Tom,

Netgear siwtch is VLAN capable, and works exactly the way I want to. All I'm trying to do is setup 2 separate networks with an access to servers on same LAN, which is done on netgear switch by untaging same port on multiple VLANS (for Servers)

This is on netgear switch:

P1 (dumb router, no vlan) - 2U,3U; subnet 192.168.1.x/24

P2 (host) - 2U, subnet 192.168.1.x/24

P3 (host) - 3U, subnet 192.168.1.x/24

these host do get IP addres from router, cannot ping eachather. Trying repeat this on Cisco switch. The reason I'm tring to do this this way that it will be more host on VLAN2 and VLAN3, and at least 2 more servers that need acces to both VLANS.

Thanks

Hi Marcin, in order for multiple vlans to communicate to each other, they must be routed. The SG200 cannot route vlans therefore the router will make this decision.

If you want to replicate the set up of the Netgear switch, then you would need to set the port mode as general then specify both vlans on the link as 2u, 3u as per your example.

If you want some servers to have an intercommunication amongst the vlans then the router will have to do this for you as the switch cannot.

-Tom
Please mark answered for helpful posts

Tom,

please see port-based VLAN config documentation page of Netger switch, which is also layer 2 switch and can communicate between VLANs without router.

http://documentation.netgear.com/gs108t/enu/202-10337-01/GS108T_UM-10-5.html

so the scenario above (netgear) is not possible to achivie with Cisco SG200 without router correct?

Thanks

Marcin

Hi Marcin, I see this working okay. I think to make this work you will make all ports general port, disable ingress filtering and follow the suggestion of the document.

The uplink is vlan 2 untag, vlan 3 untag then your respective ports would be like 1u, 2u and 1u, 3u

There has to be a common vlans untagged.

So lets say here is an example.

port 1 is the link to your router - 1u, 2u, 3u

port 2 is the link to server a - 1u 2u

port 3 is the link to server b - 1u, 3u

port 4 is the link to the shared server - 1u, 2u, 3u

I think in theory this works okay so long as everything is on the same subnet with vlan as described. I never tried to test but logically to me it makes sense.

-Tom
Please mark answered for helpful posts

Tom,

I've tested your example and it is not working. Also I have tested many other setup and no luck. I guess I have wrong tool to do the job. Can't imagine that $100 switch can do what I need, but Cisco cannot.

Thanks for the help

Hi Marcin

I faced exactly the same problem as you and nearly went crazy. I also went through all the posts here on cisco support forums, but nobody seems to have got it right. Then I read Tom's post above and the material on the Netgear site and I made finally click. Tom was nearly there in his last post, but this is how it should look like to make it work:

The trick is, that different VLANs are used for the different directions the packets are flowing (e.g. host -> server, server -> host). And I think that the so called "Port based VLANs" by Netgear do exactly the same in the background as I describe now for Cisco SG200:

(Every machine has an IP on the same subnet)

port 1 is the link to your router - 1UP, 2U, 3U

port 2 is the link to host a - 1U, 2UP

port 3 is the link to host b - 1U, 3UP

port 4 is the link to the shared server - 1UP, 2U, 3U (same as router)

With this setup the following happens:

- Packets from host a to server/router use VLAN2: they are tagged on port 2 with VID2 and untagged on port 1/4

- Packets from server/router to host a use VLAN1: they are tagged on port 1/4 with VID1 and untagged on port 2

- same is for host b

I tested this setup myself and it enables host a/b to reach the server and the router, but not each other! It works even when all machines are on one subnet, as you (and myself) required.

I hope it's not too late, best regards,

Jonathan

Hi Jonathan,

I realise this post is over 9 months in age but after two days of reading and research I think your answer might help resolve my issue as well. I want to clarify something though.

It seems that what you have found is that any port assigned to a vLAN must also be assigned to the "trunk" vLan as well?

Normally I would create a vLan, add multiple ports to it, connect 1 port to the routers port for that network and then add devices to the remaining vLan ports. Generally I have one port on the router for each network so port 1 for vLan1, port 2 for vLan2 etc.

In your example you had port 1 connect to the router and also be a member of 3 vLans. You then made each port a member of its vLan and vLan1. Although we are connecting the switch to the router differently it seems that its still crucial to have any port be member of its own vLan and the router connection vLan or a Trunk as that is what I am doing. Is this assumption correct or at least partially so?

Here is my scenario: I have two SG200s and trying to make them redundant. I have three networks (vLan1,2,3) and am using port 49 & 50 to trunk the two switches. As mentioned above I thought I would simply add ports 2-12 to vLan1, 13-36 to vLan2, 37-48 to vLan3. Choose a port from vLan to connect to the appropriate port on the router (( have 2 of these as well) and be good to go.

I am not though. While my vLan1 works the others do not and I can no longer access the web management for the switch.

If you have any input I would appreciate it.