for DHCP server of the two networks, and both VLAN tagged-out the port connecting to GS1900.

    On GS1900:
    1. Create VLAN 100 & 101.

    2. VLAN100: Untagged port 1-8, 17-23, and Tagged port 24.

    3. VLAN 101: Untagged port 9-16, and Tagged port 24.


    4. Set PVID 100 for port 1-8, 17-23, and PVID 101 for port 9-16.


    Following this configuration, port 24 is uplink port of VLAN 100 & VLAN 101.
    Clients on port 1-8, 17-23 can get DHCP 192.168.0.x via VLAN 100.
    Clients on port 9-16 can get DHCP 192.168.1.x via VLAN 101.

    Zyxel_Lucious
    Many Many thanks for this incredibly detailed response! I really appreciate it! :-) Sorry it has taken me so long to reply but work has prevented me from attempting this.

    I am 90% there now I think, Sophos I believe may be my stumbling block at the moment as I have had some strange results which I am trying to understand.  

    I just have one question regarding your example config if that is ok

    you say to use port 24 as the uplink for both networks but my server has 4 network ports and the point for the VLANS is to reduce the load on the first port (192.168.0.*) so would I be better to have 2 uplinks? 1 for 192.168.0.* and another for 192.168.1.* 

    Many Thanks
  • mbc0
    mbc0 Posts: 5
    First Comment Friend Collector Second Anniversary
    My end-goal has changed slightly to 

    ports 1-8,26 (192.168.0.*) tagged port 23 for uplink
    ports 9-16 (192.168.1.*) tagged port 24 for uplink
    ports 17-22 (standard dumb switch ports)

    Currently if I connect anything to ports 1-8 I get the correct IP but no internet (I think this is a sophos issue)

    If I connect anything to ports 9-16 I do not get an IP (192.168.1.*) I just get a random 189.*.*.*

    Ports 17-22 are working as expected though! (this is why I left them unmodified so I can work on these issues without effecting the whole network)









  • Zyxel小編 Lucious
    Zyxel小編 Lucious Posts: 279
    25 Answers First Comment Friend Collector Third Anniversary
     Zyxel Employee
    Hi @mbc0

    The switch's config seems fine on VLAN100&101, how about PVID?
    100 for ports 1-8,26? 
    101 for port 9-16?

    Currently if I connect anything to ports 1-8 I get the correct IP but no internet (I think this is a sophos issue)
    This means L2 traffic forwarding is basically correct, you should check on router setting instead.
    If I connect anything to ports 9-16 I do not get an IP (192.168.1.*) I just get a random 189.*.*.*



    Seems 192.168.1.x is shared by both Port3 and VLAN 101 interface, maybe it incorrectly gets port3's default VLAN (VLAN 1).
    Or is there other rogue DHCP server in your network?

    Zyxel_Lucious