Why is possible set more VLANS to one port as Untagged?
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Hi
Why is possible set more VLANS to one port as Untagged? I expect only one VLAN can be untagged on one port.
Thanks
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
@PeterK2, it's pretty easy to set up an asymmetric VLAN.
The TL-SG108E also has an own menu entry for a pre-defined asymmetric VLAN, it's Multi-Tenant Unit VLAN (MTU VLAN). It works as follows:
Let's assume that port 1 is the uplink to the router providing Internet access and ports 2 to 8 are assigned to several tenant units.
The goal is to isolate the tenant units against each other, but to let them share the Internet router.
So we assign each port an own VLAN, that's VLAN 1 for port 1, VLAN 2 for port 2, etc.
PVID of each port is it's primary VLAN, that's 1 for port 1, 2 for port 2, etc. We achieved isolation between the ports by this setup.
Now, we assign ports 2-8 membership in VLAN 1, too, so that they can receive traffic from the Internet router.
To allow the Internet router to receive traffic from the other ports, we assign it membership of all other VLANs, that's 2, 3, 4, 5, 6, 7 and 8.
All ports are untagged VLAN members since the connected devices don't use VLAN tags usually (technically they could do so, but it would not make much sense in this setup).
Ingress frames on port 7 get tagged with VID=7 (due to the PVID) and will be forwarded to port 1, which is a member of VLAN 7.
Ingress frames on port 1 get tagged with VID=1 and will be forwarded to any of the other ports.
Thus, we have ports isolated against each other and can share a common resource on port 1.
Have a nice day, too!
- Copy Link
- Report Inappropriate Content
@PeterK2, you need untagged ports in more than one VLANs if you want to use an asymmetric VLAN setup.
In general, devices always should only offer a mechanism, but not enforce a policy. An asymmetric VLAN is a policy and TP-Link switches offer a mechanism to implement such a policy. There is nothing wrong with it – if you don't need such a setting, just don't use it.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
@PeterK2, it's pretty easy to set up an asymmetric VLAN.
The TL-SG108E also has an own menu entry for a pre-defined asymmetric VLAN, it's Multi-Tenant Unit VLAN (MTU VLAN). It works as follows:
Let's assume that port 1 is the uplink to the router providing Internet access and ports 2 to 8 are assigned to several tenant units.
The goal is to isolate the tenant units against each other, but to let them share the Internet router.
So we assign each port an own VLAN, that's VLAN 1 for port 1, VLAN 2 for port 2, etc.
PVID of each port is it's primary VLAN, that's 1 for port 1, 2 for port 2, etc. We achieved isolation between the ports by this setup.
Now, we assign ports 2-8 membership in VLAN 1, too, so that they can receive traffic from the Internet router.
To allow the Internet router to receive traffic from the other ports, we assign it membership of all other VLANs, that's 2, 3, 4, 5, 6, 7 and 8.
All ports are untagged VLAN members since the connected devices don't use VLAN tags usually (technically they could do so, but it would not make much sense in this setup).
Ingress frames on port 7 get tagged with VID=7 (due to the PVID) and will be forwarded to port 1, which is a member of VLAN 7.
Ingress frames on port 1 get tagged with VID=1 and will be forwarded to any of the other ports.
Thus, we have ports isolated against each other and can share a common resource on port 1.
Have a nice day, too!
- Copy Link
- Report Inappropriate Content
Perfect, now I understand it :) Marked as Best solution, thank you.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 3013
Replies: 4
Voters 0
No one has voted for it yet.