02-09-2020 07:23 PM - edited 02-09-2020 07:33 PM
Hi,
I'm not a networking specialist and am confused.
What I'm attempting to do:
1) I've created multiple VLANS (10, 20, 30)
2) Assign physical ports to each VLAN, giving each VLAN their own subnet, using DHCP to assign IPs to devices
e.g. VLAN100, Ports 1 & 2, DHCP, range 10.10.1.100 - 149
VLAN200, Ports 3 & 4, DHCP, range 10.20.1.100 - 149
VLAN300, Ports 5 & 6, DHCP, range 10.30.1.100 - 149
I've read through the whitepapers I can find, and do not understand tagged, untagged and excluded. Just the idea of assigning VLANS to Ports seems backward. (I'd swear that in the past, VLANS were logical groupings of ports; e.g. you created a VLAN, then assigned ports to that VLAN)
Can someone clarify and show me a simple walkthrough explaining how this is supposed to work? How do tagged, untagged and excluded settings on ports tie into this schema?
Thanks
Solved! Go to Solution.
02-13-2020 02:14 AM
Hello,
Tagged - means that traffic for that VLAN will have a Tag when passing through this interface.
This is used to differentiate traffic, when multiple VLANs pass through the same link.
On the other side of such setup, you must have a network device that understands tagged traffic.
This mimics a Trunk port.
Untagged - means that traffic for that VLAN won't have a Tag when passing through this interface. On the other side of such link, you can have a network device that does not understand tagged traffic. It will understand only the traffic for the untagged VLAN. For mimicking a Trunk port, this is used as a Native VLAN.
Excluded - this VLAN will not pass on this Link.
Summary:
If you have :
VLANID LAN1 LAN2 LAN3 LAN4
1 U U E T
2 E T U U
Port 1 will be as an access port for VLAN 1.
You can have a device that does not understand VLAN traffic ( PC ) and it will work in VLAN 1.
It will obtain an IP from the DHCP server in VLAN 1.
Port 2 is set to mimic a Trunk port.
If connected to a device that understands tagged traffic, VLAN 1 will pass untagged and VLAN 2 will pass with a Tag.
If you have a Switch on the other side ( that supports 802.1q ) you need to set the port as Trunk, with VLAN 1 as native and VLAN 2 as tagged.
If you have a device that does not understand tagged traffic ( PC ) it will be a member of VLAN 1. It will also receive traffic for VLAN 2, but will not understand the traffic, as it is tagged, and drop it. That is why for such devices it is best VLAN 2 to be Excluded. ( as setup for port 1).
Port 3 mimics an access port for VLAN 2.
You can have a device that does not understand VLAN traffic ( PC ) and it will work in VLAN 2.
It will obtain an IP from the DHCP server in VLAN 2.
Port 4 mimics a Trunk port, same as Port 2.
The only difference here is that VLAN 2 will be native VLAN and pass untagged, where VLAN 1 will be tagged.
Hope that helps.
02-10-2020 01:06 AM
So you are not much worried to know, here is a simple document :
Create DHCP as per requirement, and VLAN with IP address.
Allocated Port 1 and 2 to VLAN 100 - untagged so on.
02-10-2020 04:10 PM
Thank you for replying.
If an 'Untagged' port is an Access port, a 'Tagged' port is one that is acting as a Trunk, correct?
Id like to avoid using VLAN 1 for anything but config & management; I've noticed that the PC I'm using to configure device has defaulted to VLAN 1. What state should any ports in use in other VLANs be in with regard to VLAN 1 to prevent it use? Excluded?
02-11-2020 01:06 AM
Cisco all the products by default allocated to VLAN1, So for security reason always suggest to use your own VLAN, so you can secure as per the business requirement.
16 VLANs can be configured on the RV160 or RV260, with one VLAN for the Wide Area Network (WAN). VLANs that are not on a port should be Excluded. This keeps the traffic on that port exclusively for the VLAN/VLANs the user specifically assigned. It is considered a best practice.
Ports can be set to be an Access Port or a Trunk Port:
One VLAN assigned its own port:
Two or more VLANs that share one port:
02-11-2020 10:26 AM - edited 02-11-2020 10:52 AM
I found this article helpful, if somewhat opaque in certain areas. It seems that every port on the RV260W must have an Untagged VLAN on it. If a port has only one VLAN on it (what the article calls an "access port"), that VLAN must be marked as Untagged.
In your example, VLAN100, since it is the only VLAN on ports 1 and 2, would be marked as Untagged on those ports. All other VLANS would be marked as Excluded. The same with VLAN200 and VLAN300 and their respective port assignments.
Your example leaves ports 7 and 8 unassigned. The linked article suggests assigning a "dead end" VLAN to unused ports on the router. That VLAN should be marked as Untagged, and all other VLANs are Excluded on those ports.
02-13-2020 02:14 AM
Hello,
Tagged - means that traffic for that VLAN will have a Tag when passing through this interface.
This is used to differentiate traffic, when multiple VLANs pass through the same link.
On the other side of such setup, you must have a network device that understands tagged traffic.
This mimics a Trunk port.
Untagged - means that traffic for that VLAN won't have a Tag when passing through this interface. On the other side of such link, you can have a network device that does not understand tagged traffic. It will understand only the traffic for the untagged VLAN. For mimicking a Trunk port, this is used as a Native VLAN.
Excluded - this VLAN will not pass on this Link.
Summary:
If you have :
VLANID LAN1 LAN2 LAN3 LAN4
1 U U E T
2 E T U U
Port 1 will be as an access port for VLAN 1.
You can have a device that does not understand VLAN traffic ( PC ) and it will work in VLAN 1.
It will obtain an IP from the DHCP server in VLAN 1.
Port 2 is set to mimic a Trunk port.
If connected to a device that understands tagged traffic, VLAN 1 will pass untagged and VLAN 2 will pass with a Tag.
If you have a Switch on the other side ( that supports 802.1q ) you need to set the port as Trunk, with VLAN 1 as native and VLAN 2 as tagged.
If you have a device that does not understand tagged traffic ( PC ) it will be a member of VLAN 1. It will also receive traffic for VLAN 2, but will not understand the traffic, as it is tagged, and drop it. That is why for such devices it is best VLAN 2 to be Excluded. ( as setup for port 1).
Port 3 mimics an access port for VLAN 2.
You can have a device that does not understand VLAN traffic ( PC ) and it will work in VLAN 2.
It will obtain an IP from the DHCP server in VLAN 2.
Port 4 mimics a Trunk port, same as Port 2.
The only difference here is that VLAN 2 will be native VLAN and pass untagged, where VLAN 1 will be tagged.
Hope that helps.
02-13-2020 09:36 AM
Thanks you sirs
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide