Configuration Examples for 802.1Q VLANs on Easy Smart Switches
VLAN (Virtual Local Area Network) is a technology that allows you to divide a LAN into several broadcast domains. By logically dividing a LAN into several VLANs, you can reduce the impact of broadcast storms on your network and improve network security.
To get a better sense of how these are used, here are two configuration examples for 802.1Q VLANs.
Example 1: Blocking Traffic Between VLANs on a Single Switch
As the following figure shows, the switch connects to two different groups. The computers in the two groups should not be allowed to communicate with each other, but both groups should be able to access the internet.
To meet these requirements, you can configure 802.1Q VLANs on the switch.
1) Create VLAN 2. Add port 1, 2 to VLAN 2.
2) Create VLAN 3. Add port 1, 3 to VLAN 3.
3) Keep port 1, 2, 3 in VLAN 1. (By default, all ports belong to VLAN 1.)
VLAN Configurations on the Switch:
VLAN |
Egress Rule |
PVID |
|
Port 1 |
VLAN 1-3 |
Untagged |
1 |
Port 2 |
VLAN 1-2 |
Untagged |
2 |
Port 3 |
VLAN 1, 3 |
Untagged |
3 |
Method 1: Using Web GUI
Step 1: Select VLAN > 802.1Q VLAN to load the configuration page. Enable 802.1Q VLAN function. Add port 1, 2 to VLAN 2 as untagged ports; add port1, 3 to VLAN 3 as untagged ports; keep port 1-3 in VLAN 1 as untagged ports.
Note: You can only add or modify the VLANs after enabling the 802.1Q VLAN feature.
Step 2: Choose the menu VLAN > 802.1Q PVID Setting to load the configuration page. Configure the PVIDs for VLAN 1-3 as 1, 2 and 3 respectively.
Method 2: Using Configuration Utility
Step 1: Select VLAN > 802.1Q VLAN to load the following page. Enable the 802.1Q VLAN function. Leave ports 1-3 as untagged ports in VLAN 1.
.
Note: You can only add or modify the VLANs after enabling the 802.1Q VLAN feature.
Step 2: In the 802.1Q VLAN Setting section, enter 2 in the VLAN (1-4094) field. Add port 1 and port 2 to VLAN 2 as untagged ports. Click Apply.
Step 3: In the 802.1Q VLAN Setting section, enter 3 in the VLAN (1-4094) field. Add port 1 and port 3 to VLAN 3 as untagged ports. Click Apply.
Step 4: Choose the menu VLAN > 802.1Q VLAN PVID Setting to load the following page. By default, PVID of all the ports are 1. Specify the PVID of port 2 as 2 and the PVID of port 3 as 3.
You should now be able to test the traffic and see that devices on port 2 cannot ping devices on port 3, and vice versa. Both groups should still be able to access the internet from their respective port.
Example 2: Blocking Traffic Between VLANs Across Switches
As the following figure shows, a company has two groups of devices, each connected to its own switch. The configuration requirement is that the two groups cannot communicate with each other, but both of them can access the internet.
To meet the above requirements, you can configure 802.1Q VLANs on both switches.
- Create VLAN 2.
On Switch A, add ports 2 and 4 to VLAN 2.
On Switch B, add ports 1, 2, and 4 to VLAN 2. - Create VLAN 3.
On Switch A, add ports 3 and 4 to VLAN 3.
On Switch B, add ports 1, 3, and 4 to VLAN 3. - Configure the default VLAN 1 to make sure the router can communicate with all ports of the two switches.
VLAN Configurations on Switch A and Switch B:
VLAN 1 |
VLAN 2 |
VLAN 3 |
|
Switch A |
Port 2-4 |
Port 2,4 |
Port 3,4 |
Switch B |
Port 1-4 |
Port 1,2,4 |
Port 1,3,4 |
Egress Rules and PVID Settings on Switch A and Switch B:
Switch |
Switch A |
Switch B |
|||||
Port |
2 |
3 |
4 |
1 |
2 |
3 |
4 |
Egress Rule |
Untagged |
Untagged |
Tagged |
Untagged |
Untagged |
Untagged |
Tagged |
PVID |
2 |
3 |
1 |
1 |
2 |
3 |
1 |
Method 1: Using Web GUI
Step 1: Select VLAN > 802.1Q VLAN to load the following page. Enable 802.1Q VLAN function, then click Apply.
Add port 2 to VLAN 1 and VLAN 2 as an untagged port.
Add port 3 to VLAN 1 and VLAN 3 as an untagged port.
Add port 4 to VLAN 1, VLAN 2, and VLAN 3 as a tagged port.
Step 2: Choose the menu VLAN > 802.1Q VLAN PVID Setting to load the following page. By default, the PVID of all the ports is 1. Specify the PVID of port 2 as 2 and click Apply. Specify the PVID of port 3 as 3 and click Apply.
Method 2: Using Configuration Utility
Step 1: Choose the menu VLAN > 802.1Q VLAN to load the following page. In the Global Config section, select 802.1Q VLAN status as Enable. Click Apply. Then Enter 1 in the VLAN (1-4094) field. Specify port 4 as tagged port and leave the other ports as untagged ports.
Note: You can only add or modify VLANs after enabling the 802.1Q VLAN feature.
Step 2: In the 802.1Q VLAN Setting section, enter 2 in the VLAN (1-4094) field. Specify the VLAN name as Group_A. Add port 1 and port 2 to the VLAN as untagged ports. Add port 4 to the VLAN as tagged port. Click Apply.
Step 3: In the 802.1Q VLAN Setting section, enter 3 in the VLAN (1-4094) field. Specify the VLAN name as Group_B. Add port 1 and port 3 to the VLAN as untagged ports. Add port 4 to the VLAN as tagged port. Click Apply.
Step 4: Choose the menu VLAN > 802.1Q VLAN PVID Setting to load the following page. By default, the PVID of all ports is 1. Specify the PVID of port 2 as 2 and click Apply. Specify the PVID of port 3 as 3 and click Apply.
To verify that the configuration is accurate, you should ping from the device attached to one switch to a device on the other switch. You should find that the ping does not go through, but both devices should be able to access the internet.