Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3997
Views
0
Helpful
3
Replies

VLAN Port Tagging

jay.enebo
Level 1
Level 1

‎01-07-2015 01:35 PM

I have had a hard time wrapping my head around tag and untag options on VLan ports. I have a Cisco SG300-52 that I have 2 VLan's on: VLan 1 (default, internal LAN) and VLan 10 (will be going to my wireless and is fed from my DMZ port on my firewall).

Port 49 - Uplink from DMZ port on firewall

Port 50 - Uplink to second Cisco switch which will consist of both VLan 1 and Vlan 10

Port 24 - Wireless system

I believe that I want to tag ports 49 and 24 in VLan 10 and exclude them in Vlan 1...?

I want to untag port 50 in Vlan 10, and tag in VLan 1...?

 

Am I on the right track here or am I way off?

Labels:
0 Helpful
3 Replies 3

Tom Watts
VIP Alumni
VIP Alumni

‎01-07-2015 05:11 PM

Hi Jay,

 

VLAN's are kind of a funny thing. So, an "untagged VLAN" basically means there is no VLAN mark in the packet. A Tag VLAN means the opposite, there is actually the mark in the packet, that's the very basic idea as for as what is different when it comes to your packet.  However, with these minor differences come a whole world of changes.

 

Tagged VLANS are usually deployed to interconnect other network devices. 802.1q uses a native VLAN which by default is an untagged VLAN. Your SG300 by default uses VLAN 1 untagged to all ports. So, if you want your access point to use multiple VLAN for user connections then the AP should be set as Native (or default) VLAN 1 which would be the untagged connection then all additional VLAN specified should be qualified as "tagged". In turn, your SG-300 is the same way, you will specify any additional VLAN as tagged to the interface connecting to the AP.

 

 

So to simply put this, on your SG300, vlan 1 untagged, vlan 10 tagged. Your AP should be default/native VLAN 1 and user traffic is VLAN 10, assuming the rest of your network supports VLAN 10, should be good to go.

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
0 Helpful

jay.enebo
Level 1
Level 1
In response to Tom Watts

‎01-08-2015 12:36 PM

Thanks Tom for the reply.

I want my AP's on the DMZ (VLan 10) and not touch my LAN (VLan1). Wouldn't I tag each of these ports differently for each VLan?

 

So Port 49 (brings my DMZ to the switch) would be tagged VLan 10, exclude VLan1

 

Port 50 (interconnect between this SG300 and second Cisco switch with same VLans where I have LAN clients and will also have an AP) would be tagged on both VLan 1 and VLan 10.

 

Port 24 (connection to my wireless system) would be tagged VLan 10, exclude Vlan 1.

I have one cable going in between 2 buildings and would like my clients to have LAN access for their computers and phones, but also have wireless access (which would be on the DMZ)

Hope I make sense. I think I am starting to confuse myself on what I want.

0 Helpful

Tom Watts
VIP Alumni
VIP Alumni
In response to jay.enebo

‎01-08-2015 05:52 PM

The VLAN 10 won't touch VLAN 1 unless your router is routing it to touch VLAN 1. A VLAN is incapable to intercommunicate to each other unless there is a routing decision to do so.

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
0 Helpful
Customers Also Viewed These Support Documents