@sedatbulbul wrote: So as i see on switch options, i can add only 1 vlan tag and system doesn't allow ssh. how can I add multiple vlans and split floor vlans each other? Should I change devices? Thanks in advance
Not necessarily.
Your network topology is a chain: 30th Floor SW1 (System Room) <--> 22nd Floor (SW2) <--> 10th Floor (SW3) <--> 4th Floor (SW4).
Switches, from what you wrote, are interlinked together by means of a single (copper) link.
If you want to transport various VLAN IDs from the SW1 down to the SW4, it's possible (I presume your SW1 is acting as the "router" for various VLAN IDs you're planning to use so each VLAN IDs owns a specific SVI address).
Let's say you defined on SW1 those VLAN IDs (we keep VLAN ID 1 unsused at most):
- VLAN 1 with SVI 10.0.255.254 (Subnet 10.0.255.0/24 <- used as "Management subnet for your Switches" so SW1 could use simply 10.0.255.1, SW2 10.0.255.2, SW3 10.0.255.3 and SW4 10.0.255.4 as their IP for managment)
- VLAN 130 with SVI 10.0.30.254 (Subnet 10.0.30.0/24) <- useful if you have "clients" also on the System Room
- VLAN 122 with SVI 10.0.22.254 (Subnet 10.0.22.0/24)
- VLAN 110 with SVI 10.0.10.254 (Subnet 10.0.10.0/24)
- VLAN 104 with SVI 10.0.4.254 (Subnet 10.0.4.0/24)
The above are for example...I set the third octect to rescall the floor it is used into.
Since the chain is SW1<->SW2<->SW3<->SW4 you need to propagate (tag) all VLAN IDs in this order:
- 33th and 22th floors -> SW1 to SW2: propagate all VLAN IDs -> VLAN 104, 110 and 122 - minus the VLAN 130 - should be "tagged" (in other terms required ports need to be set as "tagged" members of those VLAN IDs) and they should be "tagged" exactly on SW1 downlink port to SW2 and on SW2 uplink port to SW1. The same applies to VLAN 1 but uplink/downlink VLAN 1 membership could be left "untagged" (default)...because on that VLAN there are IPs for management of each switch.
- 22th and 10th floors -> SW2 to SW3: propagate these VLAN IDs (as above VLAN 1 - again - could remain "untagged" as above) -> VLAN 104 and 110 - thus minus VLAN 130 and VLAN 122 - should be "tagged" (in other terms required ports need to be set as "tagged" members of those VLAN IDs) and they should be "tagged" exactly on SW2 downlink port to SW3 and on SW3 uplink port to SW2.
- 10th and 4th floors -> SW3 to SW4: propagate these VLAN IDs (as above VLAN 1 - again - could remain "untagged" as above) -> VLAN 104 - thus minus VLAN 130, VLAN 122 and VLAN 104 - should be "tagged" (in other terms required ports need to be set as "tagged" members of those VLAN IDs) and they should be "tagged" exactly on SW3 downlink port to SW4 and on SW4 uplink port to SW3.
Clearly the is valid IF you plan to assign each floor with one (and only one) specific VLAN/Subnet...technically the SW1 should have all VLAN IDs defined, SW2 all minus VLAN 130, SW3 all minus VLAN 130 and VLAN 122 and finally SW only the VLAN 104.
If you plan to use other logical assignment...without a relationship with floors you just need to configure your VLAN IDs and their SVI and distribute them (tag) accordingly across interlinks.
I mean...you can have VLANs assigned for "functions" (Say Administration, Marketing, Technical Support, etc...) but the principle above remains mostly valid (IPs, SVIs and VLAN IDs could change accordingly)...the only thing you should understand is that IF you need a client on a VLAN "x" on SW "y" then you need to transport that VLAN "x" up to SW "y" along the chain...the access/edge ports on the SW "y" then just need to be set untagged member of that VLAN "x" (access ports aren't like interlink ports...they need just a VLAN untagged, generally).
Other considerations can be done on SW1 and its "routing" duty...but, giving that you provided no details, I think it's premature...just consider the SW1 will be the router for all its locally connected VLAN IDs and will automatically route each others all VLAN IDs (in the example: 1, 130, 122, 110 and 104)...forwarding to external networks should happen against a Next Hop Gateway via a Route of Last Resort (say destination 0.0.0.0 mask 0.0.0.0 via Next Hop Gateway IP address) and the Gateway should be configured to know that subnets 10.0.255.0/24, 10.0.30.0/24, 10.0.22.0/24, 10.0.10.0/24 and 10.0.4.0/24 - to be reached - are behind the router represented by SW1)...and here you can work by introducing another VLAN ID dedicated to transit between the SW1 and the Gateway only (in this way SW1 and Gateway are "routed" together...they "speak" directly each-others without no other Switch able to speak directly with Gateway) OR (but I don't suggest that) work by placing the Gateway on the VLAN 130 (so the gateway is on the same VLAN ID of the 33th floor SW1)...but that's argument for another post.