Just setup EdgeRouter X + 2x GS305E netgear switches

[MythicFrost]

Hi,

I have just made the switch from my consumer router to the EdgeRouter X + 2x GS305E netgear switches. I used the wizard to setup WAN+2LAN2 and replaced default user with new admin, enabled offloading for hwnat.
I'm still learning about this stuff but have been following a lot of advice here / YT tutorials on setting them up.

This is a diagram of what I've done:



Everything appears to be working, besides the fact that I am unable to access Switch 1. Internet over WiFi and ethernet for the Desktop pc is working fine.
I can still access Switch 2's web interface so I must have made a mistake on the first.

• Port 3 & 4 on the router are unused for now, so I included them on VLAN10.
• I have setup DNS and DHCP for each of the VLANs.

Should ETH port #1 on Switch 1 be tagged since it is connected to a WAP?
Does this setup look OK? Would appreciate any advice.

I'm currently reviewing firewall tutorials to make sure I'm not missing anything important.

Cheers,
M

 

[iwanttosee]

On your Desktop PC, can you ping switch 1?

 

[MythicFrost]

On your Desktop PC, can you ping switch 1?

No, I was unable to ping it. I'm about to attempt resetting to factory defaults. I'll then try to set it up again like I did with switch 2 because that one didn't have the problem.

 

[iwanttosee]

Backup the configuration file on switch 2, then, disconnect switch 1 from router, restore the configuration onto switch 1, then change the IP and vlan info on switch 1 then try again.

 

[MythicFrost]

Good idea! I've backed up the configuration and I'm trying to restore it now onto Switch 1.

 

[DG99]

What did you setup for the PIVD on the ports? Did you enable any trunking?
For what you are try to setup from your diagram, you would be better off make port 5 a separate network and get rid of the vlans and running 2 lan networks.
The way you have it set now is the not correct for vlan networking. If setup correctly you configure all port on switch1 or 2 can belong to any vlan group.

 

[MythicFrost]

I just realised that my VLAN settings for Switch 2 did not apply which may explain why it was able to be pinged.

What did you setup for the PIVD on the ports? Did you enable any trunking?

PVID 10 for all the ports on Switch 1.

So I enabled tagging on the 5th port on Switch 1 (this connects to ER-X) -- I thought this was trunking... am I mistaken?

For what you are try to setup from your diagram, you would be better off make port 5 a separate network and get rid of the vlans and running 2 lan networks.
The way you have it set now is the not correct for vlan networking. If setup correctly you configure all port on switch1 or 2 can belong to any vlan group.

I thought by using the Managed Switches I could isolate traffic at the Switch level rather than have the router worry about it. Is that incorrect?

Essentially my goal is to have Switch 2 to be unable to access the internet/LAN but still get NTP from the ER-X. Switch 1 should be able to access everything.

 

[DG99]

Trunk on the uplink from switch 2 to router.
a trunk port is required to forward multiple vlans between switches. each ethernet frame is tagged with vlan membership. The trunk port is configured with 802.1q encapsulation to carry the vlan membership in an Ethernet frame.

I thought by using the Managed Switches I could isolate traffic at the Switch level rather than have the router worry about it. Is that incorrect?
Your switch is not a router, port configured on different vlan on switch do NOT communicate to each other, in your case the router would have to do the communication from vlan 10 to vlan 20.
If you are running camers this can cause a big load on your router cpu.
In most business setup you would install layer 3 switch than can do routing between vlans and not have to send traffic to the router for translation.

 

[MythicFrost]

I see. For each switch I have set one port to 'T' which connects to the router.

Right, that makes sense. I'll see how the router handles things once I've got the cams setup later, happy to update my setup if needed.

I'm getting something wrong. As soon as I enable VLAN on the Switch it stops my desktop from connecting to the internet.
In ER-X, Vlan aware is ticked, and eth1 and eth4 are ticked with respective values of 10 (Home) and 20 (Cams).

In my Switch 1 (Home),
Vlan config is:
Vlan 1 (T, B, B, B, T)
Vlan 10 (T, U, U, U, T)

PVID on VLAN 10 for port 2, 3, 4 is 10. Port 1 and 5 have an ID of 1.

Hoping someone can spot my mistake(s).

EDIT: May have got something working.

In the interface for switch0 for eth1 I had put PVID 10 instead of 1, and didn't put 10 & 20 for the VID.
As soon as I did that everything stopped working. Connected directly to switch to enable VLAN

Vlan 1 (U, B, B, B, U)
Vlan 10 (T, U, U, U, T)

PVID of 1 for port 1 & 5, PVID of 10 for port 2,3,4.

Things seem to be working now.