XI. LAN

How do I enable Multiple LAN Subnets or set up VLANs?

Products:
Vigor 2620Ln
Vigor 2762
Vigor 2765
Vigor 2832
Show all

Keywords:
802.1Q
Class B
Inter-LAN
LAN
Show all

How do I set up VLANs / Multiple Subnets on a DrayTek Vigor Router?

Configuring multiple LAN Subnet interfaces on a DrayTek Vigor router requires enabling VLANs (Virtual LAN interfaces) before the additional LAN Subnets can be enabled and utilised. An overview of VLAN tagging and its implementation on DrayTek products can be found here.

Each VLAN on a DrayTek Vigor router is a separate network segment and each of these segments must link to a LAN Subnet available in [LAN] > [General Setup].

Each of the LAN Subnets available is a separate IP Subnet (or Broadcast Domain) which allows individual DHCP configurations for each subnet. These LAN Subnets are distinct from the router's physical LAN ports, the LAN ports all link to the LAN Subnet "LAN1" in the router's default state, though it is possible to configure the router's VLANs to link each physical LAN port to a separate LAN Subnet.


Broadly there are three different VLAN configurations that are commonly used - port based, mixed mode of tagged/untagged operation and tagged only. The desired setup will depend on the specific network requirements, if there are other VLAN aware devices on the LAN and how the LANs are to be separated.

Setup Examples are available for the Port Based VLAN and Mixed 802.1Q configurations to demonstrate all of the steps required to implement VLANs and Multiple Subnets.

As an initial step, it is recommended to set up Port Based VLAN to configure Multiple Subnets, then implement 802.1Q VLAN tagging where required to communicate VLANs between devices such as VLAN capable Smart/Managed switches and Wireless Access Points.

VLAN without tagging / Port Based VLAN

The screenshot below shows a setup where no VLAN tags are required, so that each VLAN corresponds to a physical port or WLAN SSID.

In this configuration each LAN port and SSID will go to a different LAN subnet:

port based vlan

Notice that the "Enable" setting for each VLAN is unticked. If the "Enable" option in the VLAN Tag column is ticked, packets received must have a tag that matches the vlan VID or they will be ignored.

Setup Example 1 (non-WiFi models): Using the DrayTek's VLAN to connect two networks on different IP Subnets

In this setup example, a DrayTek Vigor router that supports Mutiple LAN Subnets is configured to link with the network of an older DrayTek Vigor router that does not support Multiple LAN Subnets, to allow communication between the two networks.

Setup Example 2 (WiFi models): How to set up a Guest Wireless Network on a DrayTek wireless router

In this setup example, a secondary Wireless SSID is configured for Guests to connect to. This Guest network SSID links to a separate LAN Subnet to block Guests from accessing Internal network resources.

 

VLAN with a mix of 802.1Q tagged VLANs and untagged VLANs

In the screenshot below VLAN0 is left untagged while the other VLANs have been set to tagged operation.

This setup means that any LAN port in VLAN0 can communicate with the router without needing to supply a VLAN tag.

Any LAN port that is also a member of a tagged VLAN can also receive tagged packed. In this case, only P1 is a member of both, so if the port receives an untagged packet it will be part of VLAN0 and if it receives a tagged packet it will be a part of VLAN1, VLAN2 or VLAN3 depending on which VLAN ID is matched. The actual subnet that it would be in depends on the subnet that the VLAN is set to.

LAN ports P2, P3 and P4 are in untagged only operation and are configured to be members of VLAN0 so therefore subnet LAN1.

vlan with tagging

Setup Example: How to set up a Guest Wireless Network with Vigor Access Points

The network configuration in this setup example uses 802.1Q VLAN packet tags to communicate with a VigorAP Wireless Access Point.

The VigorAP differentiates between between the Internal LAN Subnet and the Guest LAN Subnet by tagging packets from the Guest SSID, which are then interpreted by the Vigor router to link Guest clients to the Guest LAN Subnet and block Guests from accessing Internal network resources.

Tagged only 802.1Q VLAN Configuration

In tagged only operation (where there are no LAN ports that are members of un-tagged vlans), the router will only accept traffic from devices (PC's, Switches, Phones) that specify the VLAN tag.

Any device that does not send a vlan tag would not be able to communicate with the switch. It is typical in this setup to connect 802.1q VLAN aware switches and control which VLAN a PC is a member of via the port configuration on the switch.

In the example configuration below each port works will accept tags from any of the 4 VLANs because each port is a member of every VLAN. The Subnet that the device would be a member of depends on which VLAN ID tag it sends. The VLAN that the SSIDs are members of are controlled using the check boxes (in the example SSID1 is in VLAN0, SSID2 is in VLAN1 and so on)

tagged only


How do you rate this article?

1 1 1 1 1 1 1 1 1 1