I have 4 switch
2930f 24G as core sw
2930f 48G as acc sw1
2930f 48G as acc sw2
6000 48G as acc sw3
4 vlan
10 for management network 192.168.10.x/24 using IP 192.168.10.254
20 for LAN network 192.168.20.x/24 using IP 192.168.20.254
30 for Wireless network 192.168.30.x/24 using IP 192.168.30.254
40 for Guest Wifi network 192.168.40.x/24 using IP 192.168.10.254
90 for Internet Access network 192.168.9.0 using IP192.168.9.254
Core-sw port 21 connect to acc sw1 port 48 IP 192.168.10.251
Core-sw port 22 connect to acc sw2 port 48 IP 192.168.10.252
Core-sw port 23 connect to acc sw3 port 48 IP 192.168.10.253
Core-sw port 21 connect to firewall IP 192.168.9.1 for internet access
Question
1. Uplink from core sw to acc sw should create a trunk port and vice versa and the trk port should be tagged or untagged all 4 vlan? Please provide config sample
1.1. For port that connect to Router/Firewall, it couldn't configure IP on the interface only can create vlan interface and assign ip to the interface. This is the current config that i did and its work fine but is there any other way for configure a port for static IP to connect to router? Like Cisco
2. In this scenario if i want to allow any vlan access to internet i need to run ip route 0.0.0.0 0.0.0.0 192.168.9.1 and ip routing or use ip default-gateway 192.168.9.1 instead, on all switch or just core switch?
3. Any other route require to configure like on core switch and access switch do i need to configure for intervlan route and to have access to the internet
ip route 192.168.10.0 255.255.255.0 192.168.10.254
ip route 192.168.20.0 255.255.255.0 192.168.20.254
ip route 192.168.30.0 255.255.255.0 192.168.30.254
ip route 192.168.40.0 255.255.255.0 192.168.40.254
4. dhcp-server configured on core switch so on access switch i need to configure like ip helper-address 192.168.x.x under vlan interface or no need? for the client to get ip from dhcp server on core switch when its connected to the port that untagged to specific vlan on access switch
5. Now we could access web gui on all vlan interface, how do i allow access to 192.168.10.254 only and not other vlan IP like 192.168.20.254?
6. From question.5 i tried changed management vlan to 10 and it only access 192.168.10.254 not other vlan but got another problem that other switch that connect to trunk port on core couldn't ping or reach or get ip from dhcp-server, was this normal? I set primary-vlan 10 but all vlan could access web gui
7. Could you explain about native vlan on 6000 as its differnent OS-CX, when i configured trunk should i tagged native vlan 10 and trunk all other 3 vlans?
8. How do i block access vlan 40 to reach other vlan except internet access only?
9. On some interface like the port that connect to access point to server or client that has to allow all vlan to connect to, how do i prioritize that device to get ip from a specific vlan like if i tagged that port to vlan 10,20,30,40 and i want this device to get ip from vlan 20 or 30 instead of 10?
10. How do i disable vlan1? or remove all ports on vlan1 i tried to no untagged other port like 25-28 that is sfp but it could not
Thanks for your response