VLANs and DHCP
I set up two VLANS on a GS1900-24, the first 16 ports on the 1st and the last 8 ports on the 2nd. Each VLAN has all member ports set to untagged and all others set to forbidden.
I have two separate subnets that communicate via routers. What I was hoping is that the two VLANS would act like two separate switches, so I could not have to use unmanaged switches.
Instead it acts more like one big switch, because with both subnets plugged in, I am pulling an IP address from the wrong router. If I put all the devices from VLAN2 in a separate 8-port switch everything works fine.
I suspect this is because I really dont know how to properly configure VLANS to isolate these two sets of ports. How do I get the two VLANS to not pass DHCP traffic across them?
0
Accepted Solution
-
Forbidden 17-24 for VLAN 1
17-24 Set VLAN Port PVID to 172
0
Guru Member
All Replies
-
So your router is setup with two VLAN subnets?
Can you post your VLAN setup? likely you have VLAN1 allowing all over all ports and not setup the VLAN Port Setting for given VLAN?
What router do you have or do you have two routers each with its own subnet?0 -
The Microtik is not configured for any VLANs.
On GS1900, VLAN1 is default (all ports untagged), VLAN172 is ports 17-24 untagged, all other ports forbidden. VLAN192 is ports 1-16 untagged, all other ports forbidden.
I thought this would work - it would be like VLAN192 and VLAN172 are physically separate switches.
The DHCP request from the phone is evidently showing up on port 24, and going to the microtik on the 172 network.
Does the Microtik need to be configured for VLAN on the interface that goes to port 24 on the GS1900?
0 -
Main router is Zyxel EMG3425.0
-
Forbidden 17-24 for VLAN 1
17-24 Set VLAN Port PVID to 172
0 -
Hi @mikekusa,
Welcome to Zyxel community!
According to your description, more likely your wifi AP is in VLAN 1 or didn't have VLAN setting, making the DHCP discovery packets from IPhone be sent to port 24 since the VLAN 1 setting of GS1900-24 didn't forbid port 24.
Just like @PeterUK said, set port 17-24 as forbidden on VLAN 1 will solve your problem.
Zyxel Melen0 -
This absolutely worked. Thanks - I see where taking 17-24 off VLAN1 word work; what does the PVID 172 do?0
-
Currently 17-24 is Set to 1 for PVID? So does 17-24 work like that? You want to set the PVID to the untagged ports for given VLAN.
0
Zyxel Employee
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 151 Nebula Ideas
- 98 Nebula Status and Incidents
- 5.7K Security
- 277 USG FLEX H Series
- 277 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.4K Consumer Product
- 250 Service & License
- 395 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 75 Security Highlight
