I have a Linksys SRW2024 Gigabit switch with Webview. I need to configure two VLANs on it with one port having access to both VLANs. For example, the default VLAN will have all ports except port 3 and the second VLAN with ports 3, 4, 5 & 6. Could you please let me know how to do this?
I don't know. It is a server. It needs to be accessible in both VLANs.
First VLAN will allow it access to others, in second VLAN it will serve a
number of thin client machines. In the example quoted, I found that port 3
is not communicating with ports 4,5 & 6. I tried configuring Port 3 as
"General" also rather than in "Trunk" mode.
A new message was posted in the thread "SRW2024 gigabit switch VLAN
Author : Gerald Vogt
Profile : https://www.myciscocommunity.com/people/gerald_vogt
You cannot simply configure a port into trunk or general mode and add some VLANs to it. A port configured in trunk or general mode must be connected to a device with a matching configuration.
You better find out whether you server supports 802.1Q or not. If it does, you can configure the server to be member of two VLANs (multi-homed). That's the easy solution.
If the server does not support 802.1Q then you'll need a VLAN router or layer 3 switch to provide connectivity between your VLANs. Without VLAN routing you won't get traffic passed. The SRW alone can't do that.
Of course, if you have to connect both VLANs to a router anyway (e.g. because both VLANs need internet) you'll need a VLAN router anyway...
Thank you very much for the information. However, I have some more
questions. Earlier I had a Netgear switch which will allow me to define
VLAN with any combination of membership of ports. So I assumed that this
will also support it.
I don't know how to make the server support 802.1Q. With SRW2024, is there
no easy way to make the server part of multiple VLANs ? Even by turning
off 802.1Q ?
A port can be member of any combination of VLANs. Still the switch must know to which VLAN a frame belongs to. For this it needs 802.1Q. That's common for managed layer 2 switches. I can't tell what your Netgear switch did.
802.1q configuration is done in the device driver of the network card in the server or maybe using additional software (e.g. Intel PROSet or Broadcom BACS or similar).
Again: you can make the server member of multiple VLANs if the server supports 802.1q.
"Turning off 802.1q" is not an option. You could configure the server port into general mode and make it untagged member of both your VLANs. However, you still have to define a PVID for this port, i.e. the VLAN to which the switch will assign all untagged frames received from the server. As everything is untagged all traffic from the server to the switch will belong to the PVID VLAN. Thus the server cannot send anything into the other (non-PVID) untagged VLAN.
You have to configure the PVID. Otherwise, the switch cannot decide to which VLAN an untagged frame belongs to. The switch cannot replicate the traffic to two or more VLANs that could break communication protocols.
Thank you very much again for your detailed reply.
In the last paragraph, by using a PVID, can I simulate adding the server
to two VLANs, even if the server does not support 802.1Q ? The ports which
are in "Access mode" are members of the default VLAN, right? So I need to
assign a PVID only on the second VLAN, assign the same PVID for all member
ports of the second VLAN, make all ports in the second VLAN in "General"
If the server is aware of 802.1Q, devices connected to all ports in the
second VLAN should also understand 802.1Q right?
Does any manual of SRW2024 explain these things?
No. You cannot "simulate" putting the server into 2 VLANs. Without using 802.1q the server can only send to one VLAN which is the PVID VLAN. It receives traffic from two VLANs but can only send to one.
A port in access mode can be member of any VLAN. An access mode port is member of a single VLAN. All traffic received and send on that port is untagged and belongs to that VLAN. As only untagged frames are used you can connect any standard ethernet network device to that port. But it will always only be member of a single VLAN.
If your server can do 802.1q the server can be put directly into two VLANs. The server port would be configured in trunk mode, with the default VLAN untagged and the second VLAN tagged. You have to configure the network card on the server the same way: default VLAN untagged, second VLAN tagged.
All other ports would be configured in access mode. For each port you would define to which VLAN that port belongs to.
With this kind of setup your server would be connected to both VLANs while all other devices are connected to only one VLAN.
If the server does not support 802.1q you need another network device. Any non 802.1q device connected to the switch can only be full member of a single VLAN. All ports which connect to a non-802.1q device should be configured in access mode. Using trunk mode or general mode on a non-802.1q will only generate confusion because the non-802.1q can only send traffic to one VLAN which is the defined PVID VLAN.
Thank you for all answers.
If my server supports 802.1q, it can be added to both VLANs. Similarly,
all devices to be added to second VLAN should support 802.1q ? I have
another switches uplink to be connected to the second VLAN alone which may
not support 802.1q. That is why the question.
Do the manuals of SRW2024 explain these details?
No. As I wrote before:
1. The server should support 802.1q.
2. All other computers which are only supposed to be in exactly one VLAN don't have to support 802.1q.
3. You can connect an unmanaged switch to the SRW to extend exactly one VLAN.
If a switch port must be in two or more VLANs the device connected to that port must do 802.1q.
If a switch port only needs to be in exactly one VLAN it does not need to support 802.1q.
I don't think the manual explains the basics of 802.1Q/VLANs.
Thank you very much again for your replies. Can you please help me one
I could find a way to enable IEEE 802.1Q support on the network card both
in Linux and Solaris. The default VLAN ID in SRW2024 is 1. For my
solution, I will create new VLAN with ID 2, I will connect the uplink from
another switch to port 3 on SRW2024. Assign port 3 to VLAN ID 2. Should I
make port 3 "General" or "Trunk" ?
Should I make it tagged or untagged ?
I will connect my server on port 4, make it "Trunk" and add it to VLAN IDs
1 & 2. Will it work like port 3 available only in VLAN 2 and port 4
available in VLAN ID 1 & 2 ?
O.K. Again some basic VLAN rules:
1. Ports connecting to non-VLAN/non-802.1q devices (i.e. standard computers, desktops, printers, etc.) are configured in access mode. Access mode means that the port is member of exactly one VLAN.
2. Ports connecting to 802.1q devices should be trunk mode and member of all VLANs required.
3. Do not use general mode whenever possible. In general, general mode is not necessary.
Thus, you create one additional VLAN on your switch. The VLAN 1 exists by default. Create another VLAN 2.
Then decide which of your devices should be in VLAN 1 and which should be in VLAN 2 and on which ports you will connect it.
1. By default all switch ports are in access mode and member of VLAN 1. Thus, all desktops which have to be VLAN 1 can be connected directly into a port in access mode for VLAN 1.
2. On ports which connect to computers which have to be in VLAN 2 you use access mode with VLAN 2, i.e. from default configuration you have to change the membership of that port from VLAN 1 to VLAN 2 (1U to 2U).
3. If you connect an unmanaged switch to the SRW the connecting port should be also in access mode in either VLAN 1 or VLAN 2. All devices connected to the unmanged switch will then belong to the VLAN configured on the SRW.
4. For the port which connects to the server you configure trunk mode. The default VLAN 1 is untagged member by default. You have to add VLAN 2 tagged to that port. The final configuration of the port connecting to the server will be trunk mode, VLAN 1 untagged, VLAN 2 tagged (in short 1U and 2T).
5. You have to configure the network card in the same way: you create an additional VLAN 2 on the network card. You define VLAN 2 to be tagged. You define VLAN 1 to be untagged.
This means traffic on the link between the switch and the server, all traffic of VLAN 1 will travel untagged while all traffic for VLAN 2 will go tagged. This way both ends are able to identify for each frame received to which VLAN the frame belongs to and can maintain the separation of VLANs.
6. On the server you have to configure the virtual interface for VLAN 2, i.e. you have to configure an IP address, subnet mask, etc. for the IP subnet in VLAN 2.
Thank you very much for the information. I configured IEEE 802.1Q on the
Linux server, configured the ports on SRW2024 according to what you have
instructed and it is working fine. Now I have to do the same thing on a
Solaris server and test. I am very hopeful that it will also work. Thanks