Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Armin]

Hi,

not sure, if that could work . . .

I would like to create several VLANs for different purposes, like data, media, voip, raspberry aso. Every device should be able to talk to the dsl-router on eth0. All devices  in one VLAN can talk to each other in the same VLAN. Everything ok so far.

Now the additional request. Some of my media devices should additionally be able to talk to some data devices, like a special PC or laptop. Some of the RPIs as well. And, some of the RPIs to data and media. At the moment no device uses tagged data.

Is this setup possible? And if, how?

Could I use trunk ports with untagged data and ingress checking disabled? Most of the connected devices are not VLAN aware. But I do not know . . .

Sorry to say, but the manual is not very helpful. And the WEBGUI could also be improved. My know how as well, I know.

Anyway, any help appreciated.
 
Thanks,

Armin

[FurryNutz]

We don't get a lot of posts or views for switches. This post seems to be a specific kind of configuration. I don't have experience with this switch or much on VLANs.

I recommend that you phone contact your regional D-Link support office and ask for help and information regarding this. We find that phone contact has better immediate results over using email.

[PacketTracer]

You explicitely use VLANs in order to subdivide a layer 2 domain into disjoint (= there is no "overlapping") smaller domains. Hence, at least at network layer 2 (that is at Ethernet level) two devices belonging to different VLANs cannot communicate to each other.

The only way to allow controlled communication between selected devices within different VLANs is at layer 3 (that is at IP level), where your router, which is connected to any VLAN, could provide IP routing between those VLANs (depending on your DSL router's capabilities). To allow routing only between selected devices inside your VLANs, your router must additionally provide firewall functionality (e.g. iptables, if it is a Linux box), so that you can define a ruleset that fits your internal inter-vlan communication needs.

If your router provides (or if you want to use) only one physical interface (eth0) vor LAN connectivity to all VLANs, your router must be capable to define subinterfaces (one per VLAN) that share this physical interface. The switch port you want to use to connect to the router must be configured as a VLAN trunk port.

[FurryNutz]

Thank you for posting information PT. 

[Armin]

Hi,

thank you for your information. I know that an OSI Layer 2 switch can only handle Ethernet or better said is only aware of MAC addresses. And VLANs are more or less broadcast domains. I understand now that the DGS 1100 cannot provide me with the intended functionality.

However, I read that CISCO switches support the concept of a Multi-VLAN-Port. So the concept could work. I do really not have the deep understanding of "switching" but lets assume that the switch would maintain (beside the FDB) a database of VLANs and associated MAC addresses and port numbers. Then, in case of a broadcast, the switch could lookup the database and send the packets to all VLAN-MAC related ports. We could maybe even think of virtual bridge VLANs. But all this nice models will fail instantly, because all connected devices need to talk to the dsl-router and hence would have in their database an identical VLAN number and so always be able to talk to all. More sophisticated approaches would be necessary. For example, somehow a "directional"-aware switching. If a device on ethX, member of VLAN Y would sent something to VLAN 1 (with the router connected to that), then only the router should receive the package but not the other members of VLAN 1. In the case that the dsl-router would send a package into the switch then all VLAN1 port members should receive that package. But I understand that such functionality is not implemented.

The result of this thoughts is that for my configuration (Every device connected to the DSL router) the DGS 1100 series smart switches VLAN capability is useless. The only way for a meaningfull setup would be to have a Layer 3 switch or a VLAN aware router (with a trunk port) as upstream device. Or the usage of a DGS 1100 as a subswitch.

What a pity. But anyway. Thank you for your answer.

Best regards

Armin 

[PacketTracer]

Hi again,

from what you say I cannot really figure out what you mean. Searching for "Cisco Multi-VLAN-Port" via Google, I cannot find any special about that term, which is more than a standard "VLAN trunk port", something that you can also configure at DGS 1100-16 by assigning more than one "tagged" VLAN to a switchport.

Some of your statements remind me of "private VLANs" (PVLAN) (for theory behind that look here or even better but harder to read: this source of wisdom), which I think might support your needs at the Ethernet level (as far as I understand from your original post). Unfortunately PVLAN is not supported by DGS 1100. At Cisco, you'll get this feature starting with the Catalyst 2960-X series provided with the "IP Lite" IOS Software image, look here.

PT

[WillieC]

He's talking about what D-Link calls an asymmetric VLAN.  The 1210 series will do it but not the 1100.

[PacketTracer]

Hi,

I read a bit about the idea behind what D-Link calls "asymmetric VLAN" (so far I only knew the term but unfortunately didn't care about its meaning). Now, that I have an understanding it turns out that this D-Link proprietary technique is very similar to what is better known as PVLAN elsewhere. Seems like PVLAN's "primary" VLAN corresponds to the "shared" VLAN, and PVLAN's secondary "community-" VLANs correspond to any "non-shared" VLAN. The VLAN pairings per port decide which communication is allowed.

PT