VLAN support on the SG-4860 OPT ports?
-
I have two configurations for the SG-4860 -- see [config-1], and [config-2] below. Both are configured with DHCP servers for their subnet and basic rule sets are to allow all traffic to egress on both interfaces.
[config-1] works without a problem; but [config-2] does not work in that devices plugging into any of the OPT ports do not get a DHCP assignment. Or setting their IPv4 manually, they cannot egress.
Is there a nuance in regards to VLAN on OPT ports that I am overlooking?
NOTES
[config-1]
igb1.201 -> PPoE
ibg0 -> 192.168.50.1/24
igb2 -> 192.168.40.1/24
igb3 -> 192.168.30.1/24
igb4 -> 192.168.20.1/24
igb5 -> 192.168.10.1/24[config-2]
igb1.201 -> PPoE
ibg0.50 -> 192.168.50.1/24
igb2.40 -> 192.168.40.1/24
igb3.30 -> 192.168.30.1/24
igb4.20 -> 192.168.20.1/24
igb5.10 -> 192.168.10.1/24 -
What is it you're trying to accomplish?
Tagging VLANs requires talking to a switch that also tags VLANs. You can't plug a client straight into tagged port like that unless the client is also tagging with the same value.
Both of your configs have isolated networks on each port, the VLANs are not necessary at all if you're plugging clients directly into each port. And if you have a switch in each port, it's still not really necessary.
You'd use VLANs to setup multiple tagged networks on a single physical port going to a switch also configured for VLANs, and then clients would plug unto a switchport untagged on whatever VLAN you want them to use.
-
@chase said in VLAN support on the SG-4860 OPT ports?:
config-1] works without a problem; but [config-2] does not work in that
Any reason why your creating a single vlan on each OPT interface ?
Wouldn't you be better doing something like this or do they connect to different switch ports on the same switch :-
[config-2]
igb1.201 -> PPoE
igb0.10 -> 192.168.10.1/24
igb0.20 -> 192.168.20.1/24
igb0.30 -> 192.168.30.1/24
igb0.40 -> 192.168.40.1/24
ibg0.50 -> 192.168.50.1/24Maybe create a LACP LAGG group with igb1 & igb2 and use the LAGG as the parent interface.
-
The LAN is reserved exclusively for trusted hardware -- and thus, only one VLAN there. The OPT interfaces are where I am landing IoT devices. Although the OPT interfaces are 1:1 with a matching VLAN, the future arrangement is for the OPTs to be assigned additional VLANs.
I do not want to LAGG the OPT interfaces.
-
I think you have confused the term "VLAN" with an ordinary isolated network.
VLANs are a special method used by switches to multiplex multiple networks on single ports and isolate traffic between switchports into separate segments. That doesn't apply to a router with individually configurable ports like the 4860.
The config-1 scenario is what you want, you don't need VLANs.
Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!
Need help fast? Netgate Global Support!
Do not Chat/PM for help!
-
@jimp Thank you -- your answer here and earlier makes sense, particularly that direct plugins of non-switch devices on the OPT ports is not the same as plugging in a switch that is prepared to manage the assigned VLAN segment. There is no further action necessary on this thread. Thank you for your time and attention here!
