How do I provide Internet Access to both of my VLANS?

Question

I have a TP-LINK T1600G-28TS, and I have 2 different VLANS (10.0.0.0/24 ID 101 and 10.1.1.0/24 ID 102), their IP addresses are defined by the switch's DHCP server. This part is working fine, I can see other devices in the same VLAN, and can't see when they are in different VLANS. I changed the PVID of the ports to their related VLANS.

My need is to provide internet access to both VLANS, using a single port, on this port, I created a third VLAN (ID 200), connected a cable that comes from my gateway server (192.168.10.254) but I don't know how the ports are supposed to be configured (TAGGED, UNTAGGED, ETC), also if I need to make any routes for them, or if I'm missing anything.

INTERFACES:

IP ADDRESS MODE: STATIC IP ADDRESS: 10.0.0.1 MASK: 255.255.255.0

---

IP ADDRESS MODE: STATIC IP ADDRESS: 10.1.1.1 MASK: 255.255.255.0

---

IP ADDRESS MODE: DHCP IP ADDRESS: 192.168.10.140 MASK: 255.255.255.0

Answer 1

Do you have a switch with the routing capability? If yes, you need to turn on routing between VLANs. If no, you need an additional router with one interface connected physically to VLAN 101 (and having an IP address from that subnet), and other interface similarly to VLAN 102. That router must not do NAT.

Also, you probably don't need the third VLAN 200. You just need to give your gateway an IP address belonging to one of your VLANs - let it be 10.0.0.254 - and connect it physically to that VLAN (warning: you must turn off DHCP either on switch or on gateway, as you can't have two DHCP servers in the same network segment). Devices in VLAN 101 need to have 10.0.0.254 set as their default gateway, and devices in VLAN 102 need to have whatever will be the router's IP address on that VLAN (or the internal switch IP address belonging to that VLAN if you are able to turn on routing on switch) - say 10.1.1.254. Also the router/switch itself needs to have the default gateway set to 10.0.0.254.

If you want to keep 192.168.10.254 as your gateway IP address, then it's a bit more complicated - especially if you will be using external router, it needs to have three (and not two) separate interfaces.

As for tagged/untagged ports, if everything inside VLANs is working for you now (as you write), don't change anything. I guess you're probably using untagged ports right now, because that doesn't require any changes from the device side. If you use tagged VLANs on a port, then the device you connect to that port must also understand VLAN tagging and have the same VLAN IDs configured.

Answer 2

You need to create a trunk port

Port Configuration:

1. On the port connected to your gateway server (let's say Port X), you need to configure it as a "Trunk" port.
2. Set PVID of Port X to the VLAN ID 200 (the new VLAN you created for internet access). On Port X, set VLAN 101 and VLAN 102 as tagged (T) to allow traffic from both VLANs to pass through this port.
3. On the ports connected to devices in VLAN 101 and VLAN 102, set the PVID for each port to their respective VLAN ID (101 and 102).
4. Leave VLAN 200 as untagged (U) on Port X because this is the VLAN used to connect to your gateway server.

And setup routing to allow traffic between VLANs 101 and 102 and the internet through VLAN 200. And create a default route on the switch to forward internet-bound traffic to your gateway server (192.168.10.254).