GS1200-8 and vLAN configuration
I would like the separate and segregate two set of devices in order to avoid that the first set is not able to see the other and vice versa but both of them shall be able to reach internet.
The only working configuration that I was able to configure was the following with 2 vLANs 20 and 30 and the router (that do not support vlan tag) on port 1.
but I have the following questions:
1. Why shall I put ALL the devices on the VLAN ID 1 in order to reach internet even if I have, on vLAN 20 the port 1 configured with TAG EGRESS MEMBER?
2. What does it mean, exactly, TAG EGRESS MEMBER?
3. Is there any better (or most secure) solution that could be implemented?
Thanks in advance,
Stefano
All Replies
-
A port based VLAN is what you need really if you don't have a router that support VLAN's and tags for given subnets.
You can see if the following works but it might not.
Have VLAN1 for port 1 and PVID 1 for port 1 pots 2-8 Non-member as backup
port 8 is the uplink
VLAN40 for port 8 tag and PVID40 port 8 ports 2-7 untag port 1 Non-member
VLAN20 for ports 2-4 tag and PVID 20 port 2-4 port 8 untag with ports 5-7 Non-member port 1 Non-member
VLAN30 for ports 5-7 tag and PVID 30 ports 5-7 port 8 untag with ports 2-4 Non-member port 1 Non-member
0 -
@Stexxe,3. Is there any better (or most secure) solution that could be implemented?Port isolation might be an option on your requirement. However, this feature will block all ports of communication except for the uplink port.
For "TAG EGRESS MEMBER", it means that this port will send out VLAN tag.
D,0 -
@PeterUK and first of all thanks for your reply. I tried your configuration as depicted in the following image:PeterUK said:A port based VLAN is what you need really if you don't have a router that support VLAN's and tags for given subnets.
You can see if the following works but it might not.
Have VLAN1 for port 1 and PVID 1 for port 1 pots 2-8 Non-member as backup
port 8 is the uplink
VLAN40 for port 8 tag and PVID40 port 8 ports 2-7 untag port 1 Non-member
VLAN20 for ports 2-4 tag and PVID 20 port 2-4 port 8 untag with ports 5-7 Non-member port 1 Non-member
VLAN30 for ports 5-7 tag and PVID 30 ports 5-7 port 8 untag with ports 2-4 Non-member port 1 Non-member
Do I understand correctly your suggestion?
If yes, the configuration seems not working... connecting a PC to the port 2, this is not able to reach internet (uplink configured on port 8).
If no, may you please help me on what I missed?
Thanks in advance,
Stefano0 -
I tested here with another switch and it worked did you reboot the switch? was the PC untagged as the setup should work without tags
0 -
After checking again the setup will work but in a unexpected way you could get internet but like port 2-4 can't connect to each other.
So really for people who have a router that can do VLAN's you want the 802.1Q but if you have a simple router you want Port Based.
Here is a Zyxel switch with Port Based.
0
Guru Member
Freshman Member
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight
