In article , wrote: :To be more specific, here is my actual scenario.
:Inside the rig they have three pc's hooked up to a :netgear hub.
:What I want to do is to create a vlan for the pacs servers, etc, and I :would like the outside rig's hub to be tagged in that vlan. Is that :possible with their existing equipment?
Dunno, you didn't say which model of Netgear hub.
DG834G DM602 DS104 DS106 DS108 DS116 DS309 DS508 DS516 DS524 EA101C EA201C EN104 EN104TP EN106TP EN108 EN108TP EN116 EN308 EN308TC EN516 EN524 FA101 FA120 FA310TX FA311 FA331
The EN10x* series have automatic partitioning to protect against "jabber", which you would not have on a simple multi- port repeater, as a plain repeater would not know or care where a frame started or ended. Therefore at least some of the Netgear hubs have ideas about what a valid packet length is, so there is the possibility that some of the won't like the extra packet length due to vlan tags.
There is a relatively simple work-around to this: you could slightly lower the MTU on the link. That might end up creating a lot of fragments, though, which is not good for performance.
:The Rig is not ours; it's a third party vendor - a PET scanner to :be exact.. Inside the rig they have three pc's hooked up to a :netgear hub.
My advice would be to get rid of the hub and replace it with a switch that supports 802.1Q. But is the hub even really involved? You mentioned they have a router at that end. You aren't going to get the PC's at that end to support VLAN tags themselves, so something is going to have to strip off the VLAN tags: that would be the router, and that router should be strictly between you and the hub.
If the 3rd party won't agree to install a switch, then they aren't going to agree to you wanting to reconfigure the router to support
802.1Q. Does their router even -support- 802.1Q itself?
A possibly easier approach would be to put in a simple switch between your router and your link to them. The switch will act as a traffic filter, leaving all the cross-hub traffic off your net. You'll still get hit with all of their NETBIOS broadcasts...
Is there a reason why their router must be directly in your main VLAN and address space? Perhaps a simple Linksys BEFS* or BEFW* nat'ing router between you and them would do a lot. Does your new PACS rely on broadcasts, or would your PACS not work properly if you were PAT (Port Address Translating) those PCs down into a single IP ?