Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1505
Views
0
Helpful
3
Replies

Help Understanding VLAN Configuration

Chris Mickle
Level 1
Level 1

‎02-09-2017 08:50 AM - edited ‎03-08-2019 09:16 AM

Hello,

My question isn't so much about Cisco VLAN configuration, but other switch vendors as they compare to Cisco's implementation. I'm still learning VLAN principles and it setting up a couple VLANs between Cisco hardware and non-Cisco hardware, I ran into a question.

Here's my understanding...

On Cisco switches... ports can be configured for two main types of VLANs; access ports and trunk ports (802.1Q).

"switchport mode access VLAN A" specifies both ingress and egress packets to be untagged.

"switchport mode trunk" specifies both ingress and egress packets are to be tagged with the appropriate VLAN and allows communication on all VLANs specified by the "allowed vlan" command.

That, I think I understand. What I don't understand is the following...

On a TP-Link smart switch that I am configuring and on other vendors as well from what I understand, there seem to be separate ingress and egress policies for each port.

On this switch, there is a section called 802.1Q VLAN where you can create a VLAN and choose the option Tagged and Untagged for each port that is a member. It seems that the "tagged" option is equivalent to "switchport mode trunk" on the Cisco where egress packets are tagged with the appropriate VLAN ID when exiting the port. The "untagged" option apparently strips the VLAN ID from the packet on egress which seems equivalent to "switchport mode access" on the Cisco. Simple enough, but here is where my question comes in.

There is another option in the switch config called 802.1Q PVID Setting. Options there allow you to set the VLAN ID for each port, but apparently only applies to untagged ingress packets which also seems like "switchport mode access" on the cisco.

My question is why on earth would you want to have separate ingress and egress policies per port? The Cisco way makes sense to me in that if packets arriving on an interface are untagged then the packets leaving the interface and returning to the origin device should also be untagged. The reverse seems true for trunk ports in that it makes sense that all ingress and egress packets on the trunk should be tagged. The other vendor(s) method seems redundant to me.

The reason I'm asking is because I'm still learning and there is probably something I'm either unaware of or missing from my logic.

Any help would be much appreciated.

Thanks.

Labels:
0 Helpful
3 Replies 3

rafael.alves
Level 1
Level 1

‎02-09-2017 09:59 AM

The Cisco way just make the tagging relationship more understandable: Like, or it's access (to connect to a end-device) or it's trunk (to connect to another network device. But, in fact, the access port just send and receive untagged packet while the trunk ports can send/receive untagged packets(native vlan - just one) and the tagged packets(not tagged - as many as wished).

Why the TP-link allows you to separate the ingress and egress VLAN policies, doesn't make any sense to me.

0 Helpful

rafael.alves
Level 1
Level 1
In response to rafael.alves

‎02-09-2017 10:15 AM

I thins it's related to the private-VLAN in Cisco switches.

With this feature, you can chose what interface can communicate to what interface inside the same VLAN. This is mainly used by service-providers for security reason(sometime in a shared media, two or more customers use the same VLAN).

0 Helpful

Chris Mickle
Level 1
Level 1
In response to rafael.alves

‎02-09-2017 01:07 PM

That was exactly the reason for my question... It didn't make any sense to me either even with my relatively limited experience.

0 Helpful
Customers Also Viewed These Support Documents