0

I am trying to wrap my head around VLANs to segregate my home network in several subnets with their own SSIDs.I have an OpenSense box as my router. and a two Netgear manageable switches. The AP will be VLAN aware with multi SSIDs such as TP-Link EAP245.

My plan is as following:

Router <-----> Switch <---- VLAN TRUNK ----> (AP with VLAN SSIDs)

I am trying to figure out the difference between VLAN ID and PVID and how to setup the switches.

My current understanding is that VLAN ID is used for outgoing packets from a port and PVID is to assign a VLAN to untagged incoming packets.

I found this tutorial on tp link website that is a close scenario to my situation. I understand most of the setup however I am confused regarding Port 2 which they use in their example for the Router. At some point they say:

Port 1 must be configured as “ tagged” while Port 2 must be configured as “untagged”.

For Port 1, I understand that it must be tagged, as all VLANs are passed to the AP in a VLAN trunk. Why does it have PVID 1 on all VLAN IDs ?

For Port 2, I understand it must also be part of all VLANs since it handles routing, but why did they mark it untagged with PVID 1 on all VLAN IDs ?

Improve this question
5
  • home networks are off-topic on serverfault. The best is to always use tagged ports, never untagged, but it requires some planning. by only using tagged traffic the setup will be easier and less confusing.
    – NiKiZe
    Commented Nov 23, 2021 at 4:45
  • In general, you're right, PVID often means "the VLAN ID which gets tag stripped on egress and applied to untagged on ingress". But always consult a manufacturer manual; I've seen hardware where "default VLAN" and "untagged VLAN" were different things, one was the VID which is output on this port without tags, and the other is the VID which gets applied to incoming untagged packets, and those can be different. As to the example, it must be serving some purpose where this requirement may have meaning. In your case all you seem to need is trunk (all VLANs tagged) ports towards both router and AP.
    – Nikita Kipriyanov
    Commented Nov 23, 2021 at 6:10
  • @NiKiZe Thanks for the details. Since you said this is off topic on serverfault, where should I ask home networking questions ?
    – blob42
    Commented Nov 24, 2021 at 22:54
  • @NikitaKipriyanov Ok got it thank you for the tip. I think I was also confusing subnets with VLANs someone else explained to me that in the example they have multiple VLANs for the same subnet which explains why they mark Port 2 untagged to the router
    – blob42
    Commented Nov 24, 2021 at 22:57
  • The last suggestion: if you use VLANs, never use VLAN1 for any useful purpose. This leads to various problems which are hard to tackle, and varies between different vendors and even different devices from the same vendor. Leave it a role of the "placeholder VLAN" for e.g. unconfigured port, or the default on the otherwise all-tagged trunk port. And so, what is your question now? Please, give a "clear problem statement" where the "desired end state" is obvious.
    – Nikita Kipriyanov
    Commented Nov 25, 2021 at 7:11

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .