×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

VLAN Configuration, Set-up and understanding.

VLAN Configuration, Set-up and understanding.

VLAN Configuration, Set-up and understanding.

(OP)
Looking for some input/suggestions for project.
Two companies will be sharing a single Internet connection and two (2) 24-port dell 2824 switches. The computers from each Company (data, no voice) will connect to each switch, both switches will connect together via copper cat6 and share internet connection.

The following site layout/configuration.
Two companies will share office space and will have only data (computer traffic) running on the switches. No VOIP Phones, yet. Maybe in the future however, it is not important now.
Suite 100 is on West end of building and will have tenants from both companies A and B connected to it.
Suite 200 is on East end of building and will have tenants from both companies A and B connected to it. Switches connected via copper cat6.
A single Internet connection will exist in West end of Building and connect to the switch located in Suite 100.
I am able to setup the vlans in each of the dell switches. VLAN 1 for Company A and VLAN 2 for Company B.
My questions are as follows:
1) VLAN 1 is the default VLAN. Can ports be moved from VLAN 1?
2) Can I setup ports 1-8 to be vlan 1, ports 9-14 to be vlan 2?
3) What does tagged and untag represent?
4) What is PVID and why is it needed?
5) Can these vlans be restricted and unestriced at same time? In other words, vlans 1 & 2 share printers only and no other network shares, etc. are seen by each computer on each seperate vlan.
6) Are there any changes to be made in the clients computers/server?

I have listed below the printout of the switch programming.

    VLAN PORT SETTINGS:
     Interface PVID     Frame Type  Ingress Filtering                              
    Port 1     1     Admit All     Enable     
    Port 2     1     Admit All     Enable     
    Port 3     1     Admit All     Enable     
    Port 4     1     Admit All     Enable     
    Port 5     1     Admit All     Enable     
    Port 6     1     Admit All     Enable     
    Port 7     1     Admit All     Enable     
    Port 8     1     Admit All     Enable     
    Port 9     1     Admit All     Enable     
    Port 10 1     Admit All     Enable     
    Port 11 1     Admit All     Enable     
    Port 12 1     Admit All     Enable     
    Port 13 1     Admit All     Enable     
    Port 14 1     Admit All     Enable     
    Port 15 1     Admit All     Enable     
    Port 16 1     Admit All     Enable     
    Port 17 1     Admit All     Enable     
    Port 18 1     Admit All     Enable     
    Port 19 1     Admit All     Enable     
    Port 20 1     Admit All     Enable     
    Port 21 1     Admit All     Enable     
    Port 22 1     Admit All     Enable     
    Port 23 1     Admit All     Enable     
    Port 24 1     Admit All     Enable       
    Lag 1     1     Admit All     Enable     
    Lag 2     1     Admit All     Enable     
    Lag 3     1     Admit All     Enable     
    Lag 4     1     Admit All     Enable     
    Lag 5     1     Admit All     Enable     
    Lag 6     1     Admit All     Enable     


        VLAN MEMBERSHIP:
     Interface                                    
    Port 1    U = untagged  (Only options are untagged/tagged)
    Port 2    U
    Port 3    U
    Port 4    U
    Port 5    U
    Port 6    U
    Port 7    U
    Port 8    U
    Port 9    U
    Port 10    U
    Port 11    U
    Port 12    U
    Port 13    U
    Port 14    U
    Port 15    U
    Port 16    U
    Port 17    U
    Port 18    U
    Port 19    U
    Port 20    U
    Port 21    U
    Port 22    U
    Port 23    U
    Port 24    U

Any insight is appreciated.

RE: VLAN Configuration, Set-up and understanding.

"My questions are as follows:
1) VLAN 1 is the default VLAN. Can ports be moved from VLAN 1?"
Yes this is what untagging ports do. All ports are by default untagged in VLAN 1. If you create another VLAN, say VLAN 2, then you can choose which ports to untagged for that VLAN.

"2) Can I setup ports 1-8 to be vlan 1, ports 9-14 to be vlan 2?"
Yes, this is normally how it's done. Also, VLANs operate at layer 2 which means they are logically separate from each other and until you introduce a layer 3 device to route between those VLANs, they will not talk to each other. A lot of switches today offer layer 3 functionaly which you can turn on by issuing a "ip routing" command at the switch which will then cause all VLANs to talk to each other (also called inter-vlan routing)
 
"3) What does tagged and untag represent?"
Tagged ports are those that you want to pass (in Cisco world it's known as a trunked port) VLANs down to other switches or devices that understand VLAN tags. So for example, if you had two switches that you wanted to to know about VLAN 1 and VLAN 2, then of course by default, they already know about VLAN 1. You will create VLAN 2 on both switches and the port that you connect both switches to each other by, you will have a statement under the VLAN 2 interface "tagged 24" (assuming your using port 24 as your uplink port to the other switch).
Untagged, again, are the ports yout specify under that VLAN interface that you want in that VLAN. So for example... under VLAN 1 you might untagged 1-10 and under VLAN 2 you might untagged
11-23.

"4) What is PVID and why is it needed?"
PVID just means Port VLAN ID. See link for discussion on this.
http://www.tek-tips.com/viewthread.cfm?qid=959402&page=72

"5) Can these vlans be restricted and unestriced at same time? In other words, vlans 1 & 2 share printers only and no other network shares, etc. are seen by each computer on each seperate vlan."
For VLANs to even talk to each other, there needs to be some layer 3 device that can route between them. See answer 2 for more info. If inter-vlan routing is turned on then there are no restrictions of them communicating with each other. If you need to restrict certain aspects of communication between the VLANs, you will need to implement what's call ACLs (Access Control Lists). I would suggest you google ACL examples as that can be a long discussion all on it's own as ACLs can permit or deny on several variables including tcp and udp ports, icmp, host ip address, ip address ranges, protocols, etc...

"6) Are there any changes to be made in the clients computers/server?"
Just depends on what port (and corresponding VLAN) on the switch you connect them to. Each VLAN will be on it's own subnet (ie... VLAN 1 might be on the 192.168.1.0/24 subnet while VLAN 2 might be on the 192.168.2.0/24 subnet). If you only have one DHCP server handing out addresses for both subnets, then you will have to have a command under the other VLAN interface called ip helper-address "the ip address of your DHCP server" (no, the ip address would not be in quotes, I just use those to show a general remark instead of an actual command).
So if the DHCP is on VLAN 1, then under VLAN 2 interface, you'll have to have the ip address-helper statement.

Hope that helps.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close