Hi guys, I'm an idiot trying to wrap my head around VLANs, specifically with one particular configuration I have set up. First thing, this has been set up for a while now and it's working fine, as I had help from Dell support. I'm just unclear on how this works.
Overview: I set up two VLANs, one for corporate wifi and the other for guest. Two SonicPoints (wifi access points) connect directly to specifically configured ports on the switch, then a third port connects to X3 on the SonicWall. I then can further apply rules to each wifi zone from the SonicWall.
SonicWall firewall which has these zones of interest:
- LAN: X1
- WLAN: X3
- WLAN-Guest: X3:V200
PowerConnect N3048P:
- VLAN 0 - Default data VLAN (not tagged)
- VLAN 2 - Corp wifi
- VLAN 200 - Guest wifi
Here are the port configurations on the switch. The first two connect to SonicPoint access point units, and the third connects to X3 of the SonicWall:
interface Gi5/0/25 switchport mode general switchport general pvid 2 switchport general allowed vlan add 2 switchport general allowed vlan add 200 tagged exit ! interface Gi5/0/27 switchport mode general switchport general pvid 2 switchport general allowed vlan add 2 switchport general allowed vlan add 200 tagged exit ! interface Gi5/0/29 switchport mode general switchport general pvid 2 switchport general allowed vlan add 2 switchport general allowed vlan add 200 tagged exit
My confusion:
- In the switch config, why does VLAN 200 have "tagged" added next to the command but 2 does not?
- I thought VLANs were always tagged (except the default VLAN) and that's how traffic was differentiated
- I don't understand how VLAN 2 and the data VLAN could both be untagged and still separated as VLANs
- I do see that the PVID of each port is set to 2, and that each port allows traffic from 2 and 200. So based on this, I am assuming that VLAN 2 and 200 tagged from the perspective of the switch, but only 200 is tagged from the perspective of the SonicWall.
- Does this mean that the switch is tagging only VLAN 2 and the SonicWall is tagging only VLAN 200, but the switch is allowing traffic from both VLAN 2 and 200?
No comments:
Post a Comment