D-Link Forums

D-Link Enterprise => DGS-1100-Series => Topic started by: c.monty on April 28, 2018, 04:15:47 AM

Title: DGS-1100-16: Howto configure 802.1Q VLAN
Post by: c.monty on April 28, 2018, 04:15:47 AM

Hi,
I have connected the following devices to my switch DGS-1100-16:
Port 1: Router Fritz!Box with network 192.168.1.0/24
Port 2: Router VyOS with VLAN 100 (192.168.100.0/24) and VLAN 1000 (10.0.0.0/24)
Port 3: Router VyOS with network 192.168.0.0/29 for management

This hardware requires 802.1Q VLAN because the VyOS router has not sufficient ports for Port-based VLAN.

When I open WebUI of the switch to configure 802.1Q VLAN (L2 Features - VLAN - 802.1Q VLAN) I can only maintain the different VLAN IDs + VLAN Name.
I have created a screenshot that documents this UI:
(http://up.picr.de/32525448cr.jpg)

I've upgraded the original FW to 1.01.B035, but this is not solving the issue.
(http://up.picr.de/32525450bi.jpg)

What is the correct procedure for configuring 802.1Q VLAN?

THX

Title: Re: DGS-1100-16: Howto configure 802.1Q VLAN
Post by: Gattsu on April 30, 2018, 09:03:31 AM

After you have created the VLAN database now you need to bind them to the ports. Navigate to page "VLAN Interfaces" and select each port and set it to either access or trunk modes. For example, Port 2 will need to be set to trunk mode since it will be passing VLANs 1000 and 100.


The management VLAN is set to VLAN 1 by default but you can modify this under " L2 Features > VLAN > Management VLAN".

Title: Re: DGS-1100-16: Howto configure 802.1Q VLAN
Post by: c.monty on April 14, 2019, 04:13:20 AM

Hi,

can you please advice how to configure MGMT on port 3?
Which VLAN Mode must be defined? Hybrid, Trunk, Access?

This port 1 is connected to dedicated MGMT interface of router with a dedicated network 192.168.0.0/28.
I want to ensure that only physically connected clients can access the MGMT network.
The relevant firewall rules are defined in router.

Next I must configure port 5 that is connected to server that has single interface with this config:
no VLAN - 192.168.1.0/24
VLAN 100 - 192.168.100.0/24
VLAN 1000 - 10.0.0.0/24
Which VLAN Mode must be defined for port5? Hybrid, Trunk, Access?

THX

Title: Re: DGS-1100-16: Howto configure 802.1Q VLAN
Post by: PacketTracer on April 16, 2019, 02:56:38 PM

Hi,

Port 1 (eth1):
-----------------
VLAN Mode:          Access
Acceptable Frame:   Untagged Only
Ingress Checking:   Enabled
VID(1-1094):        1

Port 2 (eth2) (Comment 1):
----------------------------------
VLAN Mode:          Trunk
Acceptable Frame:   Tagged Only
Ingress Checking:   Enabled
Action:             Tagged
Allowed VLAN Range: 100,1000

Port 3 (eth3) (Comment 2):
----------------------------------
VLAN Mode:          Access
Acceptable Frame:   Untagged Only
Ingress Checking:   Enabled
VID(1-1094):        10

Port 5 (eth5):
------------------
VLAN Mode:          Hybrid
Acceptable Frame:   Admit All
Ingress Checking:   Enabled
VID(1-4094):        1
Action:             Tagged
Allowed VLAN Range: 1,100,1000

Comment 1:
Make sure that you configure the connected VyOS port to use two sub-interfaces which send and receive ethernet frames tagged with VID 100 and 1000 respectively.

Comment 2:
Make sure that you configure the connected VyOS port to send and receive untagged ethernet frames only - that is use the "main"-interface without any sub-interfaces.

For Port 3 (eth 3) you could configure alternatively:
-----------------------------------------------------------------
VLAN Mode:          Trunk
Acceptable Frame:   Tagged Only
Ingress Checking:   Enabled
Action:             Tagged
Allowed VLAN Range: 10

In this case you have to make sure that the connected VyOS port sends and receives ethernet frames tagged with VID 10 - that is form a sub-interface for VLAN 10.


How to change Switch-Management address and VLAN?
----------------------------------------------------------------------
I hope this recipe will work:

• For fallback purposes: Configure at least one switch port (e.g. eth16) as an access port for VLAN 10 (analogous to my first proposal for port 3 as shown above).
• Start switch administration from a PC residing at VLAN 1 (network 192.168.1.0/24)
• Change the management IP address of the switch to an address belonging to 192.168.0.0/29 (or was it /28?) = VLAN 10. Set the gateway to the VyOS IP address it has within VLAN 10.
• After having done so you will probably lose the connection to the switch. Hence, renumber the IP address of the PC to another address belonging to 192.168.0.0/29 and reconnect to the switch (note: Switch and PC now use addresses defined for VLAN 10, but they still belong to VLAN 1!)
• Change the management VLAN of the switch from VLAN 1 (default) to VLAN 10. Now the switch management address belongs to the correct VLAN you planned to be used for Management.
• After having done so you will probably lose the connection to the switch again. But configuration is over now and you can renumber the PC to its former address belonging to VLAN 1.

The switch is now reachable/manageable only via IP routing (VyOS) or via devices directly connected to VLAN 10 (e.g. physical devices connected to switch ports configured as access ports for VID 10 - for example port 16 from step 1).

PT