Email Subscription Notifications Suspended Temporarily
We are in the process of making navigation in the Servers and Operating Systems forums simpler and more direct. While doing this, we have to temporarily suspend email notifications for subscriptions. If you are subscribed to one or more discussion boards or blogs in the community, please check them daily to see new content. Notifications will be turned back on in a few days. We apologize for any inconvenience this may cause. Thanks, Warren_Admin
Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

VLAN understanding fully brain **bleep**ed

admin11
Occasional Visitor

VLAN understanding fully brain **bleep**ed

Hey guys,

I read about 5h over VLAN´s. I dont get it....

In the add-in you can see what i try to do.

The FW is one of 2 DHCP Server. It should only send DHCP offers to eth2.
FW got a logical interface with vlan10

ETH2 is conntected to a Swtich (VLAN10 tagged, not member of vlan1) 
PC is conntected to a Swtich (that one should get the Address of the FW. (untagged10)

Now my Question.
I dont want, that the FW sends offer to the whole VLAN1 (thats why not member of vlan1).
If i do that, nothing works.

What means untagged? 
i tryed to connect 2 computer on a switch 

both ports tagged vlan 10, untagged vlan 1 = works
both ports tagged vlan 10, not member of vlan 1 = doesnt works (I think because computer cant handle with VLAN)
both ports untagged vlan 10,  untagged vlan 1 = works (is the port now in vlan 1 and 10?)
both ports untagged vlan 10,  no member of vlan 1 = doesnt work (why?)

How can it be, that i can untag 2 VLANS on 1 port? For me it makes no sense...

I dont know why i need this VLAN1? 

I hope u can help me.

Best regads

1 REPLY
Dermot
Occasional Contributor

Re: VLAN understanding fully brain **bleep**ed

Untagged VLAN is basically the VLAN that the port is in.

Tagged VLAN is an identifier that allows devices that can recognize VLAN tagging to seperate the traffic. Normally used for switch trunk ports or router or firewall ports with virtual ports assigned to the VLANs that are tagged.

If the firewall port is ONLY going to be in VLAN 10, then it should not have VLAN configuration set, as the VLAN is identified on the switchport it is connected to. So the Switch identifies the firewall port as UNTAGGED in VLAN 10 and the client machines as UNTAGGED  in VLAN 10. The Client PCs and the Firewall port do not need VLAN configuration set.

One thing to note, depending on the switch in use, you may also need to specify that the ports are not untagged in VLAN 1, normally you use the command 'UNDO port hybrid VLAN 1' or whatever is appropriate for your switch. You may also need to set the PVID of the ports to VLAN 10. Again, depending on your switch and its configuration requirements.