So I'm pretty new to Netonix and VLAN's.
What I'm wanting to do is use the netonix to power my site devices, but split them into two networks with VLAN's. I'm not sure how to do this, or if it's possible. My goal is to have both my LAN and WAN devices powered by the switch(4 devices, 2 on LAN and 2 on WAN), then have two separate cables going to my router, one for LAN and one for WAN. I'd like to have ports 1-4 be on one vlan and ports 5-8 on another and not talk between each other. The way you would on a MikroTik router by setting master switch ports.
Is this possible?
VLAN's
- bhesterberg
- Member
- Posts: 25
- Joined: Wed Feb 08, 2017 12:45 pm
- Has thanked: 3 times
- Been thanked: 4 times
- Julian
Re: VLAN's
that's pretty much the point behind VLANs. It's very possible, and our implementation/UI is fairly intuitive once you play with it.
I'm no network engineer, but it probably took me about 20 minutes to get the hang of how to accomplish what I needed.
try searching for vlan author='sirhc' up in the search box, should get you on the road to where you want to go.
I'm no network engineer, but it probably took me about 20 minutes to get the hang of how to accomplish what I needed.
try searching for vlan author='sirhc' up in the search box, should get you on the road to where you want to go.
-
sirhc - Employee
- Posts: 7414
- Joined: Tue Apr 08, 2014 3:48 pm
- Location: Lancaster, PA
- Has thanked: 1608 times
- Been thanked: 1325 times
Re: VLAN's
VLAN is an IEEE Standard called 802.1Q, we follow the standard.
We also do QinQ which is also an IEEE Standard called 802.1ad
You can Google them an read all about VLANs and how to set them up, here are 2 links to get you started.
https://en.wikipedia.org/wiki/Virtual_LAN
https://en.wikipedia.org/wiki/IEEE_802.1ad
We also do QinQ which is also an IEEE Standard called 802.1ad
You can Google them an read all about VLANs and how to set them up, here are 2 links to get you started.
https://en.wikipedia.org/wiki/Virtual_LAN
https://en.wikipedia.org/wiki/IEEE_802.1ad
Support is handled on the Forums not in Emails and PMs.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.
- bhesterberg
- Member
- Posts: 25
- Joined: Wed Feb 08, 2017 12:45 pm
- Has thanked: 3 times
- Been thanked: 4 times
Re: VLAN's
Reading about what exactly a VLAN is and how it originated doesn't help me set up VLAN's on this switch. I also watched the video, still no help.
I'm not sure what I'm doing wrong, but I can't seem to post a picture here to show you.
The configuration has changed on the device. You will not be able to save any configuration changes.
Click here to reload the configuration.
I'm not sure what I'm doing wrong, but I can't seem to post a picture here to show you.
The configuration has changed on the device. You will not be able to save any configuration changes.
Click here to reload the configuration.
-
sirhc - Employee
- Posts: 7414
- Joined: Tue Apr 08, 2014 3:48 pm
- Location: Lancaster, PA
- Has thanked: 1608 times
- Been thanked: 1325 times
Re: VLAN's
bhesterberg wrote:I'm not sure what I'm doing wrong, but I can't seem to post a picture here to show you.
Well considering what my signature says on all my posts (see below) I am at a total loss as to why you can not figure out how to load a screen grab / picture?
Support is handled on the Forums not in Emails and PMs.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON
Also our switch handles VLANs the same way any switch handles VLANs
There are tons of posts on VLANs on this Forum:
viewtopic.php?f=6&t=1572&p=11646&hilit=default+vlan#p11646
viewtopic.php?f=6&t=1570&p=11639&hilit=default+vlan#p11639
viewtopic.php?f=17&t=241&p=13915&hilit=+management+vlan#p13915
viewtopic.php?f=17&t=287&p=12278&hilit=+management+vlan#p12278
viewtopic.php?f=6&t=2040&p=15094&hilit=+management+vlan#p15094
viewtopic.php?f=17&t=277&p=1114&hilit=+vlan+t+E+U#p1114
viewtopic.php?f=14&t=273&p=1096&hilit=+vlan+t+E+U#p1096
viewtopic.php?f=17&t=237&p=835&hilit=+vlan+t+E+U#p835
I do not think your issue is with our user interface as it is so straight forward, your issue is with understanding how to setup and use VLANs to achieve your goal.
VLANs are a sort of packet filter on each port based on their VLAN Tag or lack of a Tag then a matrix or MAP on where to send those packets for egress.
Think of VLANs as a port ingress filter and MAP on what ports to send those packets our and what to do with the VLAN tag when it leaves the switch.
If a Packet leaves a port with a "T" on it then the VLAN Tag is left intact.
If a packet leaves a port with a "U" on it then the VLAN Tag is removed.
If a packet leaves a port with a "Q" on it then the outer VLAN Tag is stripped but the inner encapsulated VLAN Tag remains.
You can only have one "U" defined for any one port no matter how many VLANs you define.
Each port is told what VLAN Tags are allowed to enter and exit via the VLAN matrix and allowed VLAN list (what some people call trunking).
MTU is important to understand when using VLANs as VLAN Tags increase the packet size.
But this is already turning more into a Textbook on teaching about and how to use VLANs than it is a user manual on how to use the interface to setup VLANs in the UI.
The purpose of a manual would be to explain how to use the interface not teach one how to use VLANs, that would be more of a network workshop or book.
Considering our interface is so straightforward a manual on how to use the UI is pretty much not needed. Also for VLANs to work the equipment on either side of the switch also would have to be properly configured to match the switch configuration.
Support is handled on the Forums not in Emails and PMs.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.
- bhesterberg
- Member
- Posts: 25
- Joined: Wed Feb 08, 2017 12:45 pm
- Has thanked: 3 times
- Been thanked: 4 times
Re: VLAN's
First, almost every piece of technical equipment in the world has a manual for it.
Second, do you always have to be such a condescending asshat? I've seen the way you talk to people in here and it's appalling. Why would I even think to check your signature for posting instructions??? Is this the kind of customer service you offer?
I did figure out how to upload a picture, but you have to click on "Full Editor" in order to do it.
And finally, it would have taken you less time, and less effort, just to answer my question than ramble on like you did.
Thanks....
Second, do you always have to be such a condescending asshat? I've seen the way you talk to people in here and it's appalling. Why would I even think to check your signature for posting instructions??? Is this the kind of customer service you offer?
I did figure out how to upload a picture, but you have to click on "Full Editor" in order to do it.
And finally, it would have taken you less time, and less effort, just to answer my question than ramble on like you did.
Thanks....
- Julian
Re: VLAN's
Oh. You just upgraded firmware, didn't you. Try reloading defaults before you set your config the way you want it, I've had that happen on a couple of switches after an upgrade, not sure why, but the default seems to clear it.
A manual is in the works, this has gotten a bit larger than we expected so the thought was that we were going to write it once the software settled down, but that's not a great help to you.
So you watched the video, and you're still having some trouble, are you? Shame, is there something in specific you are trying to achieve? I can probably get you what you need, I'm not in the office today since a giant snowstorm has decided that this would be a great place to hang out, but draw me a picture of what you're trying to do, and I'll see if I can't give you a hand?
Also, go easy on Chris, he has no filter, but is, generally speaking, a good guy, and his knowledge is great to have, if you can convince him to share.
Meanwhile, you have me. I'll be happy to help, in any way I can. If you'd prefer, email me directly, I will answer as accurately and as soon as possible.
A manual is in the works, this has gotten a bit larger than we expected so the thought was that we were going to write it once the software settled down, but that's not a great help to you.
So you watched the video, and you're still having some trouble, are you? Shame, is there something in specific you are trying to achieve? I can probably get you what you need, I'm not in the office today since a giant snowstorm has decided that this would be a great place to hang out, but draw me a picture of what you're trying to do, and I'll see if I can't give you a hand?
Also, go easy on Chris, he has no filter, but is, generally speaking, a good guy, and his knowledge is great to have, if you can convince him to share.
Meanwhile, you have me. I'll be happy to help, in any way I can. If you'd prefer, email me directly, I will answer as accurately and as soon as possible.
-
sirhc - Employee
- Posts: 7414
- Joined: Tue Apr 08, 2014 3:48 pm
- Location: Lancaster, PA
- Has thanked: 1608 times
- Been thanked: 1325 times
Re: VLAN's
I am saying your issue is not understanding the switch UI but rather how to configure, implement, and use VLANs. A manual for the switch UI would not help you here in this situation, a manual on how to use VLANs would be of great help. OUr manual will teach to you how to setup the switch not implement VLANs or how RSTP works or how LACP works just how to navigate the UI as a network tech should know the fundamentals.
I am more than willing to help you understand anything related to the switch but I am not willing to teach you how to use VLANs and what they do and do not do.
If you do not understand how VLANs work spend some time reading some articles on the internet and understand how VLANs work.
Then try your best to implement them in a LAB environment before trying to implement them into production.
If you can not quite get your LAB to work right then post up a screen grab of your VLAN Tab with a detailed description of desired behavior with a diagram showing your equipment and how you want the VLANs to segregate your traffic.
I have been a WISP for over 20 years, when I started I did not understand VLANs either and it took a while to wrap my mind around them. But never did I contact the switch manufacturers to teach me nor did their "user manual" provide me any more information other than how to configure the interface.
I did a lot of reading then I spent days playing with them in my office in a LAB setup until I figured it out.
If you were setting up a VLAN and you found a bug in our firmware I would be all over this trying to get you a fix.
Look, I respond to people in hours not days, but if I constantly have to answer the same questions over and over again because people do not search for the answer first then all I would do is that and people would wait a long time for help.
Will I complain if someone does not use the Search feature to see if they can help themselves from previous posts asking for help with the same issue.....YES
My job is to provide tech support for the switch not teach networking 101. I will try to help people that have tried to help themselves first and put up a very detailed post explaining what they have done and what they can't figure out and help to connect the dots.
If you want my help then put up a VLAN screen grab, a diagram of what you want to happen along with a detailed explanation of what is not working the way you think it should.
You have not even given half the information needed to give you an answer anyway.
As an example below is an example of breaking a switch into 2 logical switches:
Logical Switch 1 Ports 8-14
Logical Switch 2 Ports 1-7
Devices in ports 1-7 can not see or talk to devices in ports 8-14 and vice versa
But you could also not reach the switch UI or CLI from ports 1-7 as the switch only responds to the Default VLAN which is the VLAN at the top of the list, the one you can not delete and it has all "E"s for exclude on those ports. (The switch only responds on the Default VLAN)
Also the example below would not accept any Tagged packets, only Untagged packets.
If I changed all the "U"s to "T"s then ports 1-7 would only accept packets with a VLAN ID Tag of 2 and ports 8-14 would only accept packets with a VLAN ID Tag of 1.
Then with "T"s instead of "U"s in both cases the packet would leave the port with the VLAN Tag intact since the egress port also has a "T".
The switch UI could only be reached on ports 8-14 with packets with a VLAN ID Tag of 1 destined to the IP of the switch UI/CLI.
This is now turning into a text book on how VLANs work not a Switch Manual.
But there are many posts on this Forum if you use the Search Function and search for simply "VLAN" and read through the posts.
I am more than willing to help you understand anything related to the switch but I am not willing to teach you how to use VLANs and what they do and do not do.
If you do not understand how VLANs work spend some time reading some articles on the internet and understand how VLANs work.
Then try your best to implement them in a LAB environment before trying to implement them into production.
If you can not quite get your LAB to work right then post up a screen grab of your VLAN Tab with a detailed description of desired behavior with a diagram showing your equipment and how you want the VLANs to segregate your traffic.
I have been a WISP for over 20 years, when I started I did not understand VLANs either and it took a while to wrap my mind around them. But never did I contact the switch manufacturers to teach me nor did their "user manual" provide me any more information other than how to configure the interface.
I did a lot of reading then I spent days playing with them in my office in a LAB setup until I figured it out.
If you were setting up a VLAN and you found a bug in our firmware I would be all over this trying to get you a fix.
Look, I respond to people in hours not days, but if I constantly have to answer the same questions over and over again because people do not search for the answer first then all I would do is that and people would wait a long time for help.
Will I complain if someone does not use the Search feature to see if they can help themselves from previous posts asking for help with the same issue.....YES
My job is to provide tech support for the switch not teach networking 101. I will try to help people that have tried to help themselves first and put up a very detailed post explaining what they have done and what they can't figure out and help to connect the dots.
If you want my help then put up a VLAN screen grab, a diagram of what you want to happen along with a detailed explanation of what is not working the way you think it should.
You have not even given half the information needed to give you an answer anyway.
As an example below is an example of breaking a switch into 2 logical switches:
Logical Switch 1 Ports 8-14
Logical Switch 2 Ports 1-7
Devices in ports 1-7 can not see or talk to devices in ports 8-14 and vice versa
But you could also not reach the switch UI or CLI from ports 1-7 as the switch only responds to the Default VLAN which is the VLAN at the top of the list, the one you can not delete and it has all "E"s for exclude on those ports. (The switch only responds on the Default VLAN)
Also the example below would not accept any Tagged packets, only Untagged packets.
If I changed all the "U"s to "T"s then ports 1-7 would only accept packets with a VLAN ID Tag of 2 and ports 8-14 would only accept packets with a VLAN ID Tag of 1.
Then with "T"s instead of "U"s in both cases the packet would leave the port with the VLAN Tag intact since the egress port also has a "T".
The switch UI could only be reached on ports 8-14 with packets with a VLAN ID Tag of 1 destined to the IP of the switch UI/CLI.
This is now turning into a text book on how VLANs work not a Switch Manual.
But there are many posts on this Forum if you use the Search Function and search for simply "VLAN" and read through the posts.
Support is handled on the Forums not in Emails and PMs.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.
- bhesterberg
- Member
- Posts: 25
- Joined: Wed Feb 08, 2017 12:45 pm
- Has thanked: 3 times
- Been thanked: 4 times
Re: VLAN's
sirhc wrote: In both cases the packet would leave the port with the VLAN Tag intact since the egress port also has a "T".
bhesterberg wrote: In your pic, none of the ports are Tagged(T). So which port is the egress port?
Well you obviously did not "fully" read my post above.
sirhc wrote:If I changed all the "U"s to "T"s then ports 1-7 would only accept packets with a VLAN ID Tag of 2 and ports 8-14 would only accept packets with a VLAN ID Tag of 1.
Then with "T" instead of "U"s in both cases the packet would leave the port with the VLAN Tag intact since the egress port also has a "T".
-
sirhc - Employee
- Posts: 7414
- Joined: Tue Apr 08, 2014 3:48 pm
- Location: Lancaster, PA
- Has thanked: 1608 times
- Been thanked: 1325 times
Re: VLAN's
The T, U, E, Q, and D assigned to each port affects how the port will accept a packet in and pass a packet out.
T = Tagged
- Egress it leaves VLAN Tags alone
- Ingress it only accepts VLAN ID Tags that match that VLAN definition or other VLAN definitions with a T on that port or looks at the Trunk Port / Allowed VLAN ID List for that port if enabled
U = Untagged
- Egress it strips all VLAN ID Tags and sends packet on its way as a non VLAN Tagged packet
- Ingress it only allows non VLAN Tagged packets in unless another VLAN definition has a T on that port then it would accept Untagged or Tagged packets matching the VLAN ID of another VLAN definition with a T on that port or if the Trunk Port / Allowed VLAN List is selected then the IDs in that list
E = Exclude
Just what it says it does.
Q = QinQ
- Egress packets: Strip outer VLAN Tag but leaves any inner Tag intact if it exists. If no inner VLAN ID Tag exists because it is just a standard VLAN Tagged packet then the packet becomes an Untagged normal Packet.
- Ingress packets: Encapsulate packet inside a VLAN Tag. If an Untagged packet it simply adds an outer VLAN Tag but if already a VLAN Tagged packet it encapsulates the packet inside another VLAN ID Tag, this is why it is called "QinQ", a packet inside and 802.1Q capsule inside another 802.1Q capsule, get it, QinQ
D = Double Tagged
This is a new feature people asked for and I have not used it but you could do searches on the forums and read about it. You could use advanced search for post by our programer "Eric Stern"
I did a quick search for what the D will do and found this post by the programmer Eric with an example:
viewtopic.php?f=17&t=2357&p=17815&hilit=Double#p17815
You can only have one "U" or "Q" assigned to any one port no matter how many VLANs you define.
Then there is an option called "Trunk Port / Allowed VLAN List" which allows you to specify ranges of VLAN IDs accepted on a port. Trunk port is really an incorrect terminology but we kept it so people used to using the ToughSWITCH UI would feel at home.
Our ingress filtering is specific meaning if you do not specify exactly what a port should except it will reject the packet. Some switch manufacturers will dumb this filter down which allows incorrect configurations to work or at least appear to work but in reality traffic is not properly being segregated which is WRONG and poses security holes but it creates less tech support because to the user it appears to work but in reality it is not segregating all traffic properly they simply think it is working so it must be correct......NOT.
The default or management VLAN is the Top VLAN and can not be deleted. This is the only VLAN that the switch UI / CLI / SNMP / ETC will respond to. You can not delete the default VLAN but you can renumber it (Change the ID) or rename it. You can not make the switch UI/CLI respond to any other VLAN. Some switches allow you to specify which VLAN is the Management VLAN we simply force you to use the top VLAN as the Management VLAN but instead allow you to rename and renumber it's ID which achieves the same ends.
There are many posts on this forums where we discuss VLANs which you can search for and read through but we follow the industry standard so if you understand VLANs the only other thing you need to master is the UI which is pretty straight forward and made simple.
Now since we simplified the UI we did take some granular configuration abilities away but unless you are a master at VLANs you will never need them or understand them anyway and even then if you are a master and fully understand VLANs there are ways to make our UI provides most if not all of those granular abilities.
But everything I just retyped in this post can be found on several other posts throughout our Forum if you simply search for them.
T = Tagged
- Egress it leaves VLAN Tags alone
- Ingress it only accepts VLAN ID Tags that match that VLAN definition or other VLAN definitions with a T on that port or looks at the Trunk Port / Allowed VLAN ID List for that port if enabled
U = Untagged
- Egress it strips all VLAN ID Tags and sends packet on its way as a non VLAN Tagged packet
- Ingress it only allows non VLAN Tagged packets in unless another VLAN definition has a T on that port then it would accept Untagged or Tagged packets matching the VLAN ID of another VLAN definition with a T on that port or if the Trunk Port / Allowed VLAN List is selected then the IDs in that list
E = Exclude
Just what it says it does.
Q = QinQ
- Egress packets: Strip outer VLAN Tag but leaves any inner Tag intact if it exists. If no inner VLAN ID Tag exists because it is just a standard VLAN Tagged packet then the packet becomes an Untagged normal Packet.
- Ingress packets: Encapsulate packet inside a VLAN Tag. If an Untagged packet it simply adds an outer VLAN Tag but if already a VLAN Tagged packet it encapsulates the packet inside another VLAN ID Tag, this is why it is called "QinQ", a packet inside and 802.1Q capsule inside another 802.1Q capsule, get it, QinQ
D = Double Tagged
This is a new feature people asked for and I have not used it but you could do searches on the forums and read about it. You could use advanced search for post by our programer "Eric Stern"
I did a quick search for what the D will do and found this post by the programmer Eric with an example:
viewtopic.php?f=17&t=2357&p=17815&hilit=Double#p17815
You can only have one "U" or "Q" assigned to any one port no matter how many VLANs you define.
Then there is an option called "Trunk Port / Allowed VLAN List" which allows you to specify ranges of VLAN IDs accepted on a port. Trunk port is really an incorrect terminology but we kept it so people used to using the ToughSWITCH UI would feel at home.
Our ingress filtering is specific meaning if you do not specify exactly what a port should except it will reject the packet. Some switch manufacturers will dumb this filter down which allows incorrect configurations to work or at least appear to work but in reality traffic is not properly being segregated which is WRONG and poses security holes but it creates less tech support because to the user it appears to work but in reality it is not segregating all traffic properly they simply think it is working so it must be correct......NOT.
The default or management VLAN is the Top VLAN and can not be deleted. This is the only VLAN that the switch UI / CLI / SNMP / ETC will respond to. You can not delete the default VLAN but you can renumber it (Change the ID) or rename it. You can not make the switch UI/CLI respond to any other VLAN. Some switches allow you to specify which VLAN is the Management VLAN we simply force you to use the top VLAN as the Management VLAN but instead allow you to rename and renumber it's ID which achieves the same ends.
There are many posts on this forums where we discuss VLANs which you can search for and read through but we follow the industry standard so if you understand VLANs the only other thing you need to master is the UI which is pretty straight forward and made simple.
Now since we simplified the UI we did take some granular configuration abilities away but unless you are a master at VLANs you will never need them or understand them anyway and even then if you are a master and fully understand VLANs there are ways to make our UI provides most if not all of those granular abilities.
But everything I just retyped in this post can be found on several other posts throughout our Forum if you simply search for them.
Support is handled on the Forums not in Emails and PMs.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.
Who is online
Users browsing this forum: No registered users and 16 guests