VLAN's on SG-3428 without vlan aware router
VLAN's on SG-3428 without vlan aware router
Hi,
I would like to seperate several devices on my SG-3428 TP-Link switch without a vlan aware router. So the switch is connected thru port 24 with a TP-link router that does not support vlans.
I found on the internet that it is possible to seperate several devices thru vlan's but when i make these 802.1q vlan's and add ports to it, the ports that are using another PVID then the default can not reach the Internet nor other devices on the switch.
Config:
vlan 1 = default
vlan 2 = internet
vlan 3 = lan+internet
ports 1,2,3,4,8,9,10 until 24 are in vlan 1 and 2
ports 5,6,7 are in vlan 1 and 3
PVID for most ports are 1 but for the 2 ports in vlan 2 they are PVID 2.
I want to accomplish that ports 5,6,7 cannot reach devices on the other ports but can connect to Internet, if possible the other way around is not a problem that way i can monitor the devices on both ports but they cannot reach me on the other ports.
Is this possible?
The router where the switch is connected to accepts all because it cannot read vlan's.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
surfer1 wrote
I found on the internet that it is possible to seperate several devices thru vlan's but when i make these 802.1q vlan's and add ports to it, the ports that are using another PVID then the default can not reach the Internet nor other devices on the switch.
Config:
vlan 1 = default
vlan 2 = internet
vlan 3 = lan+internet
ports 1,2,3,4,8,9,10 until 24 are in vlan 1 and 2
ports 5,6,7 are in vlan 1 and 3
PVID for most ports are 1 but for the 2 ports in vlan 2 they are PVID 2.
Please note that you need to add the port where the switch is connected to the router to all VLANs.
Note that the egress rule is set to Untagged.
Please refer to this article: How to configure 802.1Q VLAN?
Best Regards!
- Copy Link
- Report Inappropriate Content
What do you mean with the egress rule needs to be untagged?
Yes port 24 is the uplink to the router and in all 3 vln's. I have even made port 24 a trunk port permit all.
I do not understand why prts 5 and 7 do not get an ip from the router, they are both in vlan 1 only the PVID is different.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Dear @surfer1 ,
To better help you, could you please tell me the network topology of your all devices?
If you can send me the screenshots of your VLAN settings contains how you set the PVID, it will be more helpful for us.
Please also tell me what is your application scenarios and network requirements, why do you set 3 VLAN but you said you just want to accomplish that ports 5,6,7 cannot reach devices on the other ports but can connect to Internet?
Thanks for your cooperation and patience.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
This is the tab routing although i changed the interface why there is now 10 in the printscreen but it is now: 192.168.1.0/24 and next hop is 192.168.1.1
And the router which is on port 24 has 192.168.1.2
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 2577
Replies: 18
Voters 0
No one has voted for it yet.