0

I own:

  • 3 switches (layer 2, managed, 24 ports) model Zyxel GS1920-24HP
  • 1 router model Zyxel USG 310

My network is segmented into 10 VLANs (1, 2, 3, 4, 5, 6, 7, 8, 10, 11), the central router routes packets between different VLANs (passing from an SPI firewall), from VLANs to Internet and vice versa (passing from an SPI firewall) and from VPNs to some resources on VLANs and Internet. Each VLAN has a subnetmask of 255.255.255.0 with netrange 192.168.X.0 / 24, where X is the VID specific to the VLAN, the router have always address 192.168.X.1 on each VLAN.

Switch1 is located in a second room, while the other 2 in the central rack, where the router is also located.

Switch1:

  • connected devices: VLAN5
  • switch management: VLAN1
  • network communication ports: 2 Gb in LAG

Switch2:

  • connected devices: VLAN2, VLAN3, VLAN4, VLAN6
  • switch management: VLAN1
  • network communication ports: 2 Gb in LAG

Switch3:

  • connected devices: VLAN1, VLAN5, VLAN7, VLAN8, VLAN10, VLAN11
  • switch management: VLAN1
  • network communication ports: 2 Gb in LAG

Router:

  • port1: bridge VDSL2 modem (PPPoE session to Internet)
  • port2: bridge VDSL2 modem (PPPoE session to Internet)
  • The 2 PPPoE sessions are independent and serve different VLANs.

The only VLANs that are replicated in multiple switches are: - VLAN1 which is used to manage the switches from their administration interfaces - VLAN5 which has only 1 device not connected to the switch1 but to the switch3 (for logistic reasons of wiring).

I have two different connecting solutions:

Solution1:

  • switch1 LAG1 -> switch3 LAG1
  • switch2 LAG1 -> switch3 LAG2
  • switch3 LAG3 -> router LAG1

Advantages: The router has on the LAG1 port the 10 VLAN interfaces and don't create VLANs interfaces replication.
Example) LAG1/1, LAG1/2, LAG1/3, LAG1/4, LAG1/5, LAG1/6, LAG1/7, LAG1/8, LAG1/10, LAG1/11
Disadvantages: This solution increase network traffic and latencies because if a VLAN2 device connects to a VLAN3 device the connection follow this flow:
switch2 -> switch3-> router -> switch3 -> switch2.

Solution2:

  • switch1 LAG1 -> router LAG1
  • switch2 LAG1 -> router LAG2
  • switch3 LAG1 -> router LAG3

How can I configure the same VLANs on different LAG ports?
Example) LAG1/1, LAG1/5
LAG2/1, LAG2/2, LAG2/3, LAG2/4, LAG2/6
LAG3/1, LAG3/5, LAG3/7, LAG3/8, LAG3/10, LAG3/11

Which solution should be adopted?
Thanks,
Berto.

Thomas
  • 4,155
  • 5
  • 21
  • 28
Bertanza
  • 1
  • LAG = link aggregation group - unless you're also aggegrating links, LAG trunks and VLAN trunks are two completely different things. – Zac67 Jan 29 '18 at 12:17
  • I can configure VLAN trunks on LAG ports, the router supports combined ports in LAG as single LAN port. My problem is configure same VLAN interface on multiple LAG ports. – Bertanza Jan 29 '18 at 14:00
  • Without a diagram this wasn't clear - in a LAG, ports have the same VLAN config. Actually, a diagram would really help. – Zac67 Jan 29 '18 at 17:36

1 Answers1

0

The difference of your two solutions seems to be whether either switch3 or the router is the central hub.

The better solution is the one where less hops are required for the majority of your network traffic. So, assuming that your internal traffic is more than your WAN traffic, I would prefer solution1. Additionally, switching is best done on a switch, not a router (of course, this distinction is significantly blurred nowadays).

PS: The USG 310 doesn't seem to support "port grouping" which I guess is referring to a switch group - definitely solution1.

Zac67
  • 8,639
  • 2
  • 10
  • 28
  • the switches are layer2 not layer3 for vlan routing. The router routes packets between vlans and wans. usg310 supports Link Aggregation group for lan ports. – Bertanza Jan 29 '18 at 18:20
  • with port grouping can i assign same vlan interface to different phy/lag ports?! – Bertanza Jan 29 '18 at 18:31
  • Looking at the manual ftp://ftp.zyxel.com/USG310/user_guide/USG310_V4.11_Ed1.pdf , the USG310 doesn't do (switch) grouping nor LAG trunking as it seems. – Zac67 Jan 29 '18 at 19:04
  • ftp://ftp.zyxel.it/guide/usg/guide_next_gen_usg_firmware_4/next_gen_usg_link_aggregation.pdf – Bertanza Jan 30 '18 at 09:24
  • A more recent manual ftp://ftp.zyxel.com/USG310/user_guide/USG310_V4.30_Ed1.pdf confirms LAG are possible. Usually, a LAG requires all member ports to share the same VLAN configuration. I can't make this out in the manual however. – Zac67 Jan 30 '18 at 12:13