General Router FAQ802.1q VLAN Setup |
Broadly there are three different vlan configurations that are commonly used - port based, mixed mode of tagged/untagged operation and tagged only. The desired setup will depend on the specific network requirements, if there are other vlan aware devices on the LAN and how the lans are to be separated.
The screenshot below shows a setup where no vlan tags are required, so that each VLAN corresponds to a physical port or WLAN SSID. In this configuration each LAN port and SSID will go to a different LAN subnet.
Notice that the "Enable" setting for each VLAN is unticked. If enable is ticked, packets received must have a tag that matches the vlan VID or they will be ignored. The tagged based setups are shown below.
In the setup below VLAN0 is left untagged while the other VLANs have been set to tagged operation.
This setup means that any LAN port in VLAN0 will can receive untagged. Any LAN port that is also a member of a tagged vlan can also receive tagged packed. In this case, only P1 is a member of both, so if the port receives an untagged packet it will be part of VLAN0 and if it receives a tagged packet it will part of VLAN1, VLAN2 or VLAN3 depending on which vlan ID is matched. The actual subnet that it would be in depends on the subnet that the VLAN is set to.
LAN ports P2, P3 and P4 are in untaggged only operation and are configured to be members of VLAN0 so therefore subnet LAN1.
In tagged only operation (where there are no LAN ports that are members of un-tagged vlans), the router will only accept traffic from devices (PC's, Switches, Phones) that specify the VLAN tag. Any device that does not send a vlan tag would not be able to communicate with the switch. It is typical in this setup to connect 802.1q VLAN aware switches and control which VLAN a PC is a member of via the port configuration on the switch
In the example configuration below each port works will accept tags from any of the 4 VLANs because each port is a member of every VLAN. The Subnet that the device would be a member of depends on which VLAN ID tag it sends. The VLAN that the SSIDs are members of are controlled using the check boxes (in the example SSID1 is in VLAN0, SSID2 is in VLAN1 and so on)
NOTICE : This document is © SEG Communications and may not be distributed without specific written consent. Information and products subject to change at any time without notice.