VLAN Clarification Needed


Recommended Posts

I have successfully created a VLAN for my VOIP phones, and it works. However I am new to VLAN still and would like to maybe branch off some PCs in different departments. However I'm not getting something. If I use PVID and assign it say... 20, shouldn't all the pcs that connect to the switch I give a PVID be apart of a VLAN 20? Or do you actually have to tell the device / PC what VLAN it belongs to? I'm kinda lost on that. The polycoms let me manually assign VLAN 10 in their configuration and I just TAG it on the switch. I know they are separate because I can't ping them. And they show VLAN 10.

Link to comment
Share on other sites

You'd have to assign the ports on the switch to that VLAN.

E.g. if computer A should be on VLAN 20, then you'd have to set the port on the switch it connects to (say port #4) to VLAN 20.

 

I'm not aware that you can set VLANs remotely directly to a computer like you can phones, but I know Windows does have a VLAN ID in the network properties, so maybe it's possible. I just haven't done it.

Link to comment
Share on other sites

Well that is what I thought as well, but I put my phones on VLAN 10 (IP range.. 192.168.10.*), and my PC's, Printers, etc. VLAN 1 (192.168.1.*). Anyway, I assign a port on the switch port# 37 for example, I give it a PVID of 10, and manually assign a IP to a PC with 192.168.10.5. But it will not ping anything on VLAN 10 like it is supposed to as I thought it would. So I am missing something somewhere. If I take my MacBook and set the VLAN ID to 10, I can ping all of VLAN 10 like it should work. But otherwise it is like the PVID doesnt apply. And I assume you do not have to Tag the PVID either since it is considered "Static". 

 

I am using a Netgear GS748TPS Smart Switch btw.

Link to comment
Share on other sites

So wait, if you set your macbook to the static IP and tag vlan 10 it works? But if you set your windows PC with the same static IP but no tag it doesn't work? Is that correct?

If that is so, then your switchport is acting as a trunk. Your Windows box would be put traffic on the native vlan of the port (untagged), whereas your macbook would tag the packets with vlan 10 and that's why it works.

Link to comment
Share on other sites

@OP

Normally for PCs or whichever devices that are not aware of VLANs. You will need to connect to untagged ports.

If you set PVID 20/Untagged member of VLAN 20, then you don't need to tell the device in which VLAN it is.

Also, I wouldn't suggest setting VLANs in NIC settings in PCs as that feature is not supported by all NICs.

Link to comment
Share on other sites

I have gone through the instructions on the netgear site, it looks to be that is a l2 switch.  It does not support internal routing if that is the case.  I cannot see a way to configure an ip address for the individual vlans to act as a gateway for that vlan for all computers attached.  That said, you would have to put a physical nic on each vlan to act as a gateway and dhcp for each vlan.  This is a very sloppy way of doing things and you burn an extra port for each vlan on the switch for this.  I would state that it isn't easily configured with that switch and to get a better switch with layer 3 switching capabilities.

Link to comment
Share on other sites

Ive got a similar issue which may help the OP in some way.

a netgear switch also -

I 4 ports vlaned on vlan 42 and the rest on vlan 1

 

Now for some reason DHCP isnt getting passed through onto the vlan 42....

Any ideas?

 

(There is a DHCP server on vlan 42)

Link to comment
Share on other sites

If you have a dhcp server on the 42 network it could be that the server is not activated or the dhcp service isn't running that is much simpler.  If you have time right now we can take a look at it pm me a http://www.join.me meeting number and we can troubleshoot the issue together.

Link to comment
Share on other sites

I am pretty sure since your switch is only a level 2 that you need a router for every vlan . Some expensive level 2 switches create a table that allows inter vlan pc's to communicate but those switches are expensive.

 

In your case you would need a router for every vlan.

Link to comment
Share on other sites

Thanks SC, my corprate network is firewalled so theres no way you can get in...

I haven't got that switch connected up at the min either, the annoying thing is i had it all working in my lab, then forgot to save the config and powered it off :/

Link to comment
Share on other sites

Getting in is as easy as going out to a website (generally IT isn't protected from getting out), allowing access, well that is company policy.  Just saying that there is a difference between company policy, and not having access because you are "firewalled".  I work in a secure environment and ocassionally we need to do webex/join.me/logmeinrescue/etc with vendors...they are all the same as far as access goes, it isn't like I am requesting a rdp connection into your network that would require firewall ports to be opened up, unless you have super strict outbound ports locked down...but even still would need to allow support requests to come through for vendors...again more policy based than flat out "firewalled".

Link to comment
Share on other sites

Vlans can be such a pain when you get into things like trunking etc.

If you just want separate networks (don't have multiple switches) don't do trunking at all just do switchport access vlan x on the switch, The client computers don't need anything configured just plug them into whatever vlan you want.

To make the clients access resources on another vlan/network you need a router or a secure gateway that can do routing.

For example

XWr8qNE.png

If all the clients are on ports 0-12 and they want to get to the internet they will contact the default gateway on that interface the tmg servers they will then route the traffic to the edge router assuming the rules have been setup.

The clients don't need to know what vlan they are on.

Link to comment
Share on other sites

This topic is now closed to further replies.