GS1200-8 802.1q VLAN configuration - Multiple untagged VLANs on port

erapade

In the manual we can see the picture below. I'm a VLAN nob, but as I understand the 802.1q standard does not support multiple untagged VLANS on a single port. So the question is if my understanding is correct and what the outcome of this will be

Zyxel_Melen

Thanks. But since this configuration is in the manual I guess there is an intention that it shall demonstrate something.

The screenshot of the user's guide seems to have some misconfiguration; I will ask our team to update it in future updates. In the screenshot, port 1 non-PVID VLAN should be tagged out(Yellow).

In addition, the port connects to end devices, like PC, and is usually configured as a specific VLAN untagged member, and the PVID is this VLAN's ID. The port connects to other network devices, like access points or firewalls, and is usually a member of many VLANs, mostly tagged members. You can set the PVID VLAN as an untagged or tagged member. This depends on whether your connecting device configuration requires a VLAN tag.

If we extend the example by adding vlan id 2 as an untagged member of also port 2 considering the rest is the same as the example, will we then have a valid configuration and how would we describe it?

No, this is a misconfiguration. You should ensure that each port has only one untagged VLAN that is the same as PVID.

As an alternative we can extend the example by adding vlan id 2 as a tagged member of port 2 considering the rest is the same as the example, will we the have a valid configuration of port 1 and how would we describe it.

In this case, there is still wrong with the port 1 VLAN member. As mentioned, each port has only one untagged VLAN that is the same as PVID. A port has two untagged VLAN member is misconfiguration and need to be corrected.

As I understand the 802.1q standard does not support having two untagged vlan id defined on one single port so I try to understand what extension to the dot1q standard this switch has been doing and what the purpose with that is

GS1200 allows you to:

1. Create VLAN.
2. Set PVID.
3. Assign VLAN members with tagged or untagged for egress behavior.

For more details, you may reference the FAQ in the previous comment.

Zyxel_Melen

Hi @erapade,

Thanks for your input! Please be assured, I will let our product team know this input.

Zyxel_Melen

Hi @erapade,

You will only have VLAN 1 works in this configuration. Although port 1 is a VLAN 2 member, there are no other ports that belong to VLAN 2, so, VLAN 2 traffic will not be forwarded.

I suggest checking this FAQ first to understand how to configure VLAN for web-managed switches.

How to configure VLAN for web-managed switch? — Zyxel Community

erapade

https://community.zyxel.com/en/discussion/comment/74698#Comment_74698

Thanks. But since this configuration is in the manual I guess there is an intention that it shall demonstrate something.

If we extend the example by adding vlan id 2 as an untagged member of also port 2 considering the rest is the same as the example, will we then have a valid configuration and how would we describe it?

As an alternative we can extend the example by adding vlan id 2 as a tagged member of port 2 considering the rest is the same as the example, will we the have a valid configuration of port 1 and how would we describe it.

As I understand the 802.1q standard does not support having two untagged vlan id defined on one single port so I try to understand what extension to the dot1q standard this switch has been doing and what the purpose with that is

Zyxel_Melen

Thanks. But since this configuration is in the manual I guess there is an intention that it shall demonstrate something.

The screenshot of the user's guide seems to have some misconfiguration; I will ask our team to update it in future updates. In the screenshot, port 1 non-PVID VLAN should be tagged out(Yellow).

In addition, the port connects to end devices, like PC, and is usually configured as a specific VLAN untagged member, and the PVID is this VLAN's ID. The port connects to other network devices, like access points or firewalls, and is usually a member of many VLANs, mostly tagged members. You can set the PVID VLAN as an untagged or tagged member. This depends on whether your connecting device configuration requires a VLAN tag.

If we extend the example by adding vlan id 2 as an untagged member of also port 2 considering the rest is the same as the example, will we then have a valid configuration and how would we describe it?

No, this is a misconfiguration. You should ensure that each port has only one untagged VLAN that is the same as PVID.

As an alternative we can extend the example by adding vlan id 2 as a tagged member of port 2 considering the rest is the same as the example, will we the have a valid configuration of port 1 and how would we describe it.

In this case, there is still wrong with the port 1 VLAN member. As mentioned, each port has only one untagged VLAN that is the same as PVID. A port has two untagged VLAN member is misconfiguration and need to be corrected.

As I understand the 802.1q standard does not support having two untagged vlan id defined on one single port so I try to understand what extension to the dot1q standard this switch has been doing and what the purpose with that is

GS1200 allows you to:

1. Create VLAN.
2. Set PVID.
3. Assign VLAN members with tagged or untagged for egress behavior.

For more details, you may reference the FAQ in the previous comment.

erapade

Thanks a lot.
I haven't even bought the switch yet since I wanted to have this cleared out first.

My recommendation is that you also update the FW so these invalid configurations is not possible, i.e. notifying the user that there only can be one untagged VLAN ID per port.

Since this is a low priced product we can also expect that the users are like me (having low knowledge of VLAN configurations) and as it looks like it's undefined what VLAN ID will be egressed from a port defined with multiple VLAN IDs, there will be a lot of miss-configurations out there

Big thanks for confirming

Zyxel_Melen

Hi @erapade,

Thanks for your input! Please be assured, I will let our product team know this input.