Can explain vlan? Canāt understand the settings. Much appreciatedMore importantly to learn the concept of Vlan, understand its attributes and behavior , you will benefit it for life.
there are tons of material available with the keyword search of "vlan".
You will always find it too abstract to understand , hand on reflection approach is the best way to understand more. Through experiment, i can only understand some of them.
Fundamental building block of Vlan
1) Vlan ID & Vlan name (Only used for high level identification ,not used for switching logic)
-Define group membership of a combination of Ports
Network Switch will do packet forwarding to its members ports based on the receiving Port's PVID.
E.g Untagged Incoming packets to Port 1( and its PVID=100) ,outgoing packet will be forwarded to Vlan group ID=100, Therefore packet will be forwarded to Port 2 & 8 since they are members of Vlan ID=10.
2) Port PVID .
Untagged packets entering a port ,will be routed to Vlan group specified in the Port's PVID.
Application: send packets among the same Lan Group within the same router's subnet
Function like unmanaged port usage .
E.g Define VID ( Vlan iD) =100, member Ports:4,5,6 &7. all untagged
PVID=100 for Port 4,5,6 & 7. Doing this will make Port 4-7 behave like un-managed switch for these few ports.
3) Tagged Port
Tagged packets with Port's PVID=1, this literally becomes a generic network trunk used to carry mixed of Vlan signals (tagged or untagged).
Vlan group with Tagged Port and Untagged Port
Application: Replaced Vlan tagged Router with with generic Router that does not support tagged frames .
Example of Singtel Internet vlan group of VID=10 with Port 1(tagged) & 2(untagged) .
Using 2 Ports ,one tagged with PVID=1, and the other untagged with PVID 10
Tagged Port 1 with PVID=1, this port allows tagged frames to pass through and retains its tag. PVID=1 is a wildcard trunk that allows all signal to pass
Untagged Port 2 with PVID =10 will allow tagged signal of VID=10 to come in and later strip off the vlan tag before sending it over to the connecting device that does not understand vlan.
Above 2 mechanism enabled use of Non Singtel Router to receive normal network packets
Observation
Tagged Port with matching PVID will only accept signal with same VID tag to come in
Learnt through Applications with combinations of Vlan settings
-VID ( Vlan ID) defines logical ports grouping.
=> Always plan your network grouping with Vlan group definition
-Switching logic is jointly determined by the PVID of a port ,Vlan grouping
-Combinations of tagged ,untagged Ports help to perform filtering function
=> Enable use of Non Vlan supported router be used on Network with vlan tagged system.
-Combination of untagged ports with common PVID across ports forms generic
unmanaged network switch for that vlan group
Combination of tagged Port with wildcard PVID=1 serves as trunk for multiple vlan sources.
Reading posts here..mostly stuck with Single Lan point to living hall with no return line to loop back to DB for further distribution.
There is one solution that you dont need to lay extra cable yet able to loop back for further distribution without much suffer on bandwidth ( up to 1 GB Full duplex).
By using 2 managed switch, you can achieve this goal .
1. ONT -> Managed Switch 1(MS1) => Network truck with single LAN cable to link to Managed Switch 2 => Living Hall Router & its LAN Port loop back to MS2 switch to be routed back to MS1 LAN Port for other rooms distributions.
MS1 Setup
- 1 Trunk Port ( ONT -> MS1-Trunk Port -> MS2 -Trunk Port-> Router WAN Port
- VLan grouping based on ISP vlan settings
-Define Vlan Group for Other rooms distribution, Vlan-InterLAN
MS2-Setup
-Dedicted TrunkPort to route traffic from MS1 and To MS1
-Vlan group for Router WAN Port & Trunk
-Vlan group ports for Router's LANPORT to MS1 Lan Ports- Vlan -InterLAN
Since the only physical LAN has full duplex bandwidth of 1GBps Up and 1 GBps Down.
Since the internet application mostly download more than upload. With assumption of 9:1 Ratio of Download /Upload (Mainly for signal acknowledgement) .
You will have 900Mbps for download bandwidth and 100 Mbps for uplink acknowledgement.
Single Trunk have 2 lanes of Download link(DL) and 2 lanes of UpLink (UL)
Download Link Signal
1.Internet ->ONT ->Trunk MS1 (Trunk of 2 lanes download) -> MS2 ( 2 Lanes of receiving ) to Router WAN
2. LAN Ports from MS1 Network will use the same DL lanes to transfer signal back to Router's Lan Port.
*This uplink signal ration should be around 10% of Internet incoming traffic
Uplink Path
1) Wan Out from Router to ONT to Internet
10% of Downlink traffic
2) Network traffic From Router's LAN Port ( MS2 ) to MS1-LAN download traffics
Since this is internet download, you still have 90% bandwidth or 900 Mbps.
I have ordered 2 managed Switch from Amazon with trunk capability to experiment this concept. I should be able to share more after getting the switches from Amazon. $120 project...
This concept is not new, it is documented by many network switch makers.
One of the more easy to understand concept is found at Mikrotek wiki page.
Update(31 Dec 2017)
Adding validated Setup Diagram
Does this potentially expose all the LAN traffic to the WAN side?
HMAN, thank you for this detailed writeup. I was searching all over the web for something like this as i need to place my router away from the DB but only have 1 LAN cable in between.
Have a question though - do you know if there are any security implications? I'm not very familiar with this but my understanding is that normally, the router / firewall sits immediately after the ONT so there is some clear delineation and protection between LAN and WAN but in this case, the router/firewall sits behind both switches. Does this potentially expose all the LAN traffic to the WAN side?
thanks.
Reading posts here..mostly stuck with Single Lan point to living hall with no return line to loop back to DB for further distribution.
There is one solution that you dont need to lay extra cable yet able to loop back for further distribution without much suffer on bandwidth ( up to 1 GB Full duplex).
By using 2 managed switch, you can achieve this goal .
1. ONT -> Managed Switch 1(MS1) => Network truck with single LAN cable to link to Managed Switch 2 => Living Hall Router & its LAN Port loop back to MS2 switch to be routed back to MS1 LAN Port for other rooms distributions.
MS1 Setup
- 1 Trunk Port ( ONT -> MS1-Trunk Port -> MS2 -Trunk Port-> Router WAN Port
- VLan grouping based on ISP vlan settings
-Define Vlan Group for Other rooms distribution, Vlan-InterLAN
MS2-Setup
-Dedicted TrunkPort to route traffic from MS1 and To MS1
-Vlan group for Router WAN Port & Trunk
-Vlan group ports for Router's LANPORT to MS1 Lan Ports- Vlan -InterLAN
Since the only physical LAN has full duplex bandwidth of 1GBps Up and 1 GBps Down.
Since the internet application mostly download more than upload. With assumption of 9:1 Ratio of Download /Upload (Mainly for signal acknowledgement) .
You will have 900Mbps for download bandwidth and 100 Mbps for uplink acknowledgement.
Single Trunk have 2 lanes of Download link(DL) and 2 lanes of UpLink (UL)
Download Link Signal
1.Internet ->ONT ->Trunk MS1 (Trunk of 2 lanes download) -> MS2 ( 2 Lanes of receiving ) to Router WAN
2. LAN Ports from MS1 Network will use the same DL lanes to transfer signal back to Router's Lan Port.
*This uplink signal ration should be around 10% of Internet incoming traffic
Uplink Path
1) Wan Out from Router to ONT to Internet
10% of Downlink traffic
2) Network traffic From Router's LAN Port ( MS2 ) to MS1-LAN download traffics
Since this is internet download, you still have 90% bandwidth or 900 Mbps.
I have ordered 2 managed Switch from Amazon with trunk capability to experiment this concept. I should be able to share more after getting the switches from Amazon. $120 project...
This concept is not new, it is documented by many network switch makers.
One of the more easy to understand concept is found at Mikrotek wiki page.
Update(31 Dec 2017)
Adding validated Setup Diagram
It will work for other ISP where internet does not come with vlan, with some modifications:Hi, may I know whether this will work for users whose internet does not come with vlan. I am planning to do this in my future bto with 2 dumb switches to put my router and ap out of the dB box.
Tks for the advice as I am a networking noob.
It will work for other ISP where internet does not come with vlan, with some modifications:
1) the db switch sw2, port 2 egress (outgoing back to the ONT), has to be untagged. port 2 on sw1 is not used but should be untagged as well.
2) vlan 20 is not used if you don't have iptv so don't need to configure it
3) port 8 on both switches can join vlan 100 if you don't have iptv
Yes, smart switches are still needed because the trunk (port 1 of both switches) carries the 2 vlans for wan and lan.So I still have to use smart switches and do configuring? I was thinking to just use dumb switches to link the ont to the router and ap in the living room.
My Republic subscriber here.
Tks for the help.
Yes, smart switches are still needed because the trunk (port 1 of both switches) carries the 2 vlans for wan and lan.
You need to buy the Switch back ,at least a pair to start exploring and also read the Switch Manual carefully, it is using concise English to describe rather than putting down illustrations to explain the case. It is more of testing of your understanding on the language than describing things in Engineering way.
A few points to take note
1) Each brand of Managed Switch used slightly different deployment topology on Trunking.
-Cisco is using a clearer way to manage the Trunk for multiple Vlan
-TP-Link, Multiple way depends on Managed Switch classes.
[*]-For Easy Managed SG105/8E , it takes away most settings to make it EASY but more confusing.
[*]-The Switches described in the Starhub threads are a better class of TPLink switch which give clear control on Multiple Vlan trunking
With reference to your drawing
Use case Assumptions
1.On Starhub Fibre with Multiple IPTV at remote locations
2. Use Single Cable Trunk to carry IPTV & After Router's LAN to multiple locations.
3. TP-link SG105/8E Easy Managed switches are used.
4. Just my assumptions, Not familiar with Starhub actual Vlan ID.
-IPTV Vlan ID:1091, Signal from ONT Port-2
-Internet -> No Vlan ID, Signal from ONT Port-1
My Proposal
1. Your Vlan Topology should be simplified to 2 types
- -IPTV , use the exact Vlan ID:1091
- - After Internet Gateway(Router) Internal network signal distribution for Access Point( AP) and Ethernet ports usage
Use Vlan ID:100, avoid using Vlan ID:10 (this is known signal for Singtel Internet)
The 3rd Vlan20 is redundant for your application with Wan directly connected to the ONT.
On DB SW1
-2 Trunking by Port 1 & 8 to carry all signals (IPTV and after gateway
Vlan 1091 : Tagged Port 1,2 & 8
Vlan 100: Tagged Port: 1,8, & Untagged: 3-7
Port PVID settings-Very Important , you must set correctly
Port 1,8 PVID=1
Port 2, PVID=1091
Port 3-7, PVID=100
On Living Room SW2 & SW3
Vlan Settings
Vlan ID :1091, Tagged Port 1, tagged: *Port 2
*Port 2: Tagged or Untagged ? is really dependent on IPTV Settings, if the IPTV Server is expecting tagged Frame on return , then Port 2 output should be tagged. Just experiment on this to find out.
*Singtel IPTV itself, Untagged Port settings is used, signal going back to server is without tagged frame.
Vlan ID:100, Tagged Port-1, Untag Port 3-5
Port PVID Settings
Port 1: PVID=1
Port 2: PVID=1091
Port 3-5, PVID=100
You need to set the 802.1P QoS Priority Settings, try using the auto configuration with 802.1P QoS setting
Notes on TP-Link switch FW bugs
1. Try applying Save configurations after completing the full setup.
-There are bugs in the FW that only save configurations once.
2. Clicking applying change of settings is only effective for current power cycle, you need to use the external Save Configurations to really write to Flash memory.
3. It is always good to use backup configuration to File to backup known good working configuration. Anything wrong you can restore to good working point.
4. Validate Switch retaining last settings after power cycling . I found the switch sometimes does not save your last applied settings..
-Wasting many hours to figure out this stupid bugs
I managed to find a network splitter , you will need a pair to work.
No need to use the managed switch or configure.
So far using it for a month, no issue.
Reading posts here..mostly stuck with Single Lan point to living hall with no return line to loop back to DB for further distribution.
There is one solution that you dont need to lay extra cable yet able to loop back for further distribution without much suffer on bandwidth ( up to 1 GB Full duplex).
By using 2 managed switch, you can achieve this goal .
1. ONT -> Managed Switch 1(MS1) => Network truck with single LAN cable to link to Managed Switch 2 => Living Hall Router & its LAN Port loop back to MS2 switch to be routed back to MS1 LAN Port for other rooms distributions.
MS1 Setup
- 1 Trunk Port ( ONT -> MS1-Trunk Port -> MS2 -Trunk Port-> Router WAN Port
- VLan grouping based on ISP vlan settings
-Define Vlan Group for Other rooms distribution, Vlan-InterLAN
MS2-Setup
-Dedicted TrunkPort to route traffic from MS1 and To MS1
-Vlan group for Router WAN Port & Trunk
-Vlan group ports for Router's LANPORT to MS1 Lan Ports- Vlan -InterLAN
Since the only physical LAN has full duplex bandwidth of 1GBps Up and 1 GBps Down.
Since the internet application mostly download more than upload. With assumption of 9:1 Ratio of Download /Upload (Mainly for signal acknowledgement) .
You will have 900Mbps for download bandwidth and 100 Mbps for uplink acknowledgement.
Single Trunk have 2 lanes of Download link(DL) and 2 lanes of UpLink (UL)
Download Link Signal
1.Internet ->ONT ->Trunk MS1 (Trunk of 2 lanes download) -> MS2 ( 2 Lanes of receiving ) to Router WAN
2. LAN Ports from MS1 Network will use the same DL lanes to transfer signal back to Router's Lan Port.
*This uplink signal ration should be around 10% of Internet incoming traffic
Uplink Path
1) Wan Out from Router to ONT to Internet
10% of Downlink traffic
2) Network traffic From Router's LAN Port ( MS2 ) to MS1-LAN download traffics
Since this is internet download, you still have 90% bandwidth or 900 Mbps.
I have ordered 2 managed Switch from Amazon with trunk capability to experiment this concept. I should be able to share more after getting the switches from Amazon. $120 project...
This concept is not new, it is documented by many network switch makers.
One of the more easy to understand concept is found at Mikrotek wiki page.
Update(31 Dec 2017)
Adding validated Setup Diagram
Just get a tplinl tl-sg105e or tl-sg108e. Its only sgd$35 from cybermind sls (pc show).. Contrary to what others say, this switch can set vlan priority4 for iptv if u look at the settings properly. I can pm config, it works v well
Pc show booth operated by cybermind from sls. Not sure if u buy from sls cybermind can get same low price or not lolshare config here.
you go cybermind sls to get or pcshow ?