VLAN with non-vlan aware router

EdRD
EdRD Posts: 1
edited August 2022 in Switch
I have a GS1900 switch attached to my router on port 1 (Asus RT66U),  2 wifi access points on ports 2 and 3 (TPLINK EAP245V3) with no vlan setup.  Everything works ok.  My router handles DHCP and gives access to the internet to all devices connected.

I want to switch this to use VLANs so that I can better segregate from traffic physically attached to the other ports on the switch while still having the router provide DHCP/internet access.

My 2 AP's can assign vlan tags based on SSID.  I would then define each of these vlans on the switch and I can then set switch ports 2 & 3 as being tagged on each of the vlans.

How do I define port 1 (where my non-vlan aware router is) so that clients can get to DHCP and internet?  Is this possible?

I can think of one possible way being to connect the router to the switch multiple times - one port for each vlan labelled as untagged on switch and specifically assigned proper PVID for that vlan.  However this seems very inelegant.

All Replies

  • Zyxel小編 Lucious
    Zyxel小編 Lucious Posts: 278  Zyxel Employee
    25 Answers First Comment Friend Collector Third Anniversary
    edited April 2020
    Hi @EdRD

    Let's say you've set VLAN 20 on port 2, VLAN 30 on port 3 for the APs.
    Because only one PVID can be assigned to a port, you have to either set PVID 20 or 30 for port 1 in your case, and it will end up with one VLAN working, but not others.

    Workaround:

    Port 1 - VLAN 20 & 30, untagged-out, PVID 20
    Port 2 - VLAN 20, untagged-out, PVID 20
    Port 3 - VLAN 20 & 30, untagged-out, PVID 30

    Traffic from clients to router will be segregated based on different PVID.
    But traffic from router to clients will be all VLAN 20, the unicast packet to port 3 will be flooded to all ports since there is no corresponded port 3 MAC address in VLAN 20.

    Zyxel_Lucious
  • Zyxel小編 Lucious
    Zyxel小編 Lucious Posts: 278  Zyxel Employee
    25 Answers First Comment Friend Collector Third Anniversary
    BTW, this forum is for home devices, for our business model devices such as GS1900 series, you may seek our biz forum.
    https://businessforum.zyxel.com/

    Thanks!
  • A tagged or trunk port is meant to carry data between VLAN aware switches and not as a means to bridge networks (this is the job of a router..TellMazzios