Hi folks,

I'm hoping someone can confirm whether I've done the right thing when I set up my Vigor 2830vn with two vlans and tagging for both.

I've spent the last 3 days trying to make this work and I'm almost there but it hasn't been as straight forward as I would have expected.

The configuration (only 2 vlans setup)
Vlan 1: ==> Draytek ports 1 to 3 are on vlan 1 and have their own configured DHCP addresses (vlan tag 1)
Vlan 4: ==> Draytek port 4 is on vlan 4 and has it's own configured DHCP addresses (vlan tag 4)

I have a planet switch that supports vlans and tags (port based and 802.1Q)

I have port 11 on the planet switch configured for tagged vlan 1 and the switch port connects to port 2 on the draytek (also tagged vlan 1).
I have port 7 on the planet switch configured for tagged vlan 4 and the switch port connects to port 4 on the draytek (also tagged vlan 4).
All other ports on the switch are untagged but allocated to one of the two vlan ids.

However, it seems that vlan 1 can ping the ip address of the router for vlan 4 (not the other way around though thankfully). I was expecting them both to be isolated as I don't have routed subnet set as far as I know.

---

so question:
1) How do I completely separate the two vlans so neither can ping the other?

---

Further observations ==> Is this correct behaviour?

If I connect my laptop directly to any of the ports on the draytek before setting up vlan tagging I will correctly be allocated a DHCP address for the default IP range so in the case above ports 1 to 3 would give me the IP address for vlan 1 and port 4 would give me the correct ip address for vlan 4.

However, when I activate the vlan tags this behaviour stops and I can't get a DHCP address assigned directly from the ports on the draytek I have to connect the switch to draytek as described above (switch port 11 to draytek port 2 and switch port 7 to draytek port 4). This is true for both vlans.

---

so question:
Can someone confirm if this is as expected and I that it is correct to have to set up two separate trunk lines (one for each vlan)?

---

yes that is expected.
When you create the VLANs you will be able to ping the Gateway IP on each VLAN from either VLAN.
Unless you enable inter-VLAN routing you will not be able to ping anything else.

Unless you have a default (management) VLAN then what you describe when you plug in your Laptop is also the right behaviour as you Laptop will not be tagging unless you tell the NIC to do so (if the option is even available)

Hi that's great to know,

thanks for answering this.

just to clarify your first answer both the vlans should be able to ping the gateway dhcp ip addresses for the other vlan is that correct?

So if vlan 1 one gateway is 192.10.150.2 and vlan 2 gateway is 192.10.10.2 I should be able to ping both of these addresses from either gateway?

thanks again for any help

bubble wrote:
So if vlan 1 one gateway is 192.10.150.2 and vlan 2 gateway is 192.10.10.2 I should be able to ping both of these addresses from either gateway?

Yes as they are effectively the same.

I'm not a regular user of the forum is there a way to mark your answer as the one that solves the issues and finishes the thread?

thank you so much

bubble wrote: I'm not a regular user of the forum is there a way to mark your answer as the one that solves the issues and finishes the thread?

thank you so much

Its ok no problem - You could just change the Title to SOLVED