VLAN with non-vlan aware router
I have a GS1900 switch attached to my router on port 1 (Asus RT66U), 2 wifi access points on ports 2 and 3 (TPLINK EAP245V3) with no vlan setup. Everything works ok. My router handles DHCP and gives access to the internet to all devices connected.
I want to switch this to use VLANs so that I can better segregate from traffic physically attached to the other ports on the switch while still having the router provide DHCP/internet access.
My 2 AP's can assign vlan tags based on SSID. I would then define each of these vlans on the switch and I can then set switch ports 2 & 3 as being tagged on each of the vlans.
How do I define port 1 (where my non-vlan aware router is) so that clients can get to DHCP and internet? Is this possible?
I can think of one possible way being to connect the router to the switch multiple times - one port for each vlan labelled as untagged on switch and specifically assigned proper PVID for that vlan. However this seems very inelegant.
I want to switch this to use VLANs so that I can better segregate from traffic physically attached to the other ports on the switch while still having the router provide DHCP/internet access.
My 2 AP's can assign vlan tags based on SSID. I would then define each of these vlans on the switch and I can then set switch ports 2 & 3 as being tagged on each of the vlans.
How do I define port 1 (where my non-vlan aware router is) so that clients can get to DHCP and internet? Is this possible?
I can think of one possible way being to connect the router to the switch multiple times - one port for each vlan labelled as untagged on switch and specifically assigned proper PVID for that vlan. However this seems very inelegant.
0
All Replies
-
Hi @EdRD
Let's say you've set VLAN 20 on port 2, VLAN 30 on port 3 for the APs.
Because only one PVID can be assigned to a port, you have to either set PVID 20 or 30 for port 1 in your case, and it will end up with one VLAN working, but not others.
Workaround:
Port 1 - VLAN 20 & 30, untagged-out, PVID 20
Port 2 - VLAN 20, untagged-out, PVID 20
Port 3 - VLAN 20 & 30, untagged-out, PVID 30
Traffic from clients to router will be segregated based on different PVID.
But traffic from router to clients will be all VLAN 20, the unicast packet to port 3 will be flooded to all ports since there is no corresponded port 3 MAC address in VLAN 20.
Zyxel_Lucious0 -
BTW, this forum is for home devices, for our business model devices such as GS1900 series, you may seek our biz forum.
https://businessforum.zyxel.com/
Thanks!0 -
A tagged or trunk port is meant to carry data between VLAN aware switches and not as a means to bridge networks (this is the job of a router..TellMazzios
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 146 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight