I'm trying to create two separate networks spanning two switches using a single connection between the switches (Netgear GS108Ts). It seems like the way to do this is to setup 2 identical VLANs on each switch and use the default switching to ferry communications for both of them between the switches. This has not been quite as simple as I envisioned...

I started by connecting both switches (using port 7 on both), just to verify that the switches were functional (they appear to be).

I then configured both switches as follows:

  1. Assigned a static IP addresses in one network's subnet (I think this is necessary as I can't find a way to tell the switches which network to get their addresses from)
  2. Added 2 new VLANS: Internal (VLAN ID 4) and External (VLAN ID 5)
  3. Set port 1 to "Tagging" for the External VLAN
  4. Set ports 2-6 to "Tagging" for the Internal VLAN
  5. Changed ports 7-8 from "Untagging" to "Autodetect" for the Default VLAN
  6. Set PVID to 5 and "Ingress Filtering" to "Enable" for port 1
  7. Set PVID to 4 and "Ingress Filtering" to "Enable" for port 2-6

At this point, I have not tested the External VLAN, but devices on the Internal VLAN have lost access to each other (even to other devices on the same switch). I suspect that I've misunderstood either "Tagging/Untagging" or "Ingress Filtering", but I'm not sure which, or what to do about it.

We can assume that none of the devices attached to the switches support VLANs, so the switches need to manage all of the tagging. Also, each of the VLANs will have it's own router, which will provide DHCP.

Any suggestions on how to configure this properly would be appreciated.

1 Answer 1


I am not familiar with the particular Netgear switch, but I know exactly how VLAN tags work. You need the ports between the switches to be tagged for both VLANs, and all other ports untagged. If I understood your setup correctly, the following is what you need:

  1. Port 7 should belong to, and tagged for both VLANs 4 and 5.
  2. Port 1 should simply belong to VLAN 5.
  3. Port 2~6 should simply belong to VLAN 4.

You shouldn't have to change any other default settings.

Also a few things aren't clear:

  1. Do you wish to aggregate ports 7 and 8? If so, the trunked interface should be added to, and tagged for both VLANs 4 and 5.
  2. I would be very surprised that you aren't able to choose which interface to perform DHCP request on. When you enable DHCP on the switch, do you not have to choose a VLAN to enable it on?
  • That all seems to make sense (I'll accept once I've tried it). The intent is to aggregate ports 7 and 8, once I have this working, but I wanted to get the theory right before tackling that. There is a "Management VLAN ID" field on the IP Configuration page, but I'm fairly certain that's for identifying which VLAN is allowed to administer the switch.
    – Allan
    Commented Feb 25, 2013 at 1:45
  • The cross-connect between the switches should be a trunk port, whatever the butchered netgear GUI terminology for that is. Commented Jun 29, 2013 at 5:08

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .