Dave,

I found this and it may solve my problem, just need some additional clarification.

I have an SG300-20 and an SG300-52, for all intensive purposes right now I have them chained together : Firewall to Switch 1(20por) to Switch2 (52 port).

To reduce the number of physical ports I rely on from the firewall, for physical lans, I want to go to VLAN TAGing, such that I consoliidate my firewall configuration from 4 physical interfaces to 1 and have the 4 vlans taged on that one interface.

So, by default, all ports are set to trunked mode.  Assuming I create the vlans on both switchs and leave port 20 and 52 set to trunk and then change the access ports to access mode for the individual ports on the switch to computer, will leaving the last ports in TRUNK mode work like VTP?

So from Firewall to Switch1(port 19) I configure for all vlan memberships set to trunk mode

Switch1(port20) member of all vlans, set to trunk mode

Switch2(port52) member to all vlans, trunk mode

Switch1(ports 1-10) access mode - vlan 1

Switch1(ports 2-5) access mode - vlan 3 (802.1Q)Tagged

Etc for switch2

Im just trying to figure out how to connect these two switchs up to allow the 4 vlans to work between the 2 switchs.

Hi jeremy,

Wish i had 10 minutes in a webex to demonstrate... It's a fun switch and easy switch to configure when you get the jist of it.

All ports are in trunking mode by default.

But Vlan1 is untagged on each port, otherwise your vlan un-aware  PC would never work.

For ports 20 and 52  just make sure that you add your other vlans  as tagged vlans  to these ports.

So and they will propogate  those vlans between switches.

In the example below, you have already created your VLANs I guess.

I would select menu item  VLAN MANAGMENT  > port to vlan

Select  the VLAN  ID number as shown below of interest and then press GO

This then  would bring up the port list showing me how VLAN ID=3 was attached to the ports.

Most likely it would be excluded from all ports  by default.

I would alter the table by clicking the tagged radio button for all ports that need to be tagged for that VLAN (even uplink ports)

then press apply.   Select another VLAN ID  and then select "GO" again.

make changes as required.

Make sure you save your configuration changes, see the extra circled area that says "save'

Copy the running copnfiguration to the startup configuration   and that should do it.

regards Dave

I will let Dave finish this asnwer but I just wanted to clarify a little.

You only need to trunk from switch to switch or from switch to Router. All devices need to agree on the default VLAN (this is not always a must have but...). We are going to say that VLAN 1 is the default accross all your devices.

From router:

Lets say port 4 is what we will use to connect all of our switches. Port 4 will need to be configured as a trunk. The catch is, this will depend on the manufacturer and what features are allowed on your router. Typically on a Cisco router we would configure this interface like this:

int 4.1

int 4.2

int 4.3 and so on... then we add 'dot1q encap'

So now this interface becomes the gateway for all our VLANs.

From switch 1:

So port 52 here will be a trunk and we will tag all VLANs you want to "route". You will not be able to tag the default VLAN as it is always un-tagged. For the rest of the ports they will be configured as access ports if the device attached to said port needs to belong to a single VLAN. Access ports always carry un-tagged traffic.

So if you make a port an access port you cannot add another VLAN to that port unless you tag the VLAN. But the only way to tag the VLAN is to change the port to a trunk port.

Which leads us to connecting to your second switch. Since you want to route all of your VLANs port 51 will be a trunk port just like port 52. And just like these two ports, on Switch 2 port 52 will also be a trunk port configured just like port 51 & 52 on switch 1.

Your devices will most likely be attached to an access port which is configured for a single VLAN. There are exception like if you have a phone, but we will save that for later.

Do not worry about VTP as it is really not needed when you only have two switches and a couple of VLANs.

I am using pfsense firewall software to do the logic vlan'n

Just a brief summary to point out the setup

VLAN's are setup for a defined interface,

So i have VLAN8 VLAN16 VLAN170, number is indicative of the tag #

LAN is not a vlan but descrete on the same interface.

I would assume that when connecting the two dots

F/W                    Switchs               - VLAN
LAN   192.168.3            -   Untagged ports   - Default

VLAN8  192.168.8        -    TAG                    - VLANID 8

VLAN16   192.168.16     -    TAG                    - VLANID 16

VLAN170  192.168.170    -    TAG                    - VLANID 170

No port wil be a member of more than 1 vlan.

"

So port 52 here will be a trunk and we will tag all VLANs you want to "route". You will not be able to tag the default VLAN as it is always un-tagged. For the rest of the ports they will be configured as access ports if the device attached to said port needs to belong to a single VLAN. Access ports always carry un-tagged traffic.

So if you make a port an access port you cannot add another VLAN to that port unless you tag the VLAN. But the only way to tag the VLAN is to change the port to a trunk port.

Which leads us to connecting to your second switch. Since you want to route all of your VLANs port 51 will be a trunk port just like port 52. And just like these two ports, on Switch 2 port 52 will also be a trunk port configured just like port 51 & 52 on switch 1.

"

Since I am a newbie, Im just clarifying what your directions indicate, please correct me if I am wrong.

Switch 1

Port 51 Trunk,

Port 52 < dito>

Switch 2,

Same as switch 1.

Now for individual port vlan membership, assume ports 1 - 5 need access to only the LAN subnet so its memberships would only be to the default lan.

Ports 6-10 need access to the 8 subnet, so they would be a member of only the 8, (does this mean to remove membershp to the default and set the pvid to 8, or do all ports have to belong to the default) If this is the case should i make my lan configuration a vlan definitation as well and create a vLAN ID for the switchs?

"so they would be a member of only the 8,... "

Exactly! Lets say port 6 on switch 1 is a printer with an IP address for the 8 subnet, since it belongs to that subnet and nothing else port 6 will give "access" to the printer. So the printer's port is an access port for subnet 8.

Since switch 1 needs to give access to all VLANs on port 51; remember we have another switch attached on this port not an end device, it needs to be a trunk so it knows to separate or "tag" the traffic that belongs in the appropriate subnet. Since each switch (typically) have an ip address on VLAN1 there is no need to tag it (you can't tag the native VLAN any way ).

Now when you make a port an access port you will notice that the PVID changed to reflect the VLAN assignment so there is nothing to do. Your "LAN" from what you stated is VLAN1 so you don't need to worry about it really. Just remember that an access port belongs to ONE subnet and a trunk allows us to pass ALL subnets you define. And NO, all ports will not belong to VLAN1 or the NATIVE VLAN what ever the number may be.