So I’ve searched the forum and wiki, and found similar setups, but nothing that points me in the right direction to get this to work. Any help is greatly appreciated, and I’ll preface it by saying it might be impossible due to switch hardware limitations. Here’s the setup:
Two different ISP uplinks (P2P wireless & DSL for failover) → RB433 (eth1 & eth2 respectively) → Eth3 10.0.0.0/24 Office LAN → Port 1 Netgear GS724T switch (supports 802.1Q vlans) for server room/backend (out port 24) → port 1 Netgear GS748T (also 802.1Q capable) switch (office computers/VoIP phones)
The goal is to create a vlan on eth3 (tag vlan2) with DHCP (10.0.10.0/24) and assign that vlan2 tag to the voip phones so that they can be hot-plugged into the network, regardless of ports, get an IP on a separate subnet, then do QoS on the vlan subnet for call quality. I can get the phones to pull addresses from eth3 if I plug them directly in, but as that is my main uplink for the network, I need the 100.0.0/24 and the 10.0.10.0/24 subnets to share port 1 on the Netgear 24-port. However, from the Netgear manual example for 802.1Q vlans:
Example
This example demonstrates several scenarios of VLAN use and how the switch will handle Tagged
and Untagged traffic.
- Setup the following VLANs: VLAN 10, 20.
- Configure the VLAN membership. Be sure to set all of them as follows.
• Setting up first VLAN group, VLAN ID = 10:
• Setting up second VLAN group, VLAN ID = 20:- Modify PVID Setting to apply previous two VLAN groups: Modify Default VLAN group
(VLAN ID = 1) to apply two new VLAN groups:
The specific ports above have the following Port VLAN ID settings:
Smart Switch Series Software Manual
IEEE 802.1Q Virtual Local Area Network (VLAN) B-3
July 2005
• Default VLAN: Port 7 – Port 26 (all U), VID = 1
• VLAN 1: Port 1 (U), Port 2 (U), Port 3 (T), VID = 10
• VLAN 2: Port 4 (U), Port 5 (T), Port 6 (U), VID = 20.- The following scenarios will produce results as described below:
(1). If an untagged packet enters Port 1, the switch will tag it with a VLAN tag value 10. The
packet will have access to Port 2 and Port 3. The outgoing packet will be stripped away its tag
becoming an untagged packet as it leaves Port 2. For Port 3, the outgoing packet will leave as
a tagged packet with a VLAN tag value 10.
(2). If a tagged packet with a VLAN tag value 10 enters Port 3, the packet will have access to
Port 1 and Port 2. If the packet leaves Port 1 and/or Port 2, it will be stripped away its tag
becoming an untagged packet as it leaves switch.
(3). If an untagged packet enters Port 4, switch will tag it with a VLAN tag value 20. The
packet will have access to Port 5 and Port 6. The outgoing packet will be stripped away its tag
becoming an untagged packet as it leaves Port 6. For Port 5, the outgoing packet will leave as
a tagged packet with a VLAN tag value 20.
This seems to say that vlans always have to be on separate ports? So isn’t this just port-based vlans, and not 802.1Q? Can I have port 1 assign vlan tag 1 for untagged packets, but pass vlan2 tagged packets along with their tag intact so the phones/vlan2 on the router can talk?
I realize this is quite possibly a better question for Netgear’s support forums, but I’m new enough to vlan setup that I think I might be configuring it wrong on the MT, and anyway, the readers of this forum are way smarter than the average person on the Netgear support forums. 
