XGS1930-28 vlan trunking support

13»

All Replies

  • Zyxel_Melen
    Zyxel_Melen Posts: 2,415  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate
    Hi @Humble,

    May you share your topology and PM me your configure?



  • Zyxel_Melen
    Zyxel_Melen Posts: 2,415  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate
    edited March 2022
    Hi @Humble

    Since there's no private configure, please allow me to copy the message you PM me to here:

    "here the network diagram.
    Since I have deleted almost all VLAN configuration from the XS1930 it seems to work more stable.
    I have changed ARP learning to ARP-Reply.
    My future goal would be to change the 2x10Gbit interface between the XS1930 and the Fortigate to a LACP trunk, but it seems Fortigate is a bit fuzzy about mixing tagged VLAN1 and untagged VLAN1 on the interface.
    Maybe I can force the XS1930 to tag all outbound traffic to the Fortigate though?
    I tried this but it didn't seem to work, so maybe I was mistaken in the configuration.

    PS in the drawing below the VLAN's are all stretched through the Fortigate based on soft switches, one of the possible issues is that the Fortigate soft switch feature does not support STP."



    To force the XS1930 to tag all outbound traffic to the Fortigate, you can create all VLAN and fix the port you connect to Fortigate and AP with tagged out. Below is the example.
    Setup path: Menu > Advanced Application > VLAN > VLAN configuration > Static VLAN setup


    Or you can setup VLAN trunking on the port you connect to Fortigate and APs. The switch will forward the packets in unknown VLAN groups to Fortigate and APs. Kindly remind, using VLAN trunking doesn't need to create any VLAN. Below is the example.
    Setup path: Menu > Advanced Application > VLAN > VLAN configuration > VLAN port setup



  • Humble
    Humble Posts: 4
    Hi Melen,

    a quick question before I go into a meeting. What happens if I enable trunking AND I create the VLAN's? this is what I had configured before.
    However I had the untagged VLAN (PVID value) on port 11 and 12 configured on VLAN10, as I wanted a way to connect a management device to that network.


  • Zyxel_Melen
    Zyxel_Melen Posts: 2,415  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate
    Hi @Humble,

    Since the VLAN trunking will forward unknown VLAN traffic, if you create the VLANs on switch, then the switch will follow the VLAN setting to forward/discard different VLAN's traffic since the VLANs are known. 
  • Humble
    Humble Posts: 4
    Ok,

    so the VLAN trunking setting in the VLAN port configuration only applies to unknown VLAN's.
    The Static VLAN configuration setup applies to known VLAN's, and there we have 2 parameters:
    (1) Control:
    - normal - the VLAN is added when the other side registers it with GVRP
    - fixed - the VLAN is always added to the port, so all broadcasts within the VLAN are always broadcasted to that port as well
    - forbidden - the VLAN is never allowed on that port
    (2) TX Tagging:
    - all outbound traffic for this VLAN is also tagged with this VLAN.

    I don't understand why it is configured this way. Can you have forbidden and TX tagging configured?
    or can you have fixed enabled and tx tagging disabled?
    What would be the effect?

    If you have TX Tagging disabled, does it mean that untagged traffic received from this port is then send out tagged with this VLAN ID on the other ports?

    Currently I have configured my VLAN1 (default VLAN) untagged on ports 1-10 and tagged on ports 11 and 12.
    For the trunk towards the Fortigate FW I should probably tag the traffic with VLAN1 though, but then I need to configure there as well that it VLAN1 is not untagged but tagged.

    possibly I am making mistakes in my thoughts please let me know if I'm on the right path here.
  • Zyxel_Melen
    Zyxel_Melen Posts: 2,415  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate
    Hi @Humble

    With TX Tagging enable means the ports you selected will tag all outbound traffics with this VLAN Group ID.
    If you have TX Tagging disabled, it means all traffics received from other ports in this VLAN will be sent without VLAN Group ID on this port.

    So we can have fixed enabled and tx tagging disabled, which means this port is one of this VLAN 's member and the outbound traffics send without VLAN ID tagged.
    But it is not possible to make this setting
     "forbidden and TX tagging configured" work since the port isn't one of this VLAN's member if we choose this port as forbidden, this port won't send packets out from this VLAN.

    "For the trunk towards the Fortigate FW I should probably tag the traffic with VLAN1 though, but then I need to configure there as well that it VLAN1 is not untagged but tagged."
    May I know what's your purpose here?
    Is to use VLAN trunking to forwards packets in VLAN 2, 4, 9, 10, 13?
    If you use VLAN trunking, you don't need to set TX tagging since the VLAN ID tagged will be kept inbound and outbound.