07-12-2011 02:05 PM
Hi, I'm kinda new to this vlan. what we want is to set the following:
VLAN 10 for accounting (port 1-10)
VLAN 20 for sales (port 11-20)
VLAN (10+20) for servers that both accounting and slaes can access (port 22-25)
I've been goofing around with no luck, either one of them is accessible but the other group is not.
my setup is the following
port 1-10 : access ports, VLAN ID 10, untagged PVID
port 11-20: access ports, VLAN ID 20, untagged PVID
how should port 22-25 be setup so that vlan 10 and vlan 20 have access to?
07-19-2011 08:47 AM
I was able to get this with the following:
G1 General PVID 10, 1T 10U
G2 General PVID 20, 1T 20U
G3 General PVID 1, 1U 10T 20T
so say port 1 are for accounting users, port 2 are for sales users, and port 3 are the servers.
Is this the RIGHT way to do it???
07-19-2011 12:52 PM
Ke Zhang,
With vlans, you can only be a member of one vlan. Just how you can only be a member of one network. So the ports that you have configured for accounting need to be access ports member of that vlan. The only time you need more than one vlan is when your passing the traffic to another switch or a layer 3 device to route from one vlan to another.
07-19-2011 01:28 PM
Hi thanks for the reply, I have attached a drawing to clarify of what I'm trying to do.
Basically I need to seperated different departments and at the same time they all need access to the internet.
I can configure the different groups to be access ports and therefore they can be seperated, but how is the trunk port configured so that all have internet access??
thanks.
07-19-2011 09:18 PM
Dear Mr Zhang
Not trying to interfere with my dear colleague Mr Carr work, but it is late at night here, I have turned on my 300 series switch and want to try to give you an answer. The 300 series switches are many generations ahead of the old Linksys switches, the only thing they really have in common is a shared ordering part number.
I believe I understand what you want to do, but would like not to complicate things too much by using VLAN interface general mode.
If you want servers to be accessable by both the sales and accounting VLAN users, why not just put the servers in a seperate VLAN, maybe I could call it the server VLAN with a VID=30.
I can see from your diagram above, you already have three sub-interfaces that can support all three VLANs. ( i have ignored the default VLAN VID=1 ).
These sub-interfaces on your WAN router can tagged for the three VLANs .
Because your WAN router supports sub-interfaces it can therefore route between VLANs. Why not make use of that excellent feature, if it is possible..
My proposal is to make use of those routable sub-interfaces on your WAN router and just trunk three VLANs to your WAN router via GbE port 28
Again, luckily you have a 300 series switch that also supports wirespeed Access-Lists, in case you need to add restrictions or restrict access between network resources.
What about the following VLAN setup. Click on the table below to make it bigger.
I guess you used VID 10 and 20 because they are the sub-interface numbers on your WAN router. That is only a guess on my part.
Why not use port 28 as a link to propagate the Tagged VLANs to your VLAN aware WAN router.
Leave all switch ports in trunk mode and not use general mode.
(NOTE: could be easier just to set the switch back to factory defaults and start again).
Check out this 6 minute recording and see if this works for you, yes it took me only 6 minutes to configure the switch for your needs.
Remember when viewing the recording, that you can pause the recording to perform the necessary configuration steps..
Hope this helps,
regards Dave
07-21-2011 10:19 AM
Hi David, I want to thank you for the time and effort you put in answering my question. And the video you put up is really great.
I really appreciate it. I guess I'll go this way.
A few things, since we are using ports of a single VALN, can we make them into access ports? instead of leaving them as trunk port mode?
Second, after I configured this I did a testing to ping the router interface, say for example using laptop 192.168.1.15 pingping the router interface 192.168.1.1, out of 10 pings, there is one ping that would be in the 400-500ms. There are no dropped pings but lots of pings with delays.
Can you make sense out of this?
07-21-2011 06:13 PM
Hi Mr Zhang,
Very glad to hear that your network is coming together nicely.
Access mode as you know, allows only one untagged VLAN to be associated with a port..
Trunk mode , like access mode allows for again only one untagged vlan to be associated with a port, but trunk mode allows many tagged VALNs to also be associated with the port.
Tagged VLANs are not added automatically to a port, they have to be manually added,.
Since your IP hosts (PCs) are not VLAN aware it really is fine for the ports to be left in the default trunk mode.
But, I live in the USA, the land of the free, so feel free to make the change from trunk mode to access mode, if it makes you feel happier.
the ping response time is not good.
Is that ping response time of 400 to 500 millisecond all the time or only when the uplink to the WAN router may be congested.
It would be interesting to see pings at different times of day to understand if it's just the uplink that is getting congested or the WAN router that is running very hard.
Since the WAN router is also routing between VLANs all traffic destined for another VLAN will go out on your uplink port 28.
Pinging another device within the same VLAN on the same switch should exhibit much less delay .
What is the ping time between to IP hosts on the same VLAN ?
I would think this ping response time would be very low. If it is, I am still thinking there is trouble with routing betweeen VLANs via the WAN router.
regards Dave
08-09-2011 02:54 PM
Hi there!
It might not be the best thread but still the closest to what i'm trying to configure :-)
I'm using a SG 300-52 and a no VLAN capable router (for internet access) and trying to setup the following with no luck :-(
VLAN's are probably not the best idea and I might need to use ACL's but please advice how could I achieve the following setup:
lets solve first points 1-3 if possible than we can go further :-)
Any help is welcome and many thanks in advace!
br.
Szabi
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: