@cmr Thank you for your detailed explanation, I understand most of it from logical point of view. I think my first step is to enable VLAN and maintain at VLAN1 like you mentioned. 

• However moving forward VLAN2, physically on my device do i need to configure the port on the MX250 or on the MS350 or both? 
• Because we do not have many managed switches, what will happen when a unmanaged switch uplink onto the MS350? 

Using your example, assuming all my servers are static assign into 192.168.0.0/24.

• I can not physically plug or logical  assign into VLAN 2 172.18.0.0/16, unless i change static assign into 172.18.0.0/16 right? 
• Currently I have a DHCP server of 192.168.0.0/24 with some reserved IP. Do I need to create another DHCP pool of 172.18.0.0/16?

Sorry for some beginners questions and thank you for your patience. 

@TommyYap You can only have one VLAN on an unmanaged switch, so where an unmanaged switch is connected to the MS350 you would set that port to access mode (single untagged VLAN).  I would configure the port on the MS350 and have that do the routing with it connected via a single VLAN to the MX250.

In my example if you set a port to VLAN2 then yes you will need to change the static IP address on the device connected to it to be in the 172.18.0.0/16 range.  I would create a second DCHP pool on your existing server and set the helper address on VLAN2 on the switch to point to the server.  Alternatively you can use the switch as a DHCP server itself for VLAN2 (or indeed VLAN 1 as well if you wished to).

@cmr Okay so i guess i can't really implement VLAN fully yet due to many unmanaged switches and devices already running on 192.168.0.0/24 including servers. Maybe i could do something about my netgear managed switches. 

Thanks a lot

@TommyYap if you have some managed switches then you can at least start to divide traffic into separate VLANs by having one of them directly connected to the MX.  You could then have the unmanaged switches hanging off that in their own zones.

Hi @cmr sorry if it is a late reply. I am trying to implement VLAN slowly however i am stuck, below are my steps:

1. Under addressing & VLAN, I change LAN setting from Single LAN to VLAN and remain default VLAN1 192.168.0.0/24 MX IP is my gateway 192.168.0.1 everything is fine and working.
2. I created VLAN2 192.168.1.0/24 MX IP 192.168.1.1
3. Port 3 of MX250 is Trunk Native VLAN1 allowed all VLANs.
4. Port 3 of MX250 connected to port 24 of MS350. 
5. I tried configured port 15 of MS350 to be Access port VLAN2. 
6. I plugged LAN from my laptop onto port 15 of MS350, unable to get valid ip address and unable to access internet. 
7. I plugged into any other ports on MS350 is able to get ip from VLAN1 and access internet

Hope you can enlighten where have I done wrong or missing steps before i continue. 

@TommyYap have you created a DHCP scope for the 192.168.1.0/24 subnet on the MX:

Thank you so much you are a life savior. 

Is port 24 of the MS350 configured as a trunk, with native VLAN 1?