Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

LAN & WAN How To

Example 2

In this example, I'm going to use a ZyXEL ZyWALL 110 router, Cisco SG200-26 switch, and NETGEAR GS108T switch. I am using two switches in this example to demonstrate an inter-switch 802.1Q trunk.

The ZyWALL 110 has two LAN interfaces, both of which can support multiple VLANs. In this example, I'm configuring the ZyWALL's LAN2 interface with VLANs 10, 11, and 12, as shown below. This means the LAN2 interface is supporting four VLANs: LAN2's PVID or native VLAN, plus the three VLANs I created.

I've also configured a DHCP server on each VLAN. LAN2's native VLAN uses the 172.23.2.0/24 subnet. For VLANs 10-12, I created DHCP servers to use the 172.23.10.0/24, 172.23.11.0/24, and 172.23.12.0/24 subnets.

Create VLANs on ZyXEL Router

Create VLANs on ZyXEL Router

I'm connecting the ZyWALL's LAN2 interface to the Cisco SG200-26 switch. I've created VLANs 2, 10, 11, and 12 on the SG200-26 and made ports 17 and 18 trunks. Port 17 will be my trunk from the ZyWALL to the Cisco switch, and port 18 will be my trunk from the Cisco switch to the NETGEAR switch. The PVID, or native VLAN, or ports 17 and 18 is VLAN 2. Ports 17 and 18 are untagged members of VLAN 2, have a PVID of VLAN 2, and are tagged members of VLANs 10,11, and 12, shown below.

Any port on the Cisco switch that I configure as an access port and untagged member of VLAN 2, 10, 11, or 12 will place the device connected to that port in the assigned VLAN. As you can see below, I've configured port 9 as a member of VLAN 2, port 10 a member of VLAN 10, port 11 a member of VLAN 11 and port 12 a member of VLAN 12. Access ports will have a PVID equal to their VLAN assignment.

VLANs on Cisco Switch

VLANs on Cisco Switch

To extend my VLANs from the Cisco Switch, I'll connect port 18 on the Cisco switch to a similarly configured port on the NETGEAR GS108T switch. On the NETGEAR, I've configured port 4 as my trunk, making port 4 an untagged member of VLAN 2 and a tagged member of VLANs 10-12. My trunk port will have a PVID = 2. I've also configured the GS108T's port 5 as an untagged member of VLAN 2, port 6 as an untagged member of VLAN 10, port 7 as an untagged member of VLAN 11, and port 8 as an untagged member of VLAN 12.

VLAN Tagging on NETGEAR Switch

VLAN Tagging on NETGEAR Switch

The image above, which is a combination of four screenshots from the GS108T, shows my tagging configurations on the NETGEAR switch by VLAN and port. The image below shows my PVID assignments by port.

VLAN PVIDs on NETGEAR Switch

VLAN PVIDs on NETGEAR Switch

With these configurations, port 9 on the Cisco switch and port 5 on the NETGEAR switch are on VLAN 2, port 10 on the Cisco switch and port 6 on the NETGEAR switch are on VLAN 10, port 11 on the Cisco switch and port 7 on the NETGEAR switch are on VLAN 11, and port 12 on the Cisco switch and port 8 on the NETGEAR switch are on VLAN 12. Since I've configured DHCP settings to align with VLANs, I can tell which VLAN a PC is on by checking its IP address.

Conclusion

Some devices, such as the Cisco SG200-26 used in this example, allow you to configure port type as access, general, or trunk. Access ports can only be members of one untagged VLAN and should be used for ports connected to PCs. General ports can be members of multiple untagged VLANs. General ports are useful when configuring port-based VLANs on an 802.1Q devices, as discussed in my previous article. Trunk ports can be members of one untagged VLAN and multiple tagged VLANs, and should be used for ports connecting to other 802.1Q VLAN aware devices, such as the devices used in the above examples.

In these two examples, I've set up 802.1Q VLAN tagging between a router and a switch, between a switch and an access point and between two switches. The first key is making sure your VLAN assignments match on each end of a trunk. Specifically, the untagged PVID (native VLAN) should match on each end of a trunk and you need to specify the remaining tagged VLANs on each end of the trunk. The second key is making sure your device ports have the correct VLAN assignment and a matching PVID. I found it helps to write down a chart of VLANs, ports, and tagging assignments before you start configuring.

802.1Q VLAN tagging allows segmentation of network traffic by VLAN and by subnet. With this segmentation in place, security and QoS rules can be created on one or more devices to filter traffic between VLANs and/or subnet and to prioritize traffic by VLANs and/or subnet. In a future article, I'll put together a few examples of filtering and prioritization to do just that.

More LAN & WAN

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

Hi all,I have a 86U running latest stable Merlin firmware. I have a VPN server setup on my 86U so I can access home devices when I am away from home. ...
I am trying to setup SSH tunneling on AC-RT68U router. The purpose is to route all internet traffic through SSH tunnel to my router so I can browse fr...
Salve desideravo sapere se il router rt-ac87u con l'aggiornamento del firmware è compatibile con il supporto aiMesh
Hello,Digging up an old thread for some (possible) updates. I would appreciate if you can have a look at my old post below . https://www.snbforums.com...
I have a windows window environment for DNS at home. Was working fine but need IPv6.After enabling, the routers Ipv6 address is being advertised as th...

Don't Miss These

  • 1
  • 2
  • 3