partially working VLANs & Trunk using GS1920-24HP

RandomIntern
RandomIntern Posts: 4
Friend Collector
edited August 2022 in Switch
Hi there !
First of all, I'm new to Zyxel forum. I don't really know if it's the right place to ask my questions, so please redirect me if I'm mistaking. Also I'm not a native speaker, I may not understand some vocabulary. Sorry for my poor English.

Here's the context...
I'm currently doing a 3-months internship in networks and telecommunications, during which a project was given to me. Among these project's tasks, I have to configure a Zyxel GS1920-24HP with 3 VLANs and some Trunk ports:
-VLAN 1: data (PCs and such)
-VLAN 10: voip (Hardphones and PBX)
-VLAN 20: video (Cameras mainly)
-Trunk ports are ports 25 to 28, and in my opinion should access all 3 VLANs.

I was told that Cameras will sometimes need both video and data VLANs in order to work. So, what I have right now is:

ports 1 to 4 : Untagged VLAN voip
ports 5 to 16: Tagged VLAN video, Untagged VLAN data
ports 17 to 24: Untagged VLAN data
ports 25 to 28: Untagged VLAN data, Tagged VLANs voip and video

I wanted to do untagged only but if I understood correctly, we can't have more than 1 Untagged VLAN per port. Or can we ?

I think my VLANs are working just fine: I can ping a device from another when they're both on the same VLAN but not when they're on 2 different ones.

But my issue is that my coworker asked me to be able to put a PBX on a trunk port so that he can access both the Internet (connected on trunk port 25) and VLAN voip.
I just tried to put the PBX on trunk port 26 and an IP phone on VLAN voip but it can't reach the PBX ("No tftp response"). It's been a few days since I'm on it, without success.

My first question is, why should I put a PBX on a trunk ? Isn't a trunk port only used to link a switch to another one or to a router ?

Second question: How can I do so ? I don't understand where my mistakes are.
I mean, I really thought what I did was correct, now I'm kind of lost.
Shouldn't VLANs 1, 10 and 20 access the Internet already, given that the switch is connected to it on trunk port 25 ?

I'm kind of new to VLANs. I did some in class but only on console mode on Cisco devices and I find it so much different. For exemple, we don't have to give any network nor gateway to our VLANs in order for them to operate.

some friend told me to either put a gateway to the Internet on my VLAN voip, or give an IP address from my VLAN data (But as I said, I can't manage to configure VLANs networks/Gateways) to my PBX via the gateway and another IP address from the VLAN voip... I won't lie to you, I didn't get at all what he meant in his second solution. Any idea ?


Thank you for your help, and sorry for my potential mistakes and my disastrous page layout. Have a great day !

Best regards.
A random intern.


EDIT: My coworker just gave me the solution... I used the Trunk port which has tagged VLAN voip on it whereas the VLAN voip ports are Untagged. I thought they were independant, kind of. I just had to switch the VLAN voip ports into Tagged and everything worked.

But he didn't answer my previous questions, and I got a few more now...

I wanted to do untagged voip because it was more convenient in my opinion. But with this solution I was given, I can't have differents untagged VLANs because of the trunk ports which can't have more than 1 untagged VLAN at a time, can I ? I don't know if I made myself clear, sorry about that.

Or is it possible to have more than 1 untagged VLAN on the same port ?

Thank you again.
sincerely,
A random intern.

Best Answers

  • mMontana
    mMontana Posts: 1,298  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited April 2021 Answer ✓
    AFAIK...
    multiple tagged vLANS
    or
    1 untagged vLANS and multiple tagged vLANS

    Otherwise switches would not know to which "untagged vLan" forward pacakges of not-tagged devices.
    If you need to vehicle more untagged vLANS accross a port, you have to convert into untagged into other devices which will receive tagged vLANS.

    Example:
    on the PoE Switch you have not-vLan-capable phones and IPCams.
    PoE switch is connected to a Core/Distribution switch, where there are not-vLan capable NVR and VoIP PBX.

    PoE Switch ports:
    1 untagged vLan 10 (Phone)
    2 untagged vLan 10 (Phone #2)
    3 untagged vLan 20 (IPCam)
    4 untagged vLan 20 (IPCam)
    ....
    8 tagged vLAN 10 and 20 (uplink to the Core/Distribution)

    Core/distribution switch ports
    26 tagged vLAN 10 and 20 (uplink to PoE switch)
    24 untagged vLan 10 (PBX)
    23 untagged vLan 20 (NVR)

    If your devices are vLan capable, the "phisical" connection is less important than the vLan connection, which will use the ethernet port, but it will connect to the virtual LAN Adapter (vLan adapter).

    Hope that my explanation will be simple and corregt enough.

  • Zyxel_Jonas
    Zyxel_Jonas Posts: 313  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓
    Hi @RandomIntern,

    Will the trunk ports be able to communicate with those other ports via VLAN 10 and vice versa ?
    Yes, because trunk port is the member of VLAN 10, so trunk port will send (TX) tagged VLAN 10.
    ReminderYou'll need a router to do routing if the clients are communicating with each other from different VLAN. And remember to "Fixed" the port to be member of specify VLAN (ex: VLAN10), because our default is "Normal".

    Hope it's clear.
    Jonas 
    Jonas,

All Replies

  • mMontana
    mMontana Posts: 1,298  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited April 2021 Answer ✓
    AFAIK...
    multiple tagged vLANS
    or
    1 untagged vLANS and multiple tagged vLANS

    Otherwise switches would not know to which "untagged vLan" forward pacakges of not-tagged devices.
    If you need to vehicle more untagged vLANS accross a port, you have to convert into untagged into other devices which will receive tagged vLANS.

    Example:
    on the PoE Switch you have not-vLan-capable phones and IPCams.
    PoE switch is connected to a Core/Distribution switch, where there are not-vLan capable NVR and VoIP PBX.

    PoE Switch ports:
    1 untagged vLan 10 (Phone)
    2 untagged vLan 10 (Phone #2)
    3 untagged vLan 20 (IPCam)
    4 untagged vLan 20 (IPCam)
    ....
    8 tagged vLAN 10 and 20 (uplink to the Core/Distribution)

    Core/distribution switch ports
    26 tagged vLAN 10 and 20 (uplink to PoE switch)
    24 untagged vLan 10 (PBX)
    23 untagged vLan 20 (NVR)

    If your devices are vLan capable, the "phisical" connection is less important than the vLan connection, which will use the ethernet port, but it will connect to the virtual LAN Adapter (vLan adapter).

    Hope that my explanation will be simple and corregt enough.

  • Nebula Moderator
    Nebula Moderator Posts: 127  Zyxel Employee
    First Anniversary Friend Collector First Comment
    @RandomIntern

    Thanks for @mMontana feedback.

    For this one
    I wanted to do untagged voip because it was more convenient in my opinion. But with this solution I was given, I can't have differents untagged VLANs because of the trunk ports which can't have more than 1 untagged VLAN at a time, can I ? I don't know if I made myself clear, sorry about that.

    Or is it possible to have more than 1 untagged VLAN on the same port ?
    May I know if you could describe the detail scenario or any technology documents for reference?
    Therefore, I could verify if the configuration setup is correct.

    Thanks
    Jonas,


    Nebula Forum Moderator
  • mMontana said:
    AFAIK...
    multiple tagged vLANS
    or
    1 untagged vLANS and multiple tagged vLANS

    Otherwise switches would not know to which "untagged vLan" forward pacakges of not-tagged devices.
    If you need to vehicle more untagged vLANS accross a port, you have to convert into untagged into other devices which will receive tagged vLANS.

    Example:
    on the PoE Switch you have not-vLan-capable phones and IPCams.
    PoE switch is connected to a Core/Distribution switch, where there are not-vLan capable NVR and VoIP PBX.

    PoE Switch ports:
    1 untagged vLan 10 (Phone)
    2 untagged vLan 10 (Phone #2)
    3 untagged vLan 20 (IPCam)
    4 untagged vLan 20 (IPCam)
    ....
    8 tagged vLAN 10 and 20 (uplink to the Core/Distribution)

    Core/distribution switch ports
    26 tagged vLAN 10 and 20 (uplink to PoE switch)
    24 untagged vLan 10 (PBX)
    23 untagged vLan 20 (NVR)

    If your devices are vLan capable, the "phisical" connection is less important than the vLan connection, which will use the ethernet port, but it will connect to the virtual LAN Adapter (vLan adapter).

    Hope that my explanation will be simple and corregt enough.

    Quite clear, thanks !

    @RandomIntern

    Thanks for @mMontana feedback.

    For this one
    I wanted to do untagged voip because it was more convenient in my opinion. But with this solution I was given, I can't have differents untagged VLANs because of the trunk ports which can't have more than 1 untagged VLAN at a time, can I ? I don't know if I made myself clear, sorry about that.

    Or is it possible to have more than 1 untagged VLAN on the same port ?
    May I know if you could describe the detail scenario or any technology documents for reference?
    Therefore, I could verify if the configuration setup is correct.

    Thanks
    Jonas,


    In fact, this question was general. I'll try to rephrase it : Can we have a trunk port with 1 Untagged VLAN and many Tagged VLAN, but only Untagged VLANs on the switch ?
    e.g. I have 2 VLANs : VLAN data 1 and VLAN voip 10. Can I have a trunk port with Untagged VLAN 1, Tagged VLAN 10, but some ports with Untagged VLAN 10 ?

    In my case, I tried a similar scenario but without success.
  • Zyxel_Jonas
    Zyxel_Jonas Posts: 313  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hi @RandomIntern,

    In general,
    "I have 2 VLANs : VLAN data 1 and VLAN voip 10."
    This scenario could be achieved by configuring untagged PVID 1 for data and tagged 10 for voip, but you'll need to ensure that the IP phone can recognize tagged VLAN.

    Can I have a trunk port with Untagged VLAN 1, Tagged VLAN 10, but some ports with Untagged VLAN 10 ?
    This can be configured in the switch, but it will not work, because only one PVID can be configured per port.

    Hope it's clear.
    Jonas,
    Jonas,
  • Can I have a trunk port with Untagged VLAN 1, Tagged VLAN 10, but some ports with Untagged VLAN 10 ?
    This can be configured in the switch, but it will not work, because only one PVID can be configured per port.

    Hope it's clear.
    Jonas,
    Thank you for your answer.

    We may have misunderstood each other.

    This is the exemple I asked about : trunk ports with VLANs 1 untagged & 10 tagged and OTHER ports with ONLY VLAN 10 untagged. This means trunk ports will have PVID  = 1 and those other ports will have PVID = 10. This way, each port has only one PVID. Will the trunk ports be able to communicate with those other ports via VLAN 10 and vice versa ?

    This is more or less the scenario I tried so I think the answer is no, but I'm still asking because I'm not confident about that.

    Have a nice day.
    RandomIntern.
  • Zyxel_Jonas
    Zyxel_Jonas Posts: 313  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓
    Hi @RandomIntern,

    Will the trunk ports be able to communicate with those other ports via VLAN 10 and vice versa ?
    Yes, because trunk port is the member of VLAN 10, so trunk port will send (TX) tagged VLAN 10.
    ReminderYou'll need a router to do routing if the clients are communicating with each other from different VLAN. And remember to "Fixed" the port to be member of specify VLAN (ex: VLAN10), because our default is "Normal".

    Hope it's clear.
    Jonas 
    Jonas,
  • Hi @RandomIntern,

    Will the trunk ports be able to communicate with those other ports via VLAN 10 and vice versa ?
    Yes, because trunk port is the member of VLAN 10, so trunk port will send (TX) tagged VLAN 10.
    Reminder: You'll need a router to do routing if the clients are communicating with each other from different VLAN. And remember to "Fixed" the port to be member of specify VLAN (ex: VLAN10), because our default is "Normal".

    Hope it's clear.
    Jonas 
    I see, thanks !