Solved: Assigning Ports to VLANS on RV260W: Tagged, Untagged & Excluded?

Andrew_M. · ‎02-09-2020

Hi,

I'm not a networking specialist and am confused.

What I'm attempting to do:

1) I've created multiple VLANS (10, 20, 30)

2) Assign physical ports to each VLAN, giving each VLAN their own subnet, using DHCP to assign IPs to devices

e.g. VLAN100, Ports 1 & 2, DHCP, range 10.10.1.100 - 149

VLAN200, Ports 3 & 4, DHCP, range 10.20.1.100 - 149

VLAN300, Ports 5 & 6, DHCP, range 10.30.1.100 - 149

I've read through the whitepapers I can find, and do not understand tagged, untagged and excluded. Just the idea of assigning VLANS to Ports seems backward. (I'd swear that in the past, VLANS were logical groupings of ports; e.g. you created a VLAN, then assigned ports to that VLAN)

Can someone clarify and show me a simple walkthrough explaining how this is supposed to work? How do tagged, untagged and excluded settings on ports tie into this schema?

Thanks

raluani · ‎02-13-2020

Hello,

Tagged - means that traffic for that VLAN will have a Tag when passing through this interface.
This is used to differentiate traffic, when multiple VLANs pass through the same link.
On the other side of such setup, you must have a network device that understands tagged traffic.
This mimics a Trunk port.

Untagged - means that traffic for that VLAN won't have a Tag when passing through this interface. On the other side of such link, you can have a network device that does not understand tagged traffic. It will understand only the traffic for the untagged VLAN. For mimicking a Trunk port, this is used as a Native VLAN.

Excluded - this VLAN will not pass on this Link.

Summary:

If you have :

VLANID   LAN1   LAN2   LAN3   LAN4
1 U    U E T
2 E    T    U    U

Port 1 will be as an access port for VLAN 1.
You can have a device that does not understand VLAN traffic ( PC ) and it will work in VLAN 1.
It will obtain an IP from the DHCP server in VLAN 1.

Port 2 is set to mimic a Trunk port.
If connected to a device that understands tagged traffic, VLAN 1 will pass untagged and VLAN 2 will pass with a Tag.
If you have a Switch on the other side ( that supports 802.1q ) you need to set the port as Trunk, with VLAN 1 as native and VLAN 2 as tagged.

If you have a device that does not understand tagged traffic ( PC ) it will be a member of VLAN 1. It will also receive traffic for VLAN 2, but will not understand the traffic, as it is tagged, and drop it. That is why for such devices it is best VLAN 2 to be Excluded. ( as setup for port 1).

Port 3 mimics an access port for VLAN 2.
You can have a device that does not understand VLAN traffic ( PC ) and it will work in VLAN 2.
It will obtain an IP from the DHCP server in VLAN 2.

Port 4 mimics a Trunk port, same as Port 2.
The only difference here is that VLAN 2 will be native VLAN and pass untagged, where VLAN 1 will be tagged.

Hope that helps.

View solution in original post

balaji.bandi · ‎02-10-2020

Untagged VLANs

A switch port may be a ‘tagged’ or ‘untagged’ port. An untagged port, or access port on a Cisco switch, connects to hosts (such as a server). The host is unaware of any VLAN configuration.

Tagged VLANs

A port is a ‘tagged port’ when the interface is expecting frames containing VLAN tags.

So you are not much worried to know, here is a simple document :

https://www.cisco.com/c/en/us/support/docs/smb/routers/cisco-rv-series-small-business-routers/Configuring_VLAN_Settings_on_the_RV160_and_RV260.html

Create DHCP as per requirement, and VLAN with IP address.

Allocated Port 1 and 2 to VLAN 100 - untagged so on.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Andrew_M. · ‎02-10-2020

Thank you for replying.

If an 'Untagged' port is an Access port, a 'Tagged' port is one that is acting as a Trunk, correct?

Id like to avoid using VLAN 1 for anything but config & management; I've noticed that the PC I'm using to configure device has defaulted to VLAN 1. What state should any ports in use in other VLANs be in with regard to VLAN 1 to prevent it use? Excluded?

balaji.bandi · ‎02-11-2020

Cisco all the products by default allocated to VLAN1, So for security reason always suggest to use your own VLAN, so you can secure as per the business requirement.

Assign VLANs to Ports

16 VLANs can be configured on the RV160 or RV260, with one VLAN for the Wide Area Network (WAN). VLANs that are not on a port should be Excluded. This keeps the traffic on that port exclusively for the VLAN/VLANs the user specifically assigned. It is considered a best practice.

Ports can be set to be an Access Port or a Trunk Port:

Access Port - Assigned one VLAN. Untagged frames are passed.
Trunk Port - Can carry more than one VLAN. 802.1q. “Trunking” allows for a native VLAN to be Untagged. VLANs that you don’t want on the Trunk should be Excluded.

One VLAN assigned its own port:

Considered an Access port.
The VLAN that is assigned this port should be labeled Untagged.
All other VLANs should be labeled Excluded for that port.

Two or more VLANs that share one port:

Considered a Trunk Port.
One of the VLANs can be labeled Untagged.
The rest of the VLANs that are part of the Trunk Port should be labeled Tagged.
The VLANs that are not part of the Trunk Port should be labeled Excluded for that port.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

JEB55 · ‎02-11-2020

I found this article helpful, if somewhat opaque in certain areas. It seems that every port on the RV260W must have an Untagged VLAN on it. If a port has only one VLAN on it (what the article calls an "access port"), that VLAN must be marked as Untagged.

In your example, VLAN100, since it is the only VLAN on ports 1 and 2, would be marked as Untagged on those ports. All other VLANS would be marked as Excluded. The same with VLAN200 and VLAN300 and their respective port assignments.

Your example leaves ports 7 and 8 unassigned. The linked article suggests assigning a "dead end" VLAN to unused ports on the router. That VLAN should be marked as Untagged, and all other VLANs are Excluded on those ports.

raluani · ‎02-13-2020

Hello,

Tagged - means that traffic for that VLAN will have a Tag when passing through this interface.
This is used to differentiate traffic, when multiple VLANs pass through the same link.
On the other side of such setup, you must have a network device that understands tagged traffic.
This mimics a Trunk port.

Untagged - means that traffic for that VLAN won't have a Tag when passing through this interface. On the other side of such link, you can have a network device that does not understand tagged traffic. It will understand only the traffic for the untagged VLAN. For mimicking a Trunk port, this is used as a Native VLAN.

Excluded - this VLAN will not pass on this Link.

Summary:

If you have :

VLANID   LAN1   LAN2   LAN3   LAN4
1 U    U E T
2 E    T    U    U

Port 1 will be as an access port for VLAN 1.
You can have a device that does not understand VLAN traffic ( PC ) and it will work in VLAN 1.
It will obtain an IP from the DHCP server in VLAN 1.

Port 2 is set to mimic a Trunk port.
If connected to a device that understands tagged traffic, VLAN 1 will pass untagged and VLAN 2 will pass with a Tag.
If you have a Switch on the other side ( that supports 802.1q ) you need to set the port as Trunk, with VLAN 1 as native and VLAN 2 as tagged.

If you have a device that does not understand tagged traffic ( PC ) it will be a member of VLAN 1. It will also receive traffic for VLAN 2, but will not understand the traffic, as it is tagged, and drop it. That is why for such devices it is best VLAN 2 to be Excluded. ( as setup for port 1).

Port 3 mimics an access port for VLAN 2.
You can have a device that does not understand VLAN traffic ( PC ) and it will work in VLAN 2.
It will obtain an IP from the DHCP server in VLAN 2.

Port 4 mimics a Trunk port, same as Port 2.
The only difference here is that VLAN 2 will be native VLAN and pass untagged, where VLAN 1 will be tagged.

Hope that helps.

Andrew_M. · ‎02-13-2020

Thanks you sirs