Recommended Posts

Hey guys,

 

I'm trying to create a VLAN so that I can separate the home network from my lab network. I'm having issues getting it to setup properly.

 

I'm able to ping the switch IP via VLAN 1 (192.168.1.221) and 10 (10.1.10.221) but I can't ping any computers across VLANS or reach the internet on VLAN 10. The PC on VLAN 10 has a static address (10.1.10.25/24) with the switches IP (10.1.10.221) as the gateway.

 

ASUS RT-AC66U Router w/ ASUS-Merlin Config:

 

IP Address: 192.168.1.1/24

DHCP (VLAN 1): 192.168.1.100-200 -- 192.168.1.221 (Gateway)

Static Route: 10.1.10.0/24 - 10.1.10.221 (Gateway)

 

HP v1910 Switch Config:

 

post-4233-0-15070600-1423643164.jpg

post-4233-0-86045800-1423643162.jpg

post-4233-0-62615000-1423643163.jpg

 

I'm not sure what i'm doing wrong at this point.

Link to comment
https://www.neowin.net/forum/topic/1246526-vlan-setup-help/
Share on other sites

native vlan needs to be untagged and the 2ndary vlan needs to be tagged. some APs require that. 

 

then on the AP the native vlan ssid (main one) gets untagged and then the guest or lab ssid gets tagged for the 2nd vlan. 

 

adjust firewall rules accordingly

  On 11/02/2015 at 08:56, Cryton said:

Can you draw a diagram for the layout? Is the switch managed? If the router is aware of both VLANs (and so both IP networks) does it have routing turned on (you need a router configured to move data between different IP networks).

 

Here is a quick diagram I made:

post-4233-0-46012400-1423682031.jpg

VLAN ID	Subnet	        GW/VLAN Interface IP	DNS
1	192.168.1.0/24	192.168.1.221	        192.168.1.1
10	10.1.10.0/24	10.1.10.221	        Unknown

The switch is a HP 1910-24G Layer 3 lite managed switch. I have created a static route on the ASUS to the new subnet (10.1.10.0/24). I'm perfectly fine with starting from scratch if that helps.

 

I've been using this guide to configure the network: http://www.smallnetbuilder.com/lanwan/lanwan-howto/32098-how-to-use-a-layer-3-switch-in-a-small-network

 

  On 11/02/2015 at 09:22, remixedcat said:

native vlan needs to be untagged and the 2ndary vlan needs to be tagged. some APs require that. 

 

then on the AP the native vlan ssid (main one) gets untagged and then the guest or lab ssid gets tagged for the 2nd vlan. 

 

adjust firewall rules accordingly

 

I'm fine with the wireless being on the default vlan as its for home use only.

I don't think that switch is layer 3, does it do intervlan routing?  If not then you would have to have trunk port between it and the router, and the router would need IP in that other vlan, and the router is your layer 3.

Looks like that 1910 does intervlan routing...it is probably like the sg300 where you have to enable layer3/router mode, but it seems to me that it may be a manual process.

 

http://h17007.www1.hp.com/us/en/networking/products/switches/HP_1910_Switch_Series/index.aspx#tab=TAB2

"Static IPv4/IPv6 routing

But if he wants the switch to do the routing, would have to add the routes to router as well, and allow any firewall rules to allow that other subnet.  And have to setup NAT for it as well, etc.  Much easier to just use that switch as layer 2 and have the router do the routing.

  On 11/02/2015 at 20:08, BudMan said:

I don't think that switch is layer 3, does it do intervlan routing?  If not then you would have to have trunk port between it and the router, and the router would need IP in that other vlan, and the router is your layer 3.

 

Yes it does do intervlan routing. If I create 2 vlans on the switch (vlan 10 and 20) and have devices on both vlans i'm able to ping each of them but still not able to ping anything on vlan 1.

 

  On 11/02/2015 at 20:12, sc302 said:

Looks like that 1910 does intervlan routing...it is probably like the sg300 where you have to enable layer3/router mode, but it seems to me that it may be a manual process.

 

http://h17007.www1.hp.com/us/en/networking/products/switches/HP_1910_Switch_Series/index.aspx#tab=TAB2

"Static IPv4/IPv6 routing

OK, what I would do is use the switch as your gateway, not the router. 

 

192.168.1.221 would be the gateway for all of your devices on the 1.x network. 

 

The switch should also have an ip on vlan 10.  That would be the gateway for the 10.1.10.x network (10.1.10.221)

 

The switch should be able to tell traffic where to go.  There should be a default gateway on the switch and that would be your router, 192.168.1.1

But that switch is not doing nat, so that asus router not going to have a clue about 10.1.10 - and would send traffic out its default (internet) to get to it..  So if you want to use the switch as downtstream router then the asus has to know about it, and also nat it for internet access.

 

While downstream routers might make sense in a large network for a home with 2 segments - it way over complicating it.  The asus should be the only layer3 device.

 

Also if you let the router do the layer 3, you gain the ability of full firewall between segments.  While that switch might do some intervlan routing I doubt it has full layer 4 ACL support.

 

So your switch can setup untagged port on 10, trunk connection to router - router has the svi for 10 vlan and would be the gateway.  Also it would then know to nat that network, etc.  But I am not sure on the full feature set of that merlin software?

 

Use it as an AP and run pfsense on one of your esxi/hyperV boxes now you have full control ;)

The switch doesn't have to do NAT.  On a basic setup like this, what would be the point?  The nat device is the asus (192.168.1.1)....hell I would have the switch on 3 vlans...one for the outside network equip, one for the computer side and one for the vmware. 

 

 

Something like 192.168.1.x outside network equipment, 10.1.0.x vmware, 172.16.1.x computer

 

Router has ip 192.168.1.1

Switch has 192.168.1.10 with a default route to 192.168.1.1

Switch also has 10.1.0.1 and 172.16.1.1 on the proper vlans. 

 

The asus would have to have a static route for 10.1.0.x and 172.16.1.x an point to 192.168.1.10 for both of those routes.  Should be easy enough to do.

"The switch doesn't have to do NAT."

 

Agreed..  Which was just backstory to why it needs a route ;)  If it did do nat, then you wouldn't need to route.

 

But I still think that a downstream router is useless..  Just have the asus do all the layer 3.

  On 11/02/2015 at 20:51, sc302 said:

The switch doesn't have to do NAT.  On a basic setup like this, what would be the point?  The nat device is the asus (192.168.1.1)....hell I would have the switch on 3 vlans...one for the outside network equip, one for the computer side and one for the vmware. 

 

 

Something like 192.168.1.x outside network equipment, 10.1.0.x vmware, 172.16.1.x computer

 

Router has ip 192.168.1.1

Switch has 192.168.1.10 with a default route to 192.168.1.1

Switch also has 10.1.0.1 and 172.16.1.1 on the proper vlans. 

 

The asus would have to have a static route for 10.1.0.x and 172.16.1.x an point to 192.168.1.10 for both of those routes.  Should be easy enough to do.

 

This is exactly what I would want to do. I do want more vlans for things like iscisi, vmware, etc. but for now I want to make sure that it works with one vlan.

 

  On 11/02/2015 at 21:09, BudMan said:

"The switch doesn't have to do NAT."

 

Agreed..  Which was just backstory to why it needs a route ;)  If it did do nat, then you wouldn't need to route.

 

But I still think that a downstream router is useless..  Just have the asus do all the layer 3.

 

When you say that the asus needs to do all layer 3 what exactly do you mean? 

 

I would love to do pfsense but at this point i can't guarantee the uptime of the hyper-v/vmware servers as they are my test machines. I have a Dell C6100 that i got on the cheap and have 4 nodes for it. While i can dedicate a node to pfsense (run on usb w/o hard drive) it seems like a waste of power.

  On 11/02/2015 at 21:26, OrangesOfCourse said:

When you say that the asus needs to do all layer 3 what exactly do you mean? 

I mean that your vlans are on that asus and it does the routing between the segments/vlans/internet.  The switch would be just layer 2.

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Tell you what, let me download Windows Media Center 8.9.2 and give this another crack.
    • Imagine if nobody ever kicked upstream to the Linux kernel. Bet we wouldn’t be seeing anything near as good as what we have today. But let’s give Apple a pass I guess.
    • RapidRAW 1.3.0 by Razvan Serea RapidRAW is a beautiful, non-destructive, GPU‑accelerated RAW image editor designed for speed and simplicity. It uses a lightweight (~30 MB), efficient code base built with Rust, React and Tauri. Ideal for Lightroom workflows, it offers rich editing tools—exposure, contrast, highlights, shadows, whites/blacks, tone curves, HSL mixer, dehaze, vignetting, film grain, sharpening, clarity and noise reduction—processed in real-time on the GPU. Features include intuitive masking (brush, linear, radial, AI-powered subject and foreground detection), generative edit layers (via ComfyUI), 32‑bit precision, and full RAW format support through rawler. RapidRAW also provides library management (folder navigation, ratings, metadata, EXIF viewer), batch operations, export presets (JPEG/PNG/TIFF), sidecar editing (.rrdata), undo/redo history, customizable UI themes, smooth animations, resizable panels, and preset copy/paste. A modern high-performance Lightroom alternative with polished UX and creative tools, RapidRAW brings powerful photo editing to photographers seeking speed, responsive GPU feedback, and streamlined workflows. RapidRAW 1.3.0 changelog: Fuji RAF X-Trans Support: most Fuji cameras and RAF files are now supported! The demosaicing algorithm still has room for improvement - particularly in the corners - but it’s already quite usable. Fixed a bug that caused the image to reload from disk every time the thumbnail was updated, which led to performance issues on slower systems. Download: RapidRAW 1.3.0 | 19.8 MB (Open Source) View: RapidRAW Home Page | Screenshot | Other operating systems Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Typically when the buying isnt attempting to find the cheapest deal but prefers the safest purchase, I recommend just buying it from the Microsoft Store directly, its a $99 upgrade from Home to Pro, its not a huge deal. I have had to do this a few times when they bought a PC off amazon that claimed it was Pro and was not.
    • T-FORCE XTREEM 6000/C30 DDR5 memory review: Blows Corsair VENGEANCE away by Steven Parker TEAMGROUP is a memory, AIO and SSD manufacturer based out of Taiwan and founded in 1997. They sell memory under the T-FORCE brand, and when their contact person reached out to me wondering if I was interested in taking a look at their memory sticks, I jumped at the chance; this follows a review for I did for them back in May testing their DELTA 7200MT/s DDR5 memory kit. First a disclosure, TEAMGROUP sent me this XTREEM DDR5 32GB (2x16GB) 6000MT/s CL30 Black kit sample to keep, without any review pre-approval. Sayan Sen contributed to this feature, and also provided the benchmark graphics. Specifications First off, here are the full specifications of this memory kit. XTREEM DDR5 32GB (2x16GB) 6000MHz CL30 Brand T-FORCE Series XTREEM Model FFXD532G6000HC30DC01 Capacity 32GB (2 x 16GB) Type 288-Pin PC RAM Speed DDR5 6000 (PC5 48000) CAS Latency CL30 Timing 30-36-36-76 Voltage 1.35V Die SK Hynix M-Die 4.D Rank 1xR (Single Rank) ECC No, On-Die ECC Buffered/Registered Unbuffered BIOS/Performance Profile Intel XMP 3.0 / AMD EXPO Color Black, White Heat Spreader Yes Recommend Use Intel 800,700 / AMD 800, 700 Series LED Color No Price $105.99 Introduction The T-FORCE memory was benchmarked in the following system: Cooler Master MasterBox NR200P MAX ASRock Z790 PG-ITX/TB4 Intel Core i7-14700K with Thermal Grizzly Carbonaut Pad Corsair Vengeance 2x16GB 6000MT/s CL30 (XMP Profile) TEAMGROUP T-FORCE DELTA 2x16GB 7600MT/s CL36 ASRock AMD Radeon RX 7900 XTX Phantom Gaming Kingston Fury Renegade SSD The ASRock Z790 PG-ITX/TB4 motherboard had BIOS version 15.01 at the time of testing, and I reset BIOS to default settings and only enabled the Intel XMP 3.0 profile with all of the tested memory. Windows 11 was up to date with July Patch Tuesday build 26100.4652 (KB5062553) at the time of testing and I ensured I had minimal programs running in the background with the exception of AMD Adrenaline, Razer Central, and Microsoft Defender active in the system tray. Benchmarks For our benchmarks, UL Solutions provided us with Professional (commercial use) licenses for 3DMark, and Procyon; and a copy of AIDA64 Engineer was provided to us by Aida64.com. In addition, HWiNFO provided us with a commercial license that let us confirm that this kit is Hynix SK, M-die, Single Rank memory. We start with AIDA64 Cache & Memory Benchmark for all four kits to get a measure of the full capabilities of each of them: T-FORCE XTREEM DDR5-6000 CL30: Corsair VENGENCE DDR5-6000 CL30: T-FORCE XTREEM DDR5-7600 CL36: T-FORCE XTREEM DDR5-7200 CL34: Following the purely synthetic tests, we next move to workloads that are more representative of typical tasks like gaming, AI, productivity, and other everyday usages. For reference, in the charts below, the memory kits are sorted by different color shades of blue, the higher the frequency the deeper the shade. Starting with 3DMark, we tested the physics test only and not the entire suite since the CPU is what is necessary for processing the game physics, logic, as well as GPU draw calls for the graphics card. A CPU-heavy test like the 3DMark Physics test helps to gauge the CPU's true gaming capability. The XTREEM DDR5-6000 CL30 kit does exceptionally well on 3DMark DirectX 11 especially in Sky Diver—which also makes sense, given that it is lighter graphically and thus the CPU has more to do here than on Fire Strike, relatively speaking. On Sky Diver, we see a 19% better performance than the Corsair VENGEANCE memory that is specced similar. On Fire Strike too the XTREEM 6000 CL30 was the fastest. In DirectX 12, things do not change much as TeamGroup's 6000 CL30 kit keeps up with the faster memories. However the performance differences are not as prominent as were in the case of DX 11 since the older API was more single-thread bound and thus ran into CPU bottlenecks far more easily. The XTREEM 6000 C30 RAM uses SK Hynix M-Die and that could explain this really great showing. The AIDA64 memory and cache synthetic benchmark above did not hint at such a big gap in real-world performance and this has definitely surprised us, in a good way. 7-Zip decompression was the only test the new T-FORCE memory lost in, though as you can see above, the scores are all quite close to one another. In decompression however the XTREEM 6000 CL30 kit trumps the CORSAIR VENGEANCE by a good margin.. Next we checked out AIDA64's AES, Zlib and PhotoWorxx benchmarks as we wanted to see check performance in things like encryption (AES), data compression (Zlib), and image processing (PhotoWorxx). AIDA64 showed almost no difference in the AES test as all kits were in the margin of error territory. This surprised us as we thought the RAM differences would reflect better in an encryption benchmark. That is evidently not the case as it seems the processor is more important. It's a similar story for Zlib too, which was another surprising result given that Z-Zip earlier showed a significant difference. Thus, it is clearly not a case of one-size-fits-all as the compression algorithm on Zlib is much less sensitive to memory than the one in the 7-zip benchmark. PhotoWorxx was where we saw the differences between the kits. Both the 7200 and the 7600 modules were much faster than the 6000 ones. We tested browsing performance using Speedometer 3.0. Speedometer provides a value and also a range showing the highest and lowest scores as indicated in the chart above by the two set of scores for each browser. Microsoft Edge showed the most response to faster memory speeds but Chrome also liked the new XTREEM 6000 RAM. Mozilla's Firefox too, which was generally quite uncaring of memory speed and latencies in case of the other kits, seemed to love these XTREEM Black 6000 CL30 modules. Next up, we did some productivity testing with UL's Procyon suite of benchmarks. First up, we have the Office test and the TeamGroup 6000 C30 kit does an amazing job here as it even outpaces the faster memories. We also ran Computer Vision, which is an AI inference benchmark and saw identical figures with each of the RAM kit. Each of them put up around 192 points. We used the WinML API and float32 precision as it is more memory-heavy than float16. Finally we have Geekbench AI and once more, the XTREEM 6000 CL30 put on a great show especially in the case of the Quantized metric. However, it must be noted that we updated Geekbench AI from 1.2.0 to 1.4.0 and although Geekbench warns that scores cannot be compared between major versions, what the margin of error is between point versions is unknown. Pricing Kit Capacity Timings Current Price T-FORCE XTREEM DDR5-6000 CL30 2 x 16GB 30-38-38-76 1.35V $105.99 Corsair VENGENCE DDR5-6000 CL30 2 x 16GB 30-36-36-76 1.40V $135.99 T-FORCE XTREEM DDR5-7600 CL36 2 x 16GB 36-46-46-84 1.40V $137.99 T-FORCE XTREEM DDR5-7200 CL34 2 x 16GB` 34-42-42-84 1.40V $186.99 Conclusion Coming into the review, I did not expect to see such a big difference in the kits' performances; since both the TeamGroup and the Corsair are rated at 6000 CL30, I thought they would be trading blows in most cases. However as we see, that is clearly not the case as the XTREEM Black memory punches well above its weight. Currently the kit of Corsair Vengence on Amazon costs $30 more since the XTREEM memory is ~$106; in fact there's a note that the Corsair kit is frequently returned, which is not good. I find it hard to find any faults at all with this memory kit and it is a 10 out of 10 for sure considering the value and the performance. The only thing that may be works against it is the lack of RGB lighting but that is simply not enough to deduct a point in our book given its outstandingvalue for money. TEAMGROUP gets a thumbs up from me for their T-FORCE memory, they installed without any issues and from the multiple times I powered on the system, the ASRock motherboard did not have to recalculate the timings. As an Amazon Associate we earn from qualifying purchases.
  • Recent Achievements

    • Week One Done
      KenKay earned a badge
      Week One Done
    • One Month Later
      KenKay earned a badge
      One Month Later
    • Dedicated
      Amadou earned a badge
      Dedicated
    • One Month Later
      TheRingmaster earned a badge
      One Month Later
    • First Post
      smileyhead earned a badge
      First Post
  • Popular Contributors

    1. 1
      +primortal
      641
    2. 2
      ATLien_0
      243
    3. 3
      Xenon
      182
    4. 4
      neufuse
      154
    5. 5
      +FloatingFatMan
      121
  • Tell a friend

    Love Neowin? Tell a friend!