Thursday, August 8, 2019

Confirm my understanding of VLANS / TRUNKING / PVID

Hey all,

Been in the field for ~5 years for all of which I have been a Sysadmin for an MSP. Studied and passed CCNA R&S, but all of my professional experience has been with any vendor that isn't Cisco. Ubiquiti Unifi, EnGenius, Netgear, Ubiquiti Edgeswitch, and HP/Aruba.

Every once in a while I find myself in a situation where I think "Do I truly understand EVERYTHING about VLANs?" and im hoping you all can confirm my understanding or give me some guidance.

Untagged VLAN - This is the VLAN that traffic will get tagged with, if the traffic is not already tagged with a VLAN.

For example I have cameras that should be in video VLAN 200, and I can't spec VLAN200 on the camera so I untag VLAN 200 on the switch port which connects to the cameras. In my understanding, this is the same as an Access port in the Cisco world. "switch access vlan 200" is the same as untagged on 200.

Tagged VLAN - In my head, tagged is almost interchangeable with "allowed". Meaning frames tagged with this vlan are allowed to pass through the switch interface.

Example:

I have an access point which is on a management VLAN 99, and the trusted wifi is on VLAN 75. The switch is tagging it's own management traffic, and the AP is tagging it's frames for the trusted wifi, so on the switch interface I tag both VLAN99 and VLAN75.

Trunks in Cisco - All VLANs are tagged by default, but you can scope down which VLANs you want by using "allowed" and only adding those. No VLANs are untagged on the switch port unless you spec a native VLAN. Example... All uplinks and downlinks between networking devices. What is the point of the native vlan on a trunk anyway? To tag the management traffic of the downstream device if it's not managed on the VLAN you want? Any other good examples?

PVID - I don't have a clear understanding here at all. Was told to just think of PVID and untagged as outbound and inbound, but in doing some research and lab earlier today, it seems that PVID is close to how I looked at untagged vlan. As in PVID is the vlan that gets assigned to traffic which is not tagging it's own frames? How would you put PVID in lay mens terms?

I decided to make this post after a misunderstanding earlier. Management decided we are going to change our "stack" to be EnGenius switches and access points so I took a few switches into lab to make sure I knew how everything was done. I tried to get a phone on the voice VLAN by selecting UNTAGGED on that interface, but it did not get a voice VLAN IP. After changing the PVID to the voice VLAN, it got the correct address assigned.

I then was playing around with tagged/untagged for it's switchport while keeping the PVID assigned to voice VLAN, and those settings did not appear to matter. If the PVID was set to voice VLAN, the phone would get dhcp in the voice VLAN regardless of the voice VLAN being tagged/untagged.

Thanks!



No comments:

Post a Comment