This article describes how to configure VLANs on a ProSAFE Web Managed Plus Switch with shared access to the internet.
Note: For this type of configuration, the internet router used must be VLAN aware. The devices in each VLAN are not allowed to communicate with devices in other VLANs because inter-VLAN routing is disabled on the router.
In this example, we configure three VLANs:
-
VLAN 1 / Network 192.168.1.0 (mask 255.255.255.0)
-
VLAN 2 / Network 192.168.2.0 (mask 255.255.255.0)
-
VLAN 3 / Network 192.168.3.0 (mask 255.255.255.0)
We configure the switch ports as follows:
-
Port 1 connects to port 1 on the router. This is known as the trunk port.
-
Ports 2 & 3 in VLAN 2.
-
Ports 4 & 5 in VLAN 3.
-
The remaining ports in VLAN 1.
Below is a simple diagram presenting an overview of the network.
Prerequisites:
- You must know the IP address of the ProSAFE Web Managed Plus Switch. If you do not know the IP address of the switch, you can find it by discovering the switch using the ProSAFE Plus Configuration Utility
- Ensure that the firmware on the switch is up to date
Create VLANs on the switch:
- Open a web browser.
- In the address bar of the web browser, type the IP address of the switch and press Enter.
- Type the admin password of the switch (the default password is password) and click Login.
- Go to VLAN - 802.1Q - Advanced - VLAN Configuration.
- Set Advanced 802.1Q VLAN to Enable.
Note: Changing to Advanced 802.1Q VLAN mode will erase any previous VLAN settings. - When prompted, click OK.
- In the VLAN ID field, type the ID of the VLAN you wish to create and click Add. Here we add VLAN 2:
- Repeat step 7 to create VLAN 3.
Add ports to the VLANs:
- Go to VLAN - 802.1Q - Advanced - VLAN Membership.
- In the VLAN ID drop down menu, select VLAN 2.
- Port 1 connects to the router and must be marked as tagged in VLAN 2. Click on port 1 until a T appears in the port.
Ports 2 & 3 connect to client devices and must be marked as untagged in VLAN 2. Click on ports 2 & 3 until a U appears.
- Click Apply.
- Repeat the process for VLAN 3. In the VLAN ID drop down menu, select VLAN 3.
- Mark port 1 as tagged and ports 4 & 5 as untagged.
- Click Apply.
Configure port PVID settings for untagged ports:
- Go to VLAN - 802.1Q - Advanced - Port PVID.
- For each port marked as untagged above, set the PVID of that port to the VLAN ID of the VLAN it was assigned to. For example, above, we added ports 2 & 3 as untagged members of VLAN 2. Therefore we set ports 2 & 3 with a PVID of 2 and click Apply:
- Similarly, set ports 4 & 5 with a PVID of 3 and click Apply.
- When done, the PVID configuration should look like below:
Create VLANs on the internet router:
Note: Here we demonstrate the configuration on a NETGEAR FVS336Gv3 firewall router. The method to configure your internet router may not be the same but the same principles will apply. Refer to the vendor of your internet router if you are unsure how to complete the configuration of the router.
- In the address bar of the web browser, type the IP address of the router and press Enter.
- Enter the admin username (default = admin) and password (default = password).
- Click Login.
- Go to Network Configuration - LAN Settings - LAN Setup.
- Under VLAN Profiles, click Add:
- Enter the details for VLAN 2 as shown below and click Apply:
- When you are returned to the LAN Setup page, add another VLAN Profile by clicking Add.
- Enter the details for VLAN 3 as shown below and click Apply:
- The LAN Setup page should now look similar to the below with the default VLAN 1, VLAN 2 and VLAN 3 configured:
Testing:
- Connect a PC to a port on the switch in VLAN 2 (e.g. port 2).
- Connect a PC to a port on the switch in VLAN 3 (e.g. port 5).
- Disable the wireless connection on both PCs.
- Verify that the PCs cannot access each other.
- Verify that the PCs can access the internet.