Hi, I'm kinda new to this vlan. what we want is to set the following:
VLAN 10 for accounting (port 1-10)
VLAN 20 for sales (port 11-20)
VLAN (10+20) for servers that both accounting and slaes can access (port 22-25)
I've been goofing around with no luck, either one of them is accessible but the other group is not.
my setup is the following
port 1-10 : access ports, VLAN ID 10, untagged PVID
port 11-20: access ports, VLAN ID 20, untagged PVID
how should port 22-25 be setup so that vlan 10 and vlan 20 have access to?
With vlans, you can only be a member of one vlan. Just how you can only be a member of one network. So the ports that you have configured for accounting need to be access ports member of that vlan. The only time you need more than one vlan is when your passing the traffic to another switch or a layer 3 device to route from one vlan to another.
Hi thanks for the reply, I have attached a drawing to clarify of what I'm trying to do.
Basically I need to seperated different departments and at the same time they all need access to the internet.
I can configure the different groups to be access ports and therefore they can be seperated, but how is the trunk port configured so that all have internet access??
Dear Mr Zhang
Not trying to interfere with my dear colleague Mr Carr work, but it is late at night here, I have turned on my 300 series switch and want to try to give you an answer. The 300 series switches are many generations ahead of the old Linksys switches, the only thing they really have in common is a shared ordering part number.
I believe I understand what you want to do, but would like not to complicate things too much by using VLAN interface general mode.
If you want servers to be accessable by both the sales and accounting VLAN users, why not just put the servers in a seperate VLAN, maybe I could call it the server VLAN with a VID=30.
I can see from your diagram above, you already have three sub-interfaces that can support all three VLANs. ( i have ignored the default VLAN VID=1 ).
These sub-interfaces on your WAN router can tagged for the three VLANs .
Because your WAN router supports sub-interfaces it can therefore route between VLANs. Why not make use of that excellent feature, if it is possible..
My proposal is to make use of those routable sub-interfaces on your WAN router and just trunk three VLANs to your WAN router via GbE port 28
Again, luckily you have a 300 series switch that also supports wirespeed Access-Lists, in case you need to add restrictions or restrict access between network resources.
What about the following VLAN setup. Click on the table below to make it bigger.
I guess you used VID 10 and 20 because they are the sub-interface numbers on your WAN router. That is only a guess on my part.
Why not use port 28 as a link to propagate the Tagged VLANs to your VLAN aware WAN router.
Leave all switch ports in trunk mode and not use general mode.
(NOTE: could be easier just to set the switch back to factory defaults and start again).
Check out this 6 minute recording and see if this works for you, yes it took me only 6 minutes to configure the switch for your needs.
Remember when viewing the recording, that you can pause the recording to perform the necessary configuration steps..
Hope this helps,
Hi David, I want to thank you for the time and effort you put in answering my question. And the video you put up is really great.
I really appreciate it. I guess I'll go this way.
A few things, since we are using ports of a single VALN, can we make them into access ports? instead of leaving them as trunk port mode?
Second, after I configured this I did a testing to ping the router interface, say for example using laptop 192.168.1.15 pingping the router interface 192.168.1.1, out of 10 pings, there is one ping that would be in the 400-500ms. There are no dropped pings but lots of pings with delays.
Can you make sense out of this?