TL-SG2008 902.1q vlan untagging and tagging ports
Hello, as a newbie to switches, I need a little help for my simple network.
I have created two examples in the images below and I would like to ask the following:
Assuming that my router is connected to port 1 of the switch, and a few pc's are connected to ports 5 through 8, which of the images correctly allows the pc's to access the internet?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
@xmanhattan The IP addresses of a VLAN are applied by the router DHCP. The switch breaks out the VLANs to the specific ports, or combines them for trunking to a router or other switch.
For instance if you make a network that the DHCP address space is 192.168.1.2 to 192.168.1.100 that we'll call VLAN 100. Then the next network can be 192.168.1.101 to 192.168.1.150 that we call 200. The VLANs shouldn't overlap in the IP addresses assigned unless the VLAN is fully isolated, so a VLAN 300 that is 192.168.1.1 to 192.168.1.200 could interfere with both 100 and 200.
So for the info you provided. Cameras and the NVR looks to be ports 2,3, and 4, so those all should be on the same VLAN with untagged ports under that VLAN. The camera VLAN would then be tagged on port 1 to the router for inter-VLAN routing and ACLs. TV VLAN would be untagged on port 5 and tagged on port 1 like you have. And then PC VLAN would be untagged on 6, 7, and 8, and then port 1 would be tagged or untagged if the PC VLAN is the base default LAN for the router.
VLANs are just like your physical LAN, just sharing the cables. Each VLAN needs a DHCP and if connecting to other internal or external networks it needs a gateway.
- Copy Link
- Report Inappropriate Content
The port on which the switch connects to the router is recommended to be set to Tagged, and the port on which it connects to the PC is set to Untagged, as the PC cannot handle Tagged data.
- Copy Link
- Report Inappropriate Content
Hello Virgo,
Here is my attempt at creating the logic for the switch configuration based on your answer.
Are these settings correct?
1st group - VLAN #100 - port 1
allow access to router for
192.168.1.1 Tagged
192.168.1.xxx - port 6, 7, 8 UnTagged
192.168.1.100 - port 5 UnTagged
192.168.1.201 - port 4 UnTagged
2nd group - VLAN #200 - port 2 & 3
allow two ip cameras to send video to DSM
192.168.1.20 Tagged
192.168.1.21 Tagged
192.168.1.201 UnTagged
3rd group - VLAN #300 - port 4
allow access to cameras by pc's
192.168.1.xxx Tagged
192.168.1.20 UnTagged
192.168.1.21 UnTagged
4th group - VLAN #400 - port 5
allow TV access to router
192.168.1.1 Tagged
192.168.1.100 - port 5 UnTagged
5th group - VLAN #500 - port 6, 7, 8
192.168.1.1 Tagged
192.168.1.xxx - port 6 UnTagged
192.168.1.xxx - port 7 UnTagged
192.168.1.xxx - port 8 UnTagged
I assume that untaged devices will be allowed access or denied. I am not sure if I can write it that way.
If the TV uses a dynamic ip address, would that mean that I can eliminate the 4th group?
Thank you for your help.
- Copy Link
- Report Inappropriate Content
@xmanhattan The IP addresses of a VLAN are applied by the router DHCP. The switch breaks out the VLANs to the specific ports, or combines them for trunking to a router or other switch.
For instance if you make a network that the DHCP address space is 192.168.1.2 to 192.168.1.100 that we'll call VLAN 100. Then the next network can be 192.168.1.101 to 192.168.1.150 that we call 200. The VLANs shouldn't overlap in the IP addresses assigned unless the VLAN is fully isolated, so a VLAN 300 that is 192.168.1.1 to 192.168.1.200 could interfere with both 100 and 200.
So for the info you provided. Cameras and the NVR looks to be ports 2,3, and 4, so those all should be on the same VLAN with untagged ports under that VLAN. The camera VLAN would then be tagged on port 1 to the router for inter-VLAN routing and ACLs. TV VLAN would be untagged on port 5 and tagged on port 1 like you have. And then PC VLAN would be untagged on 6, 7, and 8, and then port 1 would be tagged or untagged if the PC VLAN is the base default LAN for the router.
VLANs are just like your physical LAN, just sharing the cables. Each VLAN needs a DHCP and if connecting to other internal or external networks it needs a gateway.
- Copy Link
- Report Inappropriate Content
Hello JoeSea and thanks for your assistance.
I believe that I have set the vlans correctly. I assume that vlan 1, the default stays the way it is. I should have named it Switch-VLAN.
I setup Vlan-100 for the router as it is connected to port 1.
I have setup the others using the same logic. So far everything appears to work.
Thank you.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1344
Replies: 4
Voters 0
No one has voted for it yet.