How do I "split" GS1900-24 into 2 different IP Ranges?
Freshman Member
Hi,
Not sure if I am over thinking this but I have just received a GS1900-24 and wish to use ports 9-16 in a different IP range
I have a Sophos XG Firewall DHCP server which has 2 networks
1 - 192.168.0.* I would like these to be ports 1-8, 17-24, 25
2 - 192.168.1.* I would like these to be ports 9-16
So do I need a VLAN to do this? (It is not what I though a VLAN was?)
I have never setup a VLAN nor a managed switch hence why I am finding this tricky, I looked at the VLAN settings and probably think this is what I need but then there were ID's and tagged/untagged to think about! (no idea!) is there a guide for 5 year olds or can anyone push me in the right direction please?
Many Thanks in advance!
Not sure if I am over thinking this but I have just received a GS1900-24 and wish to use ports 9-16 in a different IP range
I have a Sophos XG Firewall DHCP server which has 2 networks
1 - 192.168.0.* I would like these to be ports 1-8, 17-24, 25
2 - 192.168.1.* I would like these to be ports 9-16
So do I need a VLAN to do this? (It is not what I though a VLAN was?)
I have never setup a VLAN nor a managed switch hence why I am finding this tricky, I looked at the VLAN settings and probably think this is what I need but then there were ID's and tagged/untagged to think about! (no idea!) is there a guide for 5 year olds or can anyone push me in the right direction please?
Many Thanks in advance!
0
All Replies
-
Hi @mbc0
Welcome to Zyxel community!
Let's say you connect GS1900's port 24 (uplink port) to your Firewall (DHCP server), and other ports are for clients to get DHCP including 192.168.0.x and 192.168.1.x.
On Firewall:
Set VLAN 100 and 101 for DHCP server of the two networks, and both VLAN tagged-out the port connecting to GS1900.
On GS1900:
1. Create VLAN 100 & 101.
2. VLAN100: Untagged port 1-8, 17-23, and Tagged port 24.
3. VLAN 101: Untagged port 9-16, and Tagged port 24.
4. Set PVID 100 for port 1-8, 17-23, and PVID 101 for port 9-16.
Following this configuration, port 24 is uplink port of VLAN 100 & VLAN 101.
Clients on port 1-8, 17-23 can get DHCP 192.168.0.x via VLAN 100.
Clients on port 9-16 can get DHCP 192.168.1.x via VLAN 101.
Zyxel_Lucious0 -
Many Many thanks for this incredibly detailed response! I really appreciate it! :-) Sorry it has taken me so long to reply but work has prevented me from attempting this.Zyxel_Lucious said:Hi @mbc0
Welcome to Zyxel community!
Let's say you connect GS1900's port 24 (uplink port) to your Firewall (DHCP server), and other ports are for clients to get DHCP including 192.168.0.x and 192.168.1.x.
On Firewall:
Set VLAN 100 and 101 for DHCP server of the two networks, and both VLAN tagged-out the port connecting to GS1900.
On GS1900:
1. Create VLAN 100 & 101.
2. VLAN100: Untagged port 1-8, 17-23, and Tagged port 24.
3. VLAN 101: Untagged port 9-16, and Tagged port 24.
4. Set PVID 100 for port 1-8, 17-23, and PVID 101 for port 9-16.
Following this configuration, port 24 is uplink port of VLAN 100 & VLAN 101.
Clients on port 1-8, 17-23 can get DHCP 192.168.0.x via VLAN 100.
Clients on port 9-16 can get DHCP 192.168.1.x via VLAN 101.
Zyxel_Lucious
I am 90% there now I think, Sophos I believe may be my stumbling block at the moment as I have had some strange results which I am trying to understand.
I just have one question regarding your example config if that is ok
you say to use port 24 as the uplink for both networks but my server has 4 network ports and the point for the VLANS is to reduce the load on the first port (192.168.0.*) so would I be better to have 2 uplinks? 1 for 192.168.0.* and another for 192.168.1.*
Many Thanks0 -
My end-goal has changed slightly to
ports 1-8,26 (192.168.0.*) tagged port 23 for uplink
ports 9-16 (192.168.1.*) tagged port 24 for uplink
ports 17-22 (standard dumb switch ports)
Currently if I connect anything to ports 1-8 I get the correct IP but no internet (I think this is a sophos issue)
If I connect anything to ports 9-16 I do not get an IP (192.168.1.*) I just get a random 189.*.*.*
Ports 17-22 are working as expected though! (this is why I left them unmodified so I can work on these issues without effecting the whole network)
0 -
Hi @mbc0
The switch's config seems fine on VLAN100&101, how about PVID?
100 for ports 1-8,26?
101 for port 9-16?Currently if I connect anything to ports 1-8 I get the correct IP but no internet (I think this is a sophos issue)This means L2 traffic forwarding is basically correct, you should check on router setting instead.If I connect anything to ports 9-16 I do not get an IP (192.168.1.*) I just get a random 189.*.*.*Seems 192.168.1.x is shared by both Port3 and VLAN 101 interface, maybe it incorrectly gets port3's default VLAN (VLAN 1).
Or is there other rogue DHCP server in your network?
Zyxel_Lucious
0
Zyxel Employee
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 149 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 264 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 41 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight
