XS1930 VLAN Trunk, Access, PVID
Freshman Member
Hi,
I am using my XS1390-10 with a SFP module to access the fibre conneection of my provider. I need to send the VLAN-ID 1120 with the DHCP request.
So I configured (in Nebula) my port 10 as follows:
Trunk, PVID1120, Allowed VLAN 1120
When I counter-check on the local admin interface of the switch I see the port 10 as "Untagged"! This is not what is to be expected.
Above configuration should transmit every packet with the VLAN-ID of 1120 to my provider. But the port being "Untagged" the switch obviously sends the packets untagged :(
Why does it untag?
As soon as I configure the PVID to a different VLAN (ie 42) I see 42 untagged and 1120 tagged.
I want to have only a single VLAN (1120) where it sends all packets tagged. No other VLNAs should be allowed! Even if an untagged packet comes in it is mapped to 1120 according to my understanding of PVID it will handle untagged packets and tag them if needed.
So is it not possible to have a single tagged VLAN on my port? I have to create. dummy VLAN42 and use it as PVID?
Strange….
/KNEBB
Accepted Solution
-
Hi @knebb,
Thanks for bringing this to our attention.
Above configuration should transmit every packet with the VLAN-ID of 1120 to my provider. But the port being "Untagged" the switch obviously sends the packets untagged :(
Why does it untag?This is because the port VLAN ID (PVID) will be set as an untagged VLAN member in current design.
For more information, please reference this FAQ.
So is it not possible to have a single tagged VLAN on my port? I have to create. dummy VLAN42 and use it as PVID?The current workaround is just like what you find, you need to change the PVID to another VLAN and change the allowed VLAN.
In addition, to avoid any traffic from this VLAN being forwarded to your network, please configure the allowed VLAN of other ports from "all" to "specific VLANs without this PVID". Therefore, this VLAN will only have one port member and cannot access your network.
By the way, do you have any suggestions about the VLAN configuration UI/UX? If yes, please share your idea with us.
0
Zyxel Employee
All Replies
-
Hi @knebb,
Thanks for bringing this to our attention.
Above configuration should transmit every packet with the VLAN-ID of 1120 to my provider. But the port being "Untagged" the switch obviously sends the packets untagged :(
Why does it untag?This is because the port VLAN ID (PVID) will be set as an untagged VLAN member in current design.
For more information, please reference this FAQ.
So is it not possible to have a single tagged VLAN on my port? I have to create. dummy VLAN42 and use it as PVID?The current workaround is just like what you find, you need to change the PVID to another VLAN and change the allowed VLAN.
In addition, to avoid any traffic from this VLAN being forwarded to your network, please configure the allowed VLAN of other ports from "all" to "specific VLANs without this PVID". Therefore, this VLAN will only have one port member and cannot access your network.
By the way, do you have any suggestions about the VLAN configuration UI/UX? If yes, please share your idea with us.
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight
