Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

LAN & WAN How To

Example 3: ZyXEL GS1900-8HP

In the above two examples, I used VLANs 1-3. You can use any VLANs you want, as long as you have the port configurations correct.

To perform the same configurations on a ZyXEL GS1900-8HP switch, which only supports 802.1Q , create the desired VLANs. The ZyXEL switch, like the NETGEAR, doesn't require you to configure VLAN port type. Just make all ports untagged members of the Internet VLAN, assign the appropriate ports as untagged members of their desired VLAN and, finally, assign PVIDs.

Here's a configuration summary of the following screenshots:

  • VLAN 2 = Internet, VLAN 3 = PC 1, VLAN 4 = PC 2.
  • Port 6 is connected to my router. Port 6 is an untagged member of VLAN 2, 3, and 4 with a PVID of 2.
  • Port 7 is connected to PC 1. Port 7 is an untagged member of VLAN 2 and 3 with a PVID of 3.
  • Port 8 is connected to PC 2. Port 8 is an untagged member of VLAN 2 and 4 with a PVID of 4.

The first screenshot below shows the VLAN assignments...

Zyxel GS1900-8HP 802.1q VLAN Assignments

Zyxel GS1900-8HP 802.1Q VLAN Assignments

...the second screen shot shows the PVID configuration.

Zyxel GS1900-8HP 802.1q PVID Assignments

Zyxel GS1900-8HP 802.1Q PVID Assignments

With this configuration, PC 1 and PC 2 can access the Internet but not each other. To add another device in the same VLAN as PC 1 or PC 2, configure the port as an untagged member of VLAN 2 and an untagged member of either VLAN 3 or 4, plus set the PVID to either VLAN 3 or 4.

Example 4: Cisco SG200-26

To perform the same configurations on a Cisco SG200-26 switch, which only supports 802.1Q, the approach is similar to Example 3. Simply create the desired VLANs, configure the interfaces as general and make all interfaces untagged members of the Internet VLAN. Then assign the appropriate interfaces as untagged members of their desired VLAN and, finally, assign PVIDs.

The screenshot below shows the VLAN port-types, VLAN assignments, and PVID assignments on the Cisco SG200-26. Notice in the Mode column that all three interfaces are configured as "General." I used VLAN 4 for the Internet and VLANs 51 and 52 for PCs. A "U" after the VLAN ID indicates untagged, and a "P" after a VLAN ID indicates PVID.

Here's a config summary of the below screenshot:

  • Interface GE10 is connected to PC 1. Interface GE10 is an untagged member of VLAN 4 and 51 with a PVID of 51.
  • Interface GE11 is connected to PC 2. Interface GE11 is an untagged member of VLAN 4 and 52 with a PVID of 52.
  • Interface GE12 is connected to my router. Interface GE12 is an untagged member of VLAN 4, 51 and 52 with a PVID of 4.

Cisco SG200-26 802.1q Configuration

Cisco SG200-26 802.1Q Configuration

With this configuration, PC 1 and PC 2 can access the Internet but not each other. To add another device in the same VLAN as PC 1 or PC 2, configure the switch interface as general, make it an untagged member of VLAN 4 and an untagged member of either VLAN 51 or 52 and set the interface PVID to either VLAN 51 or 52.

While this example was done on a Cisco SG200-26, the Cisco SG200-08 and SG200-08P use similar configurations.

Closing

In all the examples, all end devices are in the same IP address range (subnet) and the router doesn't support VLANs. It is also interesting to note in Examples 2-4 using 802.1Q VLANs, we don't actually use tagging, since we set all ports to be untagged members of the various VLANs.

If you look closely at the VLAN assignments in the port-based and 802.1Q examples, you can see that the router/Internet port is a member of all VLANs for both port-based and 802.1Q. The difference is the PC ports are members of only one VLAN in a port-based config, whereas PC ports are members of the Internet VLAN and their native VLAN in an 802.1Q config.

These examples are limited to segmenting a wired network using VLANs only on ports of a smart / managed switch. In a future article, I'll cover how to use 802.1Q VLANs using ports on both a router and switch, as well as how to use 802.1Q VLANs to segment a wireless network.

Below is a table of switches I've used or reviewed that lists whether they support port-based and/or 802.1Q VLANs.

Switch Port-Based 802.1Q
Cisco SG200-26 N Y
Cisco SG500-28P N Y
HP PS1810 Y Y
LG-Ericsson ES-2026 Y Y
NETGEAR GS108Tv1 Y Y
NETGEAR GS108Tv2 N Y
NETGEAR GS510TP N Y
NETGEAR GS716T N Y
NETGEAR GS724TR N Y
NETGEAR M4100 N Y
TRENDnet TEG160WS N Y
TP-LINK TL-SG108E Y Y
TP-LINK TL-SG2008 N Y
TP-LINK TL-SG2216 N Y
ZyXEL GS1900-8HP N Y

As you can see, only a few switches support port-based VLANs, yet all of them support 802.1Q VLANs. This is likely due to the fact that port-based VLANs aren't standardized, thus there is limited interoperability between devices and limited functionality with port-based VLANs.

On the other hand, 802.1Q is a standard technology that is supported by most VLAN-capable switches. The bottom line, as shown in these examples, is you can use port-based or 802.1Q VLANs to segment any small network.

More LAN & WAN

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

Hello everyone! I have 4 ASUS RT-AC5300 to setup in one location and I am not entirely sure how to go about the naming of the SSID on all 4 routers.On...
hi all,I have an Asus RT-N18 that somehow, suddenly can't be accessed. I think this is just a normal problem, and the flash will return everything to ...
Asustor's ADM 3.3 just came out of beta, adding BTRFS and snapshot support.https://www.asustor.com/service/release_notes
https://www.newegg.com/p/N82E168333...2319-Index-_-WirelessRouters-_-33320244-S2A2APromo code on page
I am looking to get a wifi card for my desktop or powerline networking. Right now I have a powerline tplink 600 Mbps but I they are connecting around ...

Don't Miss These

  • 1
  • 2
  • 3