Home Automation Domotica Forum Europe, Bwired Forum

Is any one that can explain/help me out with setting up a VLAN.
I have been reading and trying allot to setup multiple VLAN, and what i want to achieve is this:

I like to have a few ports on my switch that can not see each other for a guest network for example.
There are 6 rooms in the building that share the same Internet connection, of course they do not need to see each other since they do not know each other.
So i read that Vlan should be able to do this, but when someone connects to his wired line a computer, and for example a small 4-8 port switch to get more ports available.
Is it then possible that the user can see his own computer/printers in his Vlan ?

I have a linksys srw224g4 switch that supports vlan, layer 2/3.
But do i need a special router also since it has no routing abilities ?
I could be totally wrong with everything since most of the detailed info is in english and this isn't my native language so i do not understand everything 100%.
Any help or info/of solutions for this "problem" would be highly appreciated

Thanks

I don't really understood your question but ...A Vlan is by default a totally separated LAN. So if you have a switch with ports 1-4 in Vlan 1 and ports 5-8 in Vlan 2 then the systems in the same vlan will see each other. Systems in vlan 1 will not see systems in Vlan 2 and vice versa. If you want to connect both vlan's you need to implement routing (layer 3) and in that case all systems in Vlan 1 will see systems in Vlan 2 unless you implement firewall rules or access lists between Vlan 1 and Vlan 2.

You also have paid which divide the port of the switch in separate networks do it will also work if you reconnect a other (non smart) switch

Edwin2008 wrote:You also have paid which divide the port of the switch in separate networks do it will also work if you reconnect a other (non smart) switch

i read it three times and i have no idea what you are trying to say?

how do you route from one vlan to the other . like one vlan to the outside ?

Thanks for the replies,
@ Henk, so what i describe here is possible then ?

This is what i like to be able to do:


Now the red circle is a room, for example i live there, i have a network printer, dreambox , laptop , computer that i want to connect in my "own" LAN.
They all have to be able to see/share with each other, and have Internet acces.
They can not be able to see the user and his own small network in room 2 , or 3, or 4 and so on.

Can i give a room a separate unmanaged switch , connect it to a port on the linksys that is connected/used in a Vlan, and that the user is able to use the internet and his own private lan without interference from others.
Or can a user for example place his own router on the wire that comes out of the port from the linksys that is connected to a Vlan ?
Is this option possible what i just showed in this example, as far i understood it should be but what do i exactly need to achieve this.
Or is there another solution that can do this ?

Do i need a "special" router after the modem te set everything correct ?
From what i have read , some say i need a special switch that can handle routing, some write that you need a modem/router that can handle Vlan ability and pass the info trough to the in my case linksys

@ labium, this is what i ask myself , see the sentence above.
I think i have set the Vlan correctly after watching several tutorials and reading them, but the computers that i connected to those Ports that i set to a Vlan , they did not got any ip address assigned.

Going to try pfsense, it should all be possible to do like is described I have been told

Your setup can do what you want. But you need a router where the nets meet.

When the nets arrive at the Linksys it will have to know where to send the package. If the Linksys is unable to route you will need an extra port for each net to the router. I never tried pfsense but I think it can be the router.

"Dump" switches on each net is no problem. And it doesn´t matter who plug the cable for it.

Regards
Morten

Thanks morten for the info.
Will show the configuration here is someone is interested when k got. It working of course

What you are describing here is called a private vlan (http://en.wikipedia.org/wiki/Private_VLAN).
Not every manufacturer supports this though.

According to the docs your switch should support PVE, so you could try that.

Private VLAN is not needed for this setup. Just create as much normal vlan`s as needed (one per room) and create firewall / nat rules on the router to let each vlan connect to internet but block the vlan2vlan communication.

You can try to use pfsense but i don`t know if psense supports that much vlan interfaces. In the past i have used shorewall and Mikrotik for this. Mikrotik also supports hotspots and billing per interface

Private vlan would allow you to use a 'normal' simple router, since it is all 1 ip subnet, and is less work to setup. Creating a load of vlans and 1 tagged port in each vlan is also an option, yes.
It's all a matter of preference, and the situation it will be used in.

Well I have setup pfsense virtually. And been playing with it and the linksys connected on the lan of my laptop.
I must say it is actually fun to play with. Not that everything worked like I want but still.
Tomorrow I'll try some more and hope I get it working.
Thanks for the info guys

Akatar wrote:

Edwin2008 wrote:You also have paid which divide the port of the switch in separate networks do it will also work if you reconnect a other (non smart) switch

i read it three times and i have no idea what you are trying to say?

Allright, missed this post. Being screwed by the auto speller on Phone...
VLan is only be respected by devices that are able to recognize Vlan tag. So if you have a smart switch which you devide into vlan segments a computer will see another computer in another vlan. This is not what i expected when setting up a vlan with a netgear pro smart switch.
Calling the support desk revealed that if you want the port to be seperated you need to use the pvid option. Basically this tell's the port you mark to only work with the vlan you want it.
Don't ask me why but this is what the guy said and indeed after that it worked. So when now connecting two pc's in different port's that are both marked to different vlan's they are unable to react or see eachother.
Hopefully this clarifies it a bit

pvid tells the switch to mark traffic without a vlan tag (untagged) to be tagged with the specified vlanid. So if the ports are all on PVID1 all computers connected to that switch will see each other.