VLAN with non-vlan aware router
I have a GS1900 switch attached to my router on port 1 (Asus RT66U), 2 wifi access points on ports 2 and 3 (TPLINK EAP245V3) with no vlan setup. Everything works ok. My router handles DHCP and gives access to the internet to all devices connected.
I want to switch this to use VLANs so that I can better segregate from traffic physically attached to the other ports on the switch while still having the router provide DHCP/internet access.
My 2 AP's can assign vlan tags based on SSID. I would then define each of these vlans on the switch and I can then set switch ports 2 & 3 as being tagged on each of the vlans.
How do I define port 1 (where my non-vlan aware router is) so that clients can get to DHCP and internet? Is this possible?
I can think of one possible way being to connect the router to the switch multiple times - one port for each vlan labelled as untagged on switch and specifically assigned proper PVID for that vlan. However this seems very inelegant.
I want to switch this to use VLANs so that I can better segregate from traffic physically attached to the other ports on the switch while still having the router provide DHCP/internet access.
My 2 AP's can assign vlan tags based on SSID. I would then define each of these vlans on the switch and I can then set switch ports 2 & 3 as being tagged on each of the vlans.
How do I define port 1 (where my non-vlan aware router is) so that clients can get to DHCP and internet? Is this possible?
I can think of one possible way being to connect the router to the switch multiple times - one port for each vlan labelled as untagged on switch and specifically assigned proper PVID for that vlan. However this seems very inelegant.
0
All Replies
-
Hi @EdRD
Let's say you've set VLAN 20 on port 2, VLAN 30 on port 3 for the APs.
Because only one PVID can be assigned to a port, you have to either set PVID 20 or 30 for port 1 in your case, and it will end up with one VLAN working, but not others.
Workaround:
Port 1 - VLAN 20 & 30, untagged-out, PVID 20
Port 2 - VLAN 20, untagged-out, PVID 20
Port 3 - VLAN 20 & 30, untagged-out, PVID 30
Traffic from clients to router will be segregated based on different PVID.
But traffic from router to clients will be all VLAN 20, the unicast packet to port 3 will be flooded to all ports since there is no corresponded port 3 MAC address in VLAN 20.
Zyxel_Lucious0 -
BTW, this forum is for home devices, for our business model devices such as GS1900 series, you may seek our biz forum.
https://businessforum.zyxel.com/
Thanks!0 -
A tagged or trunk port is meant to carry data between VLAN aware switches and not as a means to bridge networks (this is the job of a router..TellMazzios
0
Categories
- All Categories
- 347 Beta Program
- 2.1K Nebula
- 115 Nebula Ideas
- 77 Nebula Status and Incidents
- 5K Security
- 44 USG FLEX H Series
- 246 Security Ideas
- 1.2K Switch
- 64 Switch Ideas
- 900 WirelessLAN
- 33 WLAN Ideas
- 5.8K Consumer Product
- 204 Service & License
- 326 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.8K FAQ
- 832 Nebula FAQ
- 402 Security FAQ
- 219 Switch FAQ
- 190 WirelessLAN FAQ
- 45 Consumer Product FAQ
- 136 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 71 About Community
- 61 Security Highlight