cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1240
Views
5
Helpful
12
Replies

Switch configuration for VLAN

monika.villiers
Level 1
Level 1

Hello,

I'm trying to configure network VLANs for something like this:

VLAN1.jpg

Although this contains Netgear switches, the configuration of the switches is more what I'm concerned with as this I'd assume most devices will operate in a similar way.

 

The idea being is that VLAN1, VLAN2 and VLAN3 all have access to the internet via the router but none of the VLANs can share data -  they are all separated from one another.

 

The trouble is that that I cannot seem to find the correct settings for the switches.  Does each switch need to contain entries for all VLANs even those which do not have ports belonging to that particular VLAN?

 

Can anyone give me some assistance with the settings for each switch?

 

Many thanks

12 Replies 12

Hello,

 

in short, the links between the switches need to be trunk links. Each switch needs to have the Vlan information of the downstream switch. Cisco uses VTP to make sure the Vlan database is consistent across all switches, not sure if Netgear supports MVRP (Multiple VLAN Registration Protocol).

 

https://kb.netgear.com/11673/How-do-I-setup-a-VLAN-trunk-link-between-two-NETGEAR-switches

So if I understand correctly the switch configuration should be as follows:

 

Switch_1

VLAN1

Port_1 untagged

Port_2 untagged

Port_3 untagged

Port_4 <unassigned>

Port_5 tagged

 

Switch_2

VLAN1

Port_1 tagged

Port_2 untagged

Port_3 untagged

Port_4 <unassigned>

Port_5 tagged

VLAN2

Port_1 tagged

Port_2 <unassigned>

Port_3 <unassigned>

Port_4 untagged

Port_5 tagged

 

Switch_3

VLAN1

Port_1 tagged

Port_2 untagged

Port_3 untagged

Port_4 <unassigned>

Port_5 <unassigned>

VLAN3

Port_1 tagged

Port_2 <unassigned>

Port_3 <unassigned>

Port_4 untagged

Port_5 <unassigned>

 

Would this be correct?

 

Many thanks

balaji.bandi
Hall of Fame
Hall of Fame
Netgear switches

if all your switches same, then this question need to be post to Netgear switches forum for better answer.

 

or may be check just googled it : (may be helpfull not sure)

 

https://kb.netgear.com/31026/How-to-configure-a-VLAN-on-a-NETGEAR-managed-switch

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

yeah, I tried over there at the Netgear forums but after around a day of views there were no replies - over here it was a matter of minutes

 

I figured also, that the theory of VLANS was more generic and not tied to a manufacturer but how to actually achieve it was.

yes most of them should follow RFC and IEEE standards, if one need to be integrated with market vendors.

 

it all depends on how they configured based on the requirement of TAG and UNTAG:

 

The one information i have posted can give you it of config, you need to make changes and test it is that meet your requirement :

 

check TAG and UNTAG concept cisco point of view :

 

https://www.cisco.com/assets/sol/sb/Switches_Emulators_v2_2_015/help/nk_configuring_vlans07.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

There are some aspects of what you are trying to do that we do not know. But we can speak in general about some parts of your questions and leave the implementation details to those who know those products. Part of your question is about vlans and how they work and part of your question is about routing. Some switches are capable of doing layer 3 routing in addition to the layer 2 switching. For now I am going to assume that the switches are operating as layer 2 only and that routing will be handled by the router.

A switch may have some of its ports configured as access ports and some ports configured as trunk ports. An access port is a member of a single vlan. A switch might have a single vlan or might have several vlans. A host or a server can connect to an access port and will have an IP address in the subnet associated with that vlan. A trunk port can carry multiple vlans. In general trunk ports are used to connect switch to switch (or switch to router). (There can be some situations where a trunk port might connect to a server but that is outside the scope of this discussion.)

On each switch you will need to configure the appropriate vlans, configure appropriate access ports in the vlans, and configure trunk ports which connect the router to SW1, SW1 to SW2, and SW2 to SW3.

Using switching logic any device in some vlan can communicate with any other device in that vlan. But to communicate with anything not in that particular vlan it needs layer 3 routing. So the trunks will carry all configured vlans and connect to the router. The router will need to configure a connection which can process a trunked interface, and will need IP  addressing assigning an IP subnet to each of the vlans. To provide Internet access the router will need a default route and will need to configure Network Address Translation for each of the subnets in your network. 

Providing Internet access is relatively straightforward. The other part of your requirement is that devices in some vlan not be able to communicate with devices in other vlans of the switches. The logic for that would be implemented on the router.

HTH

Rick

Joseph W. Doherty
Hall of Fame
Hall of Fame

Overlapping with information other posters have provided, especially @Richard Burts's posting, as described in the other postings, you'll need to make the inter-switch (and switch<>router) links (Cisco) trunks.  (NB: trunk is a Cisco term, other vendors, such as Netgear may, or likely, use a different term [possibly "bundle"] for the same concept, i.e. an interface that can carry multiple VLANs.  Also, a Cisco router defines a "trunk" interface differently from switches.)

An issue you may bump into, when mixing Cisco and non-Cisco equipment, Cisco allows for a "trunk" to carry one VLAN w/o tags, i.e. the "native" VLAN.  Other vendors might not support this.  If this is a problem, perhaps the easiest way to deal with it is to not use whatever is currently the "native" VLAN on the Cisco switches (by default, it's VLAN 1).

Cisco has a feature to selectively control what VLANs are allowed to use a trunk, but by default, they all should be allowed.

Another poster has mentioned VTP, a feature, generally, unique to Cisco.  If using Netgear switches, and Cisco switches, perhaps best to disable on the Cisco switch.  W/o it, you'll need to (manually) define all your VLANs on all your switches.

As Rick has mentioned, commonly, the way to block (or control) traffic between VLANs is with using interface ACLs on the L3 interfaces for those VLANs.  Another possible way to do it would be to use VRFs (the L3 version of L2 VLANs), but that's a more complex approach.

Hello
As suggest by @Richard Burts and @Joseph W. Doherty You would require an access list on the router, (providing this is performing the intervlan routing for your LAN so to negate communication between the vlans and its users.


You would also need to the create the L2 vlans and trunks on the dell switches, and it look's like the cli of those Dell switches are similar hp/aruba cli commands, if so.for the L2 communication.

 

Please confirm regards the inter-vlan routing as to what device is providing this?


Example:

Create vlans 1,2,3 on all 3 switches
Switch 1-2 ( port x  tagged = trunk 12)  < allow all vlans
Switch  2-3 (port x tagged trunk 23) < allow all vlans
access ports = untagged

switch 1

trunk port x trk12
vlan 1
untagged port x
untagged trk 12

vlan 2
untagged port x
tagged trk 12

vlan 3
untagged port x
tagged trk 12

 

switch 2

trunk port x, trk12 
trunk port y trk23

vlan 1
untagged port1
untagged trk 12
untagged trk 23

vlan 2
untagged port x
tagged trk 12
tagged trk 23

vlan 3
untagged port x
tagged trk 12
tagged trk 23


switch 3

trunk port y trk23
vlan 1
untagged port1
untagged trk 23

vlan 2
untagged port x
tagged trk 23

vlan 3
untagged port x
tagged trk 23


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Hi, 

Not sure I understand.  As far as I can see a Level 2 switch uses the ports within VLANs???

 

I thought that inter-VLAN routing was done by the switches.  The router doesn't have any VLAN capabilities.

 

Sounds like this is not going to be possible...

Hello


@monika.villiers wrote:

I thought that inter-VLAN routing was done by the switches.  The router doesn't have any VLAN capabilities.

Sounds like this is not going to be possible...


It is possible, but we just need to understand the current setup of your network, one of the switch(s) may be able to support he inter-vlan routing it does not necessarly has to be the router., Can you elaborate a little on your network?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

It is premature to say that this can not work. There are multiple options to explore, multiple ways that might work. The thing that makes this discussion complicated is that you are dealing with Netgear equipment and posting in a Cisco forum. I appreciate that you are posting here because we are more responsive than the Netgear one. And I hope that we can help you find a solution.

Since I do not know the capabilities of the particular Netgear equipment that you have, I have described an architecture of how it could work using Cisco terms. Cisco calls connections with multiple vlans trunks, what does Netgear call them? I have some limited experience with Netgear routers and believe that they can route for multiple subnets on the inside. Do they call that something different from what Cisco does? I know that Netgear routers can translate private IP addressing on the inside to Public addressing on the outside. Cisco calls that NAT, does Netgear call it something different?

A key question is whether the Netgear router can connect to a switch and process more than one vlan on that connection. Does anyone in this discussion know that answer?

I have described an architecture where routers do layer 3 processing and switches do layer 2 processing. But that is not the only architecture that might be used. It is quite possible that the Netgear switches are capable of doing layer 3 routing. It is possible that the Netgear switches are capable of implementing the access restrictions so that each vlan has Internet access but not access to other vlans. We need better understanding of the capabilities of your Netgear equipment.

HTH

Rick

blazej.czuk
Level 1
Level 1

I recommend watching this trunks VLAN configuration video.

https://www.youtube.com/watch?v=4SXAtU1G5HM

Review Cisco Networking for a $25 gift card