Trunk port to other switch on GS1900-24
BrightWolf
Posts: 5 Freshman Member
VLANs on my GS1900-24 are working correctly. I have a handful of them configured and running for IoT unsecure devices, camera devices, guests and a couple of other requirements. But I was running out of ports and now acquired a second switch, a TP-Link because it had 16 ports (the 16 ports Zyxel is not on the market in The Netherlands) and 8 of them PoE+ too.
Now I want to pass two VLANs to the TP-Link: IOT and CAM, VLAN 12 and 16. When I configure the Zyxel the pass only one of them (untagged) then all is fine, for that one VLAN. But I cannot figure out how to send two VLANs, I just don't succeed in getting it to work.
My *working* config where one VLAN is working, in this case VLAN 12:
- Port: port 23: PVID 12, accepted type all, disable filtering, disable trunk
- Port: port 24: PVID 1, accepted type all, disable filtering, enable trunk
- VLAN Port VLAN 12: port 23 (tp-link) untagged, port 24 (router) tagged, all others excluded
- VLAN Port VLAN 16: port 24 tagged, all others excluded
Now VLAN 12 is passed on, devices get an IP, all fine.
This is what I have tried for two VLANs:
- Port: port 23: PVID 1, accepted type all, disable filtering, enable trunk
- Port: port 24: PVID 1, accepted type all, disable filtering, enable trunk
- VLAN Port VLAN 12: port 23 (tp-link) tagged, port 24 (router) tagged, all others excluded
- VLAN Port VLAN 16: port 23 (tp-link) tagged, port 24 (router) tagged, all others excluded
No VLANs are passed, no IPs are handed out. On the TP-link I have set 8 ports to be one the IOT and 8 ports to be on the CAM VLAN. According to the documentation, I have configured it correctly and it *is* working when the Zyxel only maps one VLAN.
I cannot find much in the documentation about this subject, not on the internet and not in the manual. In the manual I only found that the trunk is passing on all unknown ports, but when I deleted my VLANs 12 and 16, still nothing was passed on.
What am I doing wrong? How can I configure the Zyxel to pass two of my VLANs on to another switch?
Now I want to pass two VLANs to the TP-Link: IOT and CAM, VLAN 12 and 16. When I configure the Zyxel the pass only one of them (untagged) then all is fine, for that one VLAN. But I cannot figure out how to send two VLANs, I just don't succeed in getting it to work.
My *working* config where one VLAN is working, in this case VLAN 12:
- Port: port 23: PVID 12, accepted type all, disable filtering, disable trunk
- Port: port 24: PVID 1, accepted type all, disable filtering, enable trunk
- VLAN Port VLAN 12: port 23 (tp-link) untagged, port 24 (router) tagged, all others excluded
- VLAN Port VLAN 16: port 24 tagged, all others excluded
Now VLAN 12 is passed on, devices get an IP, all fine.
This is what I have tried for two VLANs:
- Port: port 23: PVID 1, accepted type all, disable filtering, enable trunk
- Port: port 24: PVID 1, accepted type all, disable filtering, enable trunk
- VLAN Port VLAN 12: port 23 (tp-link) tagged, port 24 (router) tagged, all others excluded
- VLAN Port VLAN 16: port 23 (tp-link) tagged, port 24 (router) tagged, all others excluded
No VLANs are passed, no IPs are handed out. On the TP-link I have set 8 ports to be one the IOT and 8 ports to be on the CAM VLAN. According to the documentation, I have configured it correctly and it *is* working when the Zyxel only maps one VLAN.
I cannot find much in the documentation about this subject, not on the internet and not in the manual. In the manual I only found that the trunk is passing on all unknown ports, but when I deleted my VLANs 12 and 16, still nothing was passed on.
What am I doing wrong? How can I configure the Zyxel to pass two of my VLANs on to another switch?
0
Comments
-
Took a beer, took a walk, thought a bit more. But I figured it out! Culprit was my misunderstanding of the concept of the PVID on a port. Here's how I configured it, maybe someone else might benefit:
- Port: port 23: PVID 12, accepted type all, disable filtering, disable trunk
- Port: port 24: PVID 1, accepted type all, disable filtering, disable trunk
- VLAN Port VLAN 12: port 23 (tp-link) UNtagged, port 24 (router) tagged, all others excluded
- VLAN Port VLAN 16: port 23 (tp-link) TAGGED, port 24 (router) tagged, all others excluded
Now, with this configuration I have kind of decided (I think) that my VLAN 12 has priority or at least is the default VLAN and is sent untagged to the other switch. On the other switch, I have configured the VLANs likewise (out of scope of this post) but one thing I must mention is that I have set the PVID of the port to which the Zyxel is connected to VLAN 12.
My initial understanding of the PVID was, that it sets the VLAN of devices connected to that port (which it does) but for the *uplink* port, the one that is connecting the two switches, the PVID sets the tag to be set to any untagged traffic. I still find this confusing, if you don't mind, but it is what it is. So, since I am now sending VLAN 12 untagged to the other switch, then the other switch is sending back any untagged traffic with VLAN 12 because the PVID is set as such. VLAN 16 is going back and forth tagged. Personally I would have found more logic in NOT having to set any PVID on a trunk port and having to send all traffic to a trunk "tagged", but apparently that is not the way it works. Someone decided differently, and I trust they did so for good reasons, unknown to me.
Anyway, maybe this helps someone!
0 -
Yeah, VLANS and ports can be pretty tricky sometimes,and it seems like some brands of switches are a bit more finicky than others.I try to keep my ordinary ports as specific as possible,so I tend to make them "Access ports", set for the appropriateVLAN, and then set the PVID to match that VLAN.This ensures that whatever is connected to that port,tagged, untagged, etc., will communicate only on that VLAN.If I'm dealing with multiple VLAN's back to the router,I can deal with it in one of two different ways.1.) Make a trunk port.2.) Set the untagged member to VLAN1 for my in-house stuff.3.) Add the other VLANS as tagged members.- or -1.) Make a "general" port.2.) Don't have an untagged member.3.) Add all of the VLANS as tagged members.Whichever method, the interlinking port on the switchwould need to be set the same way.I also tend to segregate my stuff, whenever practical.Sometimes for security, other times for bandwidth.For example, if I had a camera system, the majority of the trafficis going to be between the cameras and the DVR, so I would hangthe cameras and the DVR on the same (physical) switch,thereby isolating that traffic to that particular switch.Then, a single uplink to either my router or main switchto facilitate local or remote access.Other items, such as IOT, could share my main switch on one of the VLANS,so it remains isolated from my day-to-day stuff. The bandwidth is usually negligible.In some instances, I'll run multiple links between switches, and limitwhich VLANS can travel across them. Otherwise, you could end up witha single gigabit link trying to juggle your normal traffic, along with a few hundredmegabytes of data from your cameras. You just have to be careful whenspecifying the port type and VLANS that each one can handle,so you don't inadvertently form a loop. ;-)
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight