SF500-28P VLAN Help

tawneyfollett · ‎06-17-2013

Hello,

I am attempting to configure multiple VLAN's to have access to an port without any VLAN.

Basically I wanted Port 10 to untag VLAN's 20 and 21. However what I have found is that this only works if I have "PVID" ticked. And I cannot tick both 20 and 21 as PVID.

So if I want multiple VLANs to access a port with no VLAN, how can I achieve this?

Thanks

Tawney

stumulur · ‎06-18-2013

Hello Tawney,

By definition of Access Port is "The interface is an untagged member of a single VLAN". Access port can have only one PVID which is default VLAN of access port.

Multiple VLAN can be configured on Trunk port, and even trunk port can I have only one native VLAN.

So multiple untagged VLANs on access port or trunk port is not possible. Logically if you do not tag data from two VLANs, the switch has no means to differentiate traffic, and that is reason for tagging VLANs so that traffic for respective VLANs can be identified.

In, general mode can allow you to send untagged data from multiple VLANs from switch out of the ports.

Hope it answered your question.

Thankyou

Sai

tawneyfollett · ‎06-18-2013

Hello Sai,

Thank you for the reply. On port 1 through to 6 I am tagging VLAN 20 and VLAN 21. However on Port 10 I have a device that I want accessible from the native VLAN and any other VLAN (eg VLAN 20 and 21).

So port 10 is set to general with VLAN20 and 21 untagged. With this configuration the devices on ports 1 through 6 cannot access the device on port 10. If I tick the option for "PVID" under Port 10 (for VLAN 20) then ports 1 through 6 (on VLAN 20,21) CAN access this, but devices on no VLAN cannot.

How can I allow multiple VLAN's and the Native VLAN to have access to a Port with no Tag?

stumulur · ‎06-20-2013

Hello Tawney,

I am sorry for late reply. From your description I have understood that VLAN Port Membership table should look like

Ports Type VLANs

1-6 Trunk 1UT,20T,21T

10 Access 1UT

Please let me know if I am wrong. I would like to narrow down the approach towards problem and would request you following.

Are devices of different VLANs, 1,20 able to communicate with each other on ports 1-6
If SF500 in L2 or L3 mode ?
Is the switch connected to any L3 devices and default gateway for SF500
Is there any MAC security configured.

Great day

-

Sai

tawneyfollett · ‎06-20-2013

Hello Sai,

That is okay. I am lead to beleive by a colleague of mine that what I want to achieve is not possible, nevertheless I am hoping that you can shed any truth to this or offer an alternative.

The situation I should explain is currently this:

Ports 1 to 6 are Trunked with VLANS from 2 through to 300. Virtual machines are deployed on a Hyper-V server in which they are tagged their appropraite VLAN.

For instance a subset of 5 Virtual Computers are assigned VLAN 20, and another 5 Virtual Computers are assigned VLAN 21.

Port 11 is assigned the same VLANs (2 to 300) as it has access to a Router where the same Subinterfaces on this router are tagged.

Router (PORT11) - Subinterface #20 - VLAN ID 20

Router (PORT11) - Subinterface #21 - VLAN ID 21

On port 10 I have a backup system where I would like Virtual Computers in any VLAN to be able to access this port. I know I can get around this by tagging the NIC on the system connected to Port10 with the same VLAN ID's, however I thought that the system would allow me to have any VLAN access this system by untagging the ports? I am told this may not be possible.

Also as with the above information, I'll answer your questions.

1. No because they are not designed to. Refer to what I stated above how the VM's are assigned a VLAN to use.

2. the SF500 are in L2 mode

3. Yes port 11 is connected to a router with matching VLAN ID to the VM

4. No MAC security.

Thank you

Tawney

stumulur · ‎06-21-2013

Hello Tawney,

I am happy to see calrity with your setup. Will be happy to work on any further issues.

Great day

-Sai