This topic is to discuss the following lesson:
https://networklessons.com/switching/cisco-small-business-switch-vlan-configuration/
Rene
I need a help on something… if in one port i want to connect 2 host. An Avaya Phone and a Computer, this is bc the avaya phones have an additional port to the desktop so the port will receive 2 mac addresses that will require 2 different vlans… do i need to configure trunk? Can you explain that as well?
Thankyou for the great guide you have provided. It helped me a lot to configure VLANs as i wanted. Tried out other guides ,didnt help . Yours was bang on target. Thank you !
Hi Esteban,
Technically you need a trunk if the phone supports VLANs. On the Cisco Catalyst switches we don’t configure a trunk but we use the voice VLAN…behind the scenes it is using 802.1Q trunking to seperate the two VLANs.
I’m not 100% sure if the SMB series switches support a voice VLAN but if so, look into that first. Otherwise you might be able to create a trunk yourself…
Rene
'Hi René, big thank you for this tutorial.
It helped me started with the process which is great, but even though i followed it step by step, i got stuck at the ‘Port Vlan membership setting’.Actually, when i try to join my created vlan, there is only a blank window under the ‘select vlan’ part i cant see any of the vlan i created earlier in the process.
After redoing each step again, I thought that i missed something aside of your explanations, and wondered if maybe i shouldnt swith the system Mode to L3 and get further options activated first, like an IPV4 interface.
But at this step, each time i create a new IPV4 interface, the connection stay blocked and i need to restart the unit to make it work again.
Am i really missing from the beginning? Also, am i supposed to switch to L3 mode first to create a Vlan routing?
Thank you for your precious help!
Greg’
Hi Greg,
When you check the VLAN overview, do you see the VLANs that you created? Also in the port VLAN membership screen, do your interfaces show up as “access mode” ?
The switch that I used doesn’t support L3, only L2 so the only thing I could do was create VLANs and assign interfaces to those VLANs.
L3 mode is only required when you want routing between your VLANs. When this is the case, you will have to configure an IP address for each VLAN (which the hosts will use as default gateway). This is not something that should prevent you from assigning interfaces to VLANs though.
Rene
Hi René,
Thank you for rhe explanations on L2/L3 modes.
To answer to your questions more precisely:
1- ‘When you check the VLAN overview, do you see the VLANs that you created?’
-> By ‘VLAN overview’, i think your mean the ‘Create vlan’ menu.When i click on it, i do have access to the Vlans i have set up before (i have created 3 VLANs on top of the default one, as you did).
2- 'Also in the port VLAN membership screen, do your interfaces show up as “access mode” ?
->On that screen, i have GE1 set on ‘General’, GE2 to GE4 set on ‘Access’.
Should i set anything under the ‘port to Vlan’ menu too?
Greg
Hi Greg,
Yes I mean the “create VLAN” screen. If there VLANs are there then they are available so that’s good.
In the port VLAN membership screen, GE2 or GE4 also can’t select a VLAN?
I used a SG 300-10MP so maybe your configuration is slightly different. You can try if the Port to VLAN screen works…see if you can select GE2 or GE4 with the VLAN you want and set it to “untagged”.
Rene
Hi René,
Actually we both use same system. (SG300-10MP)
- In the port Vlan membership, i have for:
-GE1: Mode=general/Administrative Vlans= 1UP, 2UP, 3UP,4UP
-GE2/GE3/GE4: Mode=Access/Administrative Vlans=2UP
If i click on GE2 for ex., then ‘Join Vlan’, i get the new popul window, where i should be able to select Vlans from the list, but this list is blank.
- under Port to Vlan menu, i selected Vlan=2 with interface type=Port,
Which allows me to set all GE’s to ‘Untagged’.
Weird that the ‘join vlan’ menu shows a blank list, isnt it?
Thanks
Greg
Hi Greg,
That is really strange, the pop-up should show all the VLANs.
I don’t have this switch with me anymore or I would have tested it for you.
You can also telnet to it and see if you can do it using the CLI, I don’t have an example for that but it shouldn’t be too difficult.
Rene
Hi René,
Thank you for giving new tracks.Will do that as soon as i’m back to my computer, in just a few days actually
Best
Greg
Hi Rene,
This post has really helped me, very easy to follow so thanks much. I wanted to know how can I go about assigning DHCP or static addresses to the VLANs I’ve create.
As per your instructions I have two switches and I’ve created 2 VLANs on each of them. Thing is I need to have IP address assigned to each VLAN and I am not aware of how I can do this. Would love some insight.
Hi Katy,
You are welcome. I don’t have this switch here anymore so I can’t give you the exact steps.
If you want DHCP server then you’ll have to configure an IP address on each VLAN interface. You could do something like this:
VLAN 10: 192.168.10.254
VLAN 20: 192.168.20.254
VLAN 30: 192.168.30.254
Your clients in each VLAN will have to use the IP address of the switch in their VLAN as the default gateway.
After assigning an IP address to each VLAN you should be able to enable DHCP server per VLAN.
Rene
Hi Rene-
Thank you so much for the excellent tutorial- Very helpful! I’m late to the party, but I’m hoping you can answer a questions for me… I have a vlan aware wireless access point that can do multiple SSID’s on their own vlan tags. My question is how would I set the “Interface VLAN Mode”? Would I use trunk to send multiple tags into one port? I’m basically trying to do a “private” and “guest” networks. Thanks in advance for any suggestions.
Regards,
Chris
Hi Chris,
Welcome to the party 
If you have an autonomous access point (lightweight APs use a WLC) then you need to create a trunk between the switch and the AP.
The trunk allows the AP to have access to multiple VLANs and each SSID will use a different VLAN.
Rene
Thanks Rene- I really appreciate the prompt reply!!
Question #2… If my client doesn’t have a firewall capable of doling out different subnet addresses via DHCP, will the VLAN tag be sufficient to keep traffic separated on the same trunk?
Thanks again Rene!
PS… I think the firewall/router is an RV042G.
The VLAN tag will separate all traffic on the trunk, no problem there
I think the RV042G only supports DHCP server for one subnet, not for a second one. Also, I think it doesn’t support trunking…you’ll have to assign a “VLAN” to different physical ports on it.
Hi Rene,
I have SG300-10 and I’ve been following the tutorial and up to some point works well. my configuration is this:
- Switch is L3 already.
- Each interface has its own pool of IP Addresses.
VLAN 1 - From ZyWall to GE9 (Admin VLAN)
VLAN 2 - Main on GE1 - 192.168.20.0 Gateway: 192.168.20.1
VLAN 4 - Entertainment on GE8 - 192.168.4.0 Gateway: 192.168.4.1
VLAN 5 - Wireless on GE7 - 192.168.15.0 Gateway: 192.168.15.1
VLAN 3 - Servers on GE2 - 192.168.25.0 Gateway: 192.168.25.1
All VLANs have Internet Access, but none of them can talk to each other.
I need:
- Main and Servers talk to each other.
- Entertainment and Wireless each isolated from any other vlan
So, as per your explanation, just by setting the VLANs as the tutorial says they should be able to talk among them (at least Main and Servers) but none of them are able to talk to each other. Since they can’t talk to each other, “Entertainment” and “Wireless” are working fine.
What else am I missing? I cannot add routes to the SG300 because it says that I cannot use any interface on the device as gateway.