Nebula [VLAN] - PVID Explained

Created - Updated
Serhii Boiarynov
Print Friendly and PDF
Have more questions? Submit a request

This article explains the concept of the PVID in our Zyxel Switches and how it affects the connectivity from your network devices and the management of the switch itself.

With the help of some scenario, we will explain how the PVID manipulation could determine the correct or incorrect assignation of a network or even cause a disconnection of the switch by loosing its management capability.

 

1.  PVID definition

2. How is the untagged and tagged traffic modified by the PVID setting?

3. How does PVID in the uplink port can affect the Management of the Switch?

 

1. PVID definition

PVID stands for "Port VLAN ID" and is used in VLAN applications and it can be used to set an untagged traffic received by a given port(s) as a member of a specific VLAN.

For example, default PVID in port 1 of switch as "1". It means that any untagged incoming traffic received by the switch will be considered traffic of VLAN1 in the switch. 

For the outgoing traffic, the switch will use the untagged VLAN information that the port is member of.

As part of the ease of use aimed on Nebula, setting up the PVID will automatically set the port as untagged member of the same VLAN. In this article we will use this fact to assume the PVID is also configured as untagged VLAN in the port.

 

Tagged traffic with VLAN ID, eg: 3, received by the switch will be considered a member of VLAN 3, hence it will not be modified and just forwarded.

 

2. How is the untagged and tagged traffic modified by the PVID setting?

Now that the PVID concept is explained, we can take a look to the following scenarios and explanation of each connection point:

 

Case #1

The PC A is connected to the port on the switch A

 

mceclip1.png

 

PCs/laptops are not VLAN-aware devices, so when the PC A connects to the switch:

  • PC will first send the DHCP discovery as untagged traffic which is received on C3 connection on the switch. By PVID, this  untagged traffic will be then put on VLAN1 as it goes through the Switch A.
  • The Switch A then determines which other ports are actually members of the VLAN1, being C2 one of them in this case. The switch checks how should the traffic be sent out of C2, which in this case is untagged due to the setting (untagged VLAN member).
  • LAN interfaces usually imply "untagged traffic" in the Zyxel gateways, hence gateway will handle the received untagged traffic in C1 as part of the LAN1 interface.
  • When the Gateway replies to the PC A, the traffic has a similar path. The untagged traffic from LAN1 is put into VLAN1 in C2 as indicated by PVID, and send out untagged on C3 due to the port being untagged member of that VLAN.
  • The PC then receives the IP address from the Gateway's LAN1 interface and can then communicate to this network.

 

Case #2

PC B connects to Switch B, which has a different PVID 100:

 

mceclip3.png

 

At first, it might seen that PC B should actually get an IP from VLAN100 (which  doesn't exists on the Gateway). However, this is not the case and here is where understanding the PVID concept is important:

  • PC B untagged traffic will be put on VLAN100 as indicated by the PVID in C6.
  • The Switch B then determines which other ports are actually members of the VLAN100, being C5 one of them in this case. The switch checks how should the traffic be sent out of C5, which in this case is untagged due to the setting.
  • In C4, the Switch A receives the traffic request as untagged, but as indicated in the PVID, this traffic will then be put on VLAN1 for Switch A and finally sent out untagged to LAN1 interface on the Gateway.
  • As seen here, Switch A and B handle the untagged traffic in different ways based on the PVID configure, but in fact the traffic is always the same, reaching LAN1 successfully.
  • Similarly on the reply back, Switch A puts the LAN1 interface untagged traffic in VLAN1 which is then send out untagged on C4. Switch B then receives this untagged traffic in C5 and puts in VLAN100, which is finally forwarded untagged on C6 to the PC.
  • The PC then receives the IP address from the Gateway's LAN1 interface and can then communicate to this network.

Case #3 

PC C not receiving traffic and IP Phone connecting to tagged VLAN:

 

mceclip3.png

 

Let's first tackle the PC C connections:

  • PC C sends the untagged traffic to C7 in Switch B, which by PVID is put on VLAN1. 
  • Then Switch B tries to forward the traffic to other ports members of VLAN1. However, in this case, there's no other port member of the VLAN. As shown before, C5 is member of VLAN100 untagged so VLAN1 traffic is not forwarded through this port.
  • The traffic from PC never reaches the Gateway and hence PC C does not get an IP address and will not have network access.

IP Phone connecting to tagged VLAN:

  • IP phones are usually tagged aware, so they can handled VLAN tagged traffic. 
  • In this scenario, the IP Phone sends its traffic to C8 tagged VLAN10, therefore, the PVID will not affect this traffic as it's already tagged, so PVID can be set to other VLAN with no issues.
  • The VLAN10 traffic is also sent tagged on C5, C4 and C2, not suffering any modification. The traffic arrives tagged on the Gateway, which also has a VLAN10 tagged interface.
  • Gateway reply traffic has again a similar path. It's send tagged from the Gateway, and it's just forwarded with its tag on C2, C4, C5 and C6, arriving tagged to the IP phone which can handle this traffic.
  • The the IP phone can receives a IP address from VLAN10 on the gateway and have communication with this network.

 

3. How does PVID in the uplink port can affect the Management of the Switch?

The PVID can also affect the management network of the switch itself. 

 

mceclip4.png

 

In the above setup, both Switch A and Switch B have a management VLAN1 configured in the Nebula site-wide settings.

 

Switch A:

  • The switch acts like a PC that is connected to itself. The management traffic is put on VLAN1 which then the switch sends out on C2 as untagged and received on LAN1 of the Gateway.
  • The switch then receives and is accessible on an IP address from LAN1 interface.

Switch B:

  • Similar to Switch A, the management traffic is put on VLAN1 when it goes through the switch. However, the uplink port in C5 is not member of VLAN1 traffic, then the request is not sent out of the Switch B.
  • The Switch B can then not received an IP address from the Gateway and it's not connected to the network. 

As shown in above example for Switch B, it's important to a have complete overview of the PVID settings on uplink ports and its matching with the Management VLAN.

Fortunately, Nebula has a second mechanism that could avoid switch B to become offline in this case. The feature is called "Management VLAN Control". This feature provides a second mechanism (beside port PVID) to define the ports membership on the management VLAN.

 

mceclip6.png

 

By default "All" ports are members of the management VLAN, which means that Switch B in the scenario above will still have C5 port as untagged member of the management VLAN1, allowing the switch to get access to LAN1 interface on the Gateway. 

Note that removing the uplink port from the Management VLAN control list, and also not having the management VLAN as PVID of the uplink port will cause a total unmanageability of the Switch on Nebula, and a reconfiguration of the settings and reset of the switch will be needed.

 

 

 

 

 

 

 

Articles in this section

See more
Was this article helpful?
27 out of 32 found this helpful
Share