I understand there is a Fiber  connection. Having a fiber connection is fine. What is the problem? What  are you trying to do?

By looking at the other forum topic, those people are  trying to 'bypass' a 2-wire routing device, from what I can understand,  they're not happy with their ISP equipment.

If you're switch is putting a port in to discard, it means you're running two physical wires between the switch and whatever you're connecting to.

You can disable spanning tree to prevent the port getting shut down, but at the same time, you're going to receive a network loop.

-Tom
Please rate helpful posts

This is my current setup, once RV042G plugged into SG200-18, WAN1 will not be able to get IP from SINGTEL ONT.

Please see attached my SG200-18 VLAN configurations, I suspect that this only happenned to CISCO devices. I replaced RV042G with Fortinet 60C, everything just work.

This won't work fine, unless the Fortinet is configured to intervlan route.

The RV042 supports only port based vlan and does not support SVI (switch virtual interfaces). The switch is a layer 2 switch, not a layer 3 switch, which means there will be no inter vlan communication, therefore LAN 1 will not communicate to "LAN 3". Lan 14 will also not talk to anything. In addition, 802.1q specifies that regardless of vlan, there is only 1 spanning-tree instance.

The fortinet router is a $800 CLI device compared to a $200 gui unit, this is quite apple and oranges with an entirely different feature set and class.

-Tom
Please rate helpful posts

Hi Thomas,

I understand that Fortigate and RV042G have no direct comparison; I am just saying that without any configuration Fortigate have not issue on working in my scenario with zero configuration.

I am not asking SG-LAN 1 to communicate to SG-LAN3 or 14. SG-LAN 1 and 3 are dedicated for SINGTEL ONT which needs VLAN 10, whereby for the rest are on default VLAN (Which is VLAN 1). RV-LAN 1 is also on VLAN 1, but once it is plugged into SG-LAN (VLAN 1), it just caused SG-LAN 14 (VLAN 10) not to work. You get more picture now?

Only SG-LAN 1 and 14 are on VLAN 10 whereas others are on default VLAN, could you please advice why once RV-LAN (DEFAULT VLAN 1) plugged into SG-LAN (DEFAULT VLAN 1) and SG-LAN 14 does not work?

802.1q specifies that regardless of vlan, there is only 1 spanning-tree instance. If you have 2 connections to the RV042 from the switch, 1 link should be discarding/blocked.

-Tom
Please rate helpful posts

Regardless whether it is to WAN or LAN? In my setup, switch is going to RV-WAN and RV-LAN, to cisco router it dont care because it is a layer 2 router?

As RV042G doesnt have VLAN tagging for WAN, hence i need to make SG200-18 Port 1 to talk to ONT and Port 14 talk to RV042G to get public IP through ONT; ONT is using VLAN 10.

Also why Fortigate 60C works? (I did nothing on configuration, Fortigate still uses the VLAN 10 created by SG200-188 and not Fortigate in built WAN VLAN tagging). Do you mind help explaning a bit? Thanks...

Hi Lian,

You said the SG200 is a layer 2 router, it's a layer two switch. But this brings up a point which is,  Tom anf myself may be slightly misinterpreting your post.

So I am going to ask a couple of questions  to better understand the setup.

Does the ONT really transmit out  TAGGED VLAN frames  to my switch or does it only transmit to my switch untagged Ethernet frames. 

1. A way to test this , is can your PC plug into the ONT and get internet connectivity ?

   2.   I'm guessing the ONT is just a Internet connection from SINGTEL for Internet connectivity, am I correct ?

You show in your orginal post the following vlan configuration ;

1) SG200-18 configuration

- VLAN 10 and 20

- VLAN 10: Port 1 tagged, Port 14 untagged

- VLAN 20: Port 1 tagged, Port 13 untagged

- Port 1: 1UP, 10T, 20T Admit tagged PVID 1

   3.  Is the diagram further up this post  correct or should VLAN1 be really  VLAN10 ?

If the ONT presents you with just a copper  ethernet connection of untagged frames, i think the configuration of GE1 on the switch is wildly  incorrect.

   4.   Why do you have unagged vlan 1 on port GE1 ?

   5    Why do you have tagged VLAN 20 on the GE1 (connection to ONT)  What is the purpose of VLAN20 ?

VLAN mode on GE1 is real suspect, in fact I cannot understand why you are using general mode on your switch ports. .

VLAN interface General mode can be disruptive, as you have seen from your results, have a look at the description from the built in admin guide by pressing the help icon in the top right hand corner of your screen.

here is a acopy of the help text from my SG300 series switch.

Interface VLAN Mode—Select the interface mode for the VLAN. The options are:

• General—The interface can support all functions as defined in the IEEE 802.1q specification. The interface can be a tagged or untagged member of one or more VLANs.
• Access—The interface is an untagged member of a single VLAN. A port configured in this mode is known as an access port.
• Trunk—The interface is an untagged member of one VLAN at most, and is a tagged member of zero or more VLANs. A port configured in this mode is known as a trunk port.

Arghhh  that always raises a warning sign.  General mode allows a untagged switch port to be members of many VLANs..wow... useful if you are using radius to allocate a VLAN to a 802.1x PC client, but it seems dangerous in your application.

Why is GE1 of the switch in General mode, why not leave all ports  in the default trunk mode   it's safer

(note: trunk mode allows for one untagged VLAN by many tagged VLANs )

If the ONT transits untagged frames to the switch and is just a Internet connection.the try the following steps to get the Internet to the wan port of the RV042G.

step 1.  OK leave the ingress port GE1 in trunk mode, in fact all ports to trunk mode.

step 2.  Add vlan10  as untagged member of  GE1. (you may have to exclude VLAN1)

Step 3.  Make switch port GE14 a untagged member of VLAN10  ( you may have  to exclude VLAN1 from GE14.)

If the ONT is transmitting multiple tagged VLANS into your network the above three steps wont work.

So lets see some answers to my questions above, as i think i can spot a configuration issue if my assumptions are correct.

Regards Dave

Thanks Dave for long long explanations!!!

Here's my answer in RED:

Hi Lian,

You said the SG200 is a layer 2 router, it's a layer two switch. But this brings up a point which is,  Tom anf myself may be slightly misinterpreting your post.

So I am going to ask a couple of questions  to better understand the setup.

Does the ONT really transmit out  TAGGED VLAN frames  to my switch or does it only transmit to my switch untagged Ethernet frames. 

1.    A way to test this , is can your PC plug into the ONT and get internet connectivity ?

[lwloo]Yes, it transmit TAGGED VLAN, 10 for internet, 20 for TV, 30 for Phone. By connecting laptop without setting NIC virtual interface you will not get the internet ip address.

2.    I'm guessing the ONT is just a Internet connection from SINGTEL for Internet connectivity, am I correct ?

[lwloo]Yes, ONT is the Optical network terminal for Singtel Fiber internet connection.

You show in your orginal post the following vlan configuration ;

1) SG200-18 configuration

- VLAN 10 and 20

- VLAN 10: Port 1 tagged, Port 14 untagged

- VLAN 20: Port 1 tagged, Port 13 untagged

- Port 1: 1UP, 10T, 20T Admit tagged PVID 1

3.    Is the diagram further up this post  correct or should VLAN1 be really  VLAN10 ?

[lwloo]Sorry, my mistake on that diagram. LAN1 refer to port 1. The actual diagram:

If the ONT presents you with just a copper  ethernet connection of untagged frames, i think the configuration of GE1 on the switch is wildly  incorrect.

4.    Why do you have unagged vlan 1 on port GE1 ?

[lwloo]If I remove vlan 1 from GE1, it be become internal vlan with 4095P added automatically.

   5    Why do you have tagged VLAN 20 on the GE1 (connection to ONT)  What is the purpose of VLAN20 ?

[lwloo]VLAN 10 for internet, VLAN 20 for TV, VLAN 30 for Phone, VLAN 40 for Management.

VLAN mode on GE1 is real suspect, in fact I cannot understand why you are using general mode on your switch ports. .

[lwloo]Without choosing general I will not be able to choose “Admit Tagged Frame”; if I choose trunk, all option will be grayed out.

VLAN interface General mode can be disruptive, as you have seen from your results, have a look at the description from the built in admin guide by pressing the help icon in the top right hand corner of your screen.

here is a acopy of the help text from my SG300 series switch.

Interface VLAN Mode—Select the interface mode for the VLAN. The options are:

•    General—The interface can support all functions as defined in the IEEE 802.1q specification. The interface can be a tagged or untagged member of one or more VLANs.

•    Access—The interface is an untagged member of a single VLAN. A port configured in this mode is known as an access port.

•    Trunk—The interface is an untagged member of one VLAN at most, and is a tagged member of zero or more VLANs. A port configured in this mode is known as a trunk port.

Arghhh  that always raises a warning sign.  General mode allows a untagged switch port to be members of many VLANs..wow... useful if you are using radius to allocate a VLAN to a 802.1x PC client, but it seems dangerous in your application.

Why is GE1 of the switch in General mode, why not leave all ports  in the default trunk mode    it's safer

[lwloo]I will try later.

(note: trunk mode allows for one untagged VLAN by many tagged VLANs )

If the ONT transits untagged frames to the switch and is just a Internet connection.the try the following steps to get the Internet to the wan port of the RV042G.

[lwloo]No, if ONT transits untagged frames then life will be much more easier. 

step 1.  OK leave the ingress port GE1 in trunk mode, in fact all ports to trunk mode.

step 2.  Add vlan10  as untagged member of  GE1. (you may have to exclude VLAN1)

Step 3.  Make switch port GE14 a untagged member of VLAN10  ( you may have  to exclude VLAN1 from GE14.)

If the ONT is transmitting multiple tagged VLANS into your network the above three steps wont work.

So lets see some answers to my questions above, as i think i can spot a configuration issue if my assumptions are correct.

Regards Dave

Also i think RV042G is on one switch (Both WAN and LAN), thats why causing the issue SG200 sees RV-WAN&LAN as one switch with mulltiple looping.

I changed GE1 to TRUNK and GE13/14 to ACCESS, it's still showing "Discarding" in Spanning Tree. I disabled "STP" for GE1/13/14, everything works...