Having read how VTP pruning works and how much this mechanism can increase bandwidth availability I am tempted to VLAN our departments and roll out a VTP domain. At the moment we operate a flat network with 150 devices.

I am considering upgrading to a 10GB switch but i am unclear how much benefit I will get since my router has 1GB ports. I want to get 10 GB ports on my NAS and several ESXi servers. What i am unclear about is if my NAS is on a 10GB access port and i have esxi servers with trunk ports will the traffic coming from the trunk port need to be routed. here are a few examples all assuming the NAS and ESXI servers are on same switch..

nas on access port, vlan 20 -- vm on esxi server trunk port also on vlan 20 ; does this go to router?

nas on access port, vlan 20 -- esxi server iscsi traffic throug trunk port on vlan 20; does this go to router?

nas on access port, vlan 20 -- vm on esxi server trunk port on vlan 30 ; does this go to router?

My network currently looks like this , with every Vlan/network having a dedicated physical interface on the router.

I am currently debating whether to just have one link between the switch and the router and have all the Vlans trunked together.

I threw together two illustrations of what i mean:

Current network

Trunked Network

What are the pros/cons of this? What would be best practice?

I spent the last couple of days setting up a wireless VLAN trunk between two OpenWrt devices.

I wrote a post about it, perhaps someone might find it useful: https://badgateway.qc.to/vlans-and-wifi/

Hi all, first of all, thanks for your help. Here's my issue:

• I have a Hyper-V Virtual Machine with 5 NICs.

• I need NIC1 to be a trunk port so it can accept mirrored traffic from my switch. I do this with other VMs, but they never need to recognize VLANs so it's never a problem.

• I basically need to run this command:

  Set-VMNetworkAdapterVlan -VMName VIRTUALMACHINENAME -VMNetworkAdapterName "mirror" -trunk -allowedvlanidlist <VLAN-ID-Range> -nativevlanid <VLAN-ID-Range>

• However, my NICs are not named. If I run a "Get-VMNetworkAdapter -VMName <nameofmyVM> every single NIC is named "Network Adapter."

• How can I rename the NIC I want to use so I can successfully run this command? Rename-VMNetworkAdapter requires me to enter the -VMNetworkAdapter name in the first place, but again, they are all named "Network Adapter" currently.

Anyone have any idea how this is supposed to work? Thanks!

Edit: Solved by /u/Der_tolle_Emil below! Thanks /u/Der_tolle_Emil !

Hey,

In order to replace my isp router i need to be able to "trunk" vlans 101, 102 and 105 on the WAN port. As far as i was able to read, that is not possible with the UDM-Pro (which i already have). Is there any way I can make it work ?

Edit: I also have a US-16-150W Gen1 which will soon be replaced by Gen2. Would it be possible to connect ISP ONT - Switch (trunk ports there) - to dream machine which manages everything - back to the switch via spf+ ?

Thanks for the advice.

Hi All,

Please bare with me as I only have just over a year experience in general tech support, not specialized in networking!

I've been tasked with doing mostly a physical data server/host which is going well so far, the migration includes a windows DC/DHCP server.

Where and what I'm struggling with is on the networking side of things with the Cisco switches and routers. It's a simple set up with 2 routers (1 for redundancy) and 2 switches being used.

-We have a Mitel System giving DHCP for the phones -Windows DC giving DHCP for the half-dozen computers, 2 printers & 15 Cisco AP's. -Cisco Wireless Controller with a static IP on the same subnet as the computers

From the Cisco Router we have 3 Vlans: -Guest Wifi -private Wifi -Data/Voice

I've created a DHCP pool "Data" on the cisco router for the same IP/subnet that the computers are using from the DC that we may use, It's not committed yet. All the ports on the switches are assigned as a "trunk" VLan and I'm confused in how I would assign devices to my DHCP pool Data.

From googling what trunking is, it allows multiple VLans to communicate with each other, will i have to give static IP's to the devices to assign them to the Data DHCP pool?

This is a environment we inherited and didn't set up, also nobody really knows Cisco.. I thought the ports would be assigned different VLan's and onwards from those ports devices would get a dynamic IP? How does the trunking interaction work with multiple Vlans?

I'm new to Proxmox and have recently deployed it on a lab i5 NUC to test functionality. As most of you are aware NUCs have a single Ethernet port so I'm looking to set up a dot1q trunk to it from my Juniper switch, I'm just not sure how I configure that without knocking out access to the node.

Reading the official documentation for trunking (here) suggests that "guests" (assuming this means VMs/containers) virtual NICs can be set to receive frames matching a tag during creation by specifying a VLAN on network setup and the bridge (vmbr0) will forward those frames on to the relevant VM without any additional configuration.

If this is the case, should I just set my switch up as a Dot1q trunk containing the VM VLANs and then set the VLAN used for the Proxmox node as native (untagged) ? Or is there additional work required on the node before I can use additional VLANs?

Because I'm working off the single physical NIC I just want to check I've got this understanding right before I start configuring my switch or node and accidentally lock myself out of it!

Does QTS support VLAN trunking? I am looking to have iSCSI and general network traffic on the same interface using VLAN tagging on a 10GBE pipe.

For example, VLAN 4 which would be general network traffic would be 10.0.4.0/24 and vlan 10 which would be iscsi traffic on 10.0.10.0/24 .

Is this something supported? Thanks!

I have two switches A-end-switch and B-end-switch. The private VLANs work well between the switches, hosts are connected to the B end switch in the isolated VLAN and can get to the SVI on the A end switch. Problem is I cannot get the switch management VLAN 4 to trunk between switches. I have allowed it on the trunk but it does not work.

=====A-end-switch=====

interface Ethernet1/2

description B-end-switch

switchport mode private-vlan promiscuous

switchport trunk allowed vlan 4,301,601

switchport private-vlan mapping 301 601

vlan 4

name Switch_Mgmt

vlan 301

private-vlan primary

private-vlan association 601

vlan 601

name test-isolated-vlan

private-vlan isolated

=====B-end-switch=====

interface GigabitEthernet1/0/24

description A-end-switch

switchport trunk allowed vlan 4,301,601

switchport private-vlan mapping 301 601

switchport mode private-vlan promiscuous

vlan 4

name Switch_Mgmt

!

vlan 301

private-vlan primary

private-vlan association 601

!

vlan 601

private-vlan isolated

I would like to split my home network into 2 segments using VLANs but I'm not sure I understand how to setup the trunking to provide the segregation that I want.

Currently I have everything on 192.168.1.1/24, however I would like to split this into:

LAN
192.168.1.0/25 - VLAN 25

Guest
192.168.1.128/25 - VLAN 50

I have 2x TP-Link TL-SG108E switches which support 802.1q and a pfSense router, after some Googling I believe I want to do:

SW1
Port 1: VLAN 50,25 (T) (trunk port to SW2) VLAN 50 (U), PVID 50
Port 2-7: VLAN 50 (U) PVID 50
Port 8: VLAN 25,50 (U) PVID 25

SW2
Port 1: VLAN 50,25 (T) (trunk port to LAN2 on pfSense) VLAN 50 (U), PVID 50
Port 2-7: VLAN 25 (U) PVID 25
Port 8: VLAN 50,25 (U) PVID 50 (this is the access port from SW1)

On pfSense I would then like VLAN 50's traffic to be handled by pfSense's DHCP server for interface LAN2(VLAN50) while DHCP for VLAN 25 will be handled within VLAN 25's subnet by a separate DHCP server.

My questions are:

• Is my trunking methodology correct?
• Will broadcast (DHCP) packets from VLAN 50 on SW1 theoretically make it as far as pfSense?
• If I plug a device (HTPC) into Port 8 of SW1, will it theoretically be able to communicate with the DHCP server on Port 3 of SW2?
• On SW2 I have set the trunk port (Port 1) PVID to 50 with the theory that any untagged traffic that is floating around in the switch would end up in the guest network - is this correct and more importantly sensible?

Any general advice is also appreciated as I am new to networking.

Hey all. First post, hopefully I don't violate any rules.

I have a question regarding inter VLAN routing. General setup is two VLANs (10 and 20), Etherchannels between all switches set to trunking, and inter-VLAN routing between SW0 and the router. Screenshot below:

https://i.imgur.com/23v2QBM.png

Initially no pings would go anywhere. Viewing simulation mode showed that all ARPs terminated at SW0. I discovered (with help of classmates) that to fix the issue, I had to actually create VLANs 10 and 20 on SW0. I didn't assign any interfaces at all to those VLANs on SW0, only create them. So my initial configuration was fine, except for the missing VLANs.

My question is why did I have to do this?

I intentionally didn't add any VLANs on SW0. My thinking was that because SW0 is purely trunking, I shouldn't have to create any VLANs. Any traffic coming in should just be sent out the other trunking interfaces.

I was wrong about that and would love some explanation. Is there also a way to not have to set VLANs on switches, and just set a switch as a pure trunking switch?

Thanks!

Looking to move from synology over freenas and I just wanted to get some feedback on a few things.

1. Does FreeNAS support vlan trunking? My use case is that I want to use a single 10gbe nic on this freenas server and have 3 separate vlans trunked on that interface to my managed switch.

2. I have an old HP Gen 7 N40L microserver gathering dust in a closet and it has 16GB of ram but is the proc to old? If so, I was thinking about either building a machine or getting a HP Gen 10 X3216 with 32GB of ram. Would the Gen 10 be the better way to go?

Thanks!

I cannot connect to my pfSense box.

For the moment I only have one NIC, I therefore want to use VLANs to get 2 trunks in the one cable from switch to pfsense box, the WAN+LAN nets.

Tests

Desktop - Switch interface -> OK

ping from notebook to pfsense -> NOK

ping from pfsense to 192.168.0.1 -> NOK

Configuration is the following:

https://preview.redd.it/9hkvllb6x2m41.jpg?width=2560&format=pjpg&auto=webp&s=2bd9589b1567b9ef1a5637edbe37a6aabade1e05

I am willing to put more information, just tell me what is needed :)

Hi,

I want to setup a trunking protocol between 2 switches.

Can i setup a trunking in vlan1? even though its default vlan?

If i setup trunking for vlan10 for both switch 1 and switch 2 , does the trunking only apply to vlan10 ? how can i make it apply to all vlans available in the switch? by allowing vlan through 1-99?

Thanks guys! would appreciate your help

I have a Netgear R6400, v1. DD WRT reports I have interfaces vlan1, vlan2, eth0, eth1, eth2. I'm new to nvram commands on DD WRT.

I want to use my device as an AP and support three VLANs: Management (10), IoT (11), and Production (12). I heard bridging can be used to bind SSIDs to specific ports, and those can connect to VLAN Access Ports on other managed switches. But it also sounds like DD WRT is capable of port trunking.

I think what I need to do (but have no idea how to accomplish with the GUI or nvram) is:

1. Assign the Netgear an IP address and subnet that puts it in my management network. (Can do)
2. Use the built-in SSIDS for production. Add virtual SSIDs for IoT (can do)
3. Bridge SSIDs and internal networks to appropriate VLANs (no idea how to do)
4. Trunk everything to a port (no idea how to do).

Can someone explain how to accomplish this or point me out to a resource good for a newbie to learn? I've been reading articles online but they are unclear to me. Something something CPU tagging something internal VLANs something. I have caused my Netgear to become completely unreachable a few times, resulting in needing to reset it and start over. Def. need some help.

Hi,

I'm looking for a functional networking setup example that uses trunking over a bond.As I was setting up my config, I had it working for the most part, then all hosts stopped responding to management traffic on a completely separate interface and network. Not sure why, but I'm starting over with fresh installs and would like to see someone else's config to see what I might be doing wrong.

Thanks!

EDIT: apparently something took a dump on my ICX6610. Couldn't hit gateways so I bounced it and everything started working again. Wish I knew what happened.

Working config: https://imgur.com/a/r18bl3R

Hi, as the title says, I am trying to set up my router to be "before" my switch, details below.

The Set-up

Network cabinet (far-corner of the house, wifi signal horrendous)

1. patch panel with cables running to each rooms of the house (CAT6)
2. switch (Netgear GS110EMX)
3. NAS (Synology 918+)
4. ISP provided Modem/Router
5. pfSense box in the near future
6. Cheap-O Wireless AP in the living room

The situation

I just treated myself to a new router (Netgear NightHawk RAX200) for an early christmas.

Ideally I would like to set-up my new router (as a router and not only as an AP) in the living room which is nicely centered in the home but I have a single line running back to the network cabinet and the cable sheath is so narrow I doubt that I could pull a second line through.

Reading around online I've come across posts describing the use of VLans and port trunking in similar situations although I have never used them myself.

The attempt

I attempted the following (with no real conviction but intuitively this looked like it should've worked).

1. VLAN 1 on Port 1, 2 (Untagged) (WAN & Living Room/Router)
2. VLAN 2 on port 2,3,4,5,6,7,8,9,10 (Untagged) (Living Room/Router & All else)

Hi everyone!

I am doing some labs on PacketTracer and all the labs are using 2960 switches. I am noticing that in order for trunking and the vlans to work correctly, I need to use the "int vlan [num]" command to turn the vlan to an up state. From what I understand from reading OCG however, just using a ROAS set up where the router has the "encapsulation dot1q" command on it's subinterface and the switch interface set to "trunk" should be enough for this to work.

Is my understanding incorrect and the vlan interface needs to be enabled on layer 3 switches or is there something else I am not understanding correctly?

I'm at my wits end. I've tried so many interface configurations, I can't seem to find one that

1. Lets me access Proxmox over a trunk, but in VLAN 10.
2. Be able pass the trunk to VMs for VLAN tagging within the VM.

My current setup (not exactly from the interfaces file, but just a summary):

eno1
eno2
eno3
eno4

vmbr0
bridgeports eno1
vlan-aware yes

vmbr1
bridgeports vmbr0.10
address 192.168.10.5
netmask 255.255.255.0
gateway 192.168.10.1

This set up does not work. I cannot reach Proxmox from any other device in VLAN 10. What am I doing wrong? I can post the actual setup probably, just a hassle since I don't have network connectivity :/.

Curious to what CPU I should be looking for to run the above services. Does anyone have a similar setup?

I'm currently looking at the Intel i3's vs the Ryzen 3's. Don't mind older CPU's but I'm also aiming to get a CPU with low power consumption.

I was reading Paul browning CCNA simplified, and came Accross a line that said native vlans must match on both sides of the switches before a trunk link is formed.

How true is that?

I was puzzled so I took the challenge to lab up and purposely mismatched the native vlans to test this theory... I found that it was not necessarily true (according to my packet tracer). Trunks formed alright, and vlans tagging were distributed across the switch fabric as expected.

The only thing I discovered though was that untagged packets sent across the trunk link could not be delivered (due to the mismatch I think)

So I would like to know of this is just due to my packet tracer limitation (since I don't have real gadgets) ? Or if truly Paul was right.

PS: also besides remote management, the default vlan is useless? Or what other functions does it do? Also by default, vlan 1 is the default vlan & native vlan... For security purposes we are advice to change this default, so if I make vlan 5 both my native and default vlan... What becomes of vlan 1?

Thanka for anticipated clarifications

Hello,

I am not sure if its a bug but I would need a help regarding that issue:

Networking setup - http://prntscr.com/pu04va Ubuntu netplan - http://prntscr.com/pu054k

2 fibre physical interfaces are bonded into bond0 and divided into 3 different vlans.

bond.10, bond.20, bond.30;

Then according to these 2 http://paste.openstack.org/show/785908/ and http://paste.openstack.org/show/785909/ ; I did the same and assigned network_interface to bond.10 and neutron_external_interface to bond0. After deployment, I create private vxlan network, external vlan:physnet1:id10 192.168.10.0/24 network, add them both to the router, create vm, associate ip address and I cannot access either vm or router when I am pinging it. Security groups are fine.

Any ideas what can be wrong? Maybe I did not create external network correctly. I assume, we might need one more bonded interface (bond1) without ip address assigned but then would you be able to explain why is that please.

Thank you

I just watched a video where it said that broadcast networks are separated into different vlans for security reasons and to cut down on network traffic. But, then for one node to talk to another node in a different vlan, you should use 802.1Q trunking.

Doesn't trunking defeat the purpose of having separate vlans?

This is the video: https://youtu.be/9L4qDmvKPjQ

Upgrading my home network from an ASA5505 currently hosting three PoE enabled access points that are using dot1q for different VLANs (guest network, IoT, etc). Replacing the 5505 with a 5515 but am losing my switching capacity with the upgrade.

Primary goal is to find a low power switch that supports VLAN trunking (dot1q) for my access points. I have available EOL 24-port 2960 Cisco switches but they run 30-40watts (at idle) and was hoping to find something smaller with a lower power ($) footprint. Only need eight ports.

Any recommendations on low power gear that will support this?