VLAN - Tagged VLANs vs. PVID (Setup Example Untagged/Tagged VLAN on a GS22XX-Switch)

In this walk-through, we will guide you through the switch setup for a generic VLAN configuration:


mceclip2.png

The uplink port to our router is VLAN-capable, while the PC Edge-Port is VLAN-incapable. The tutorial below on this example shows you how to set up switch-ports for both tagged and untagged VLANs.

 

Tagged VLAN

If you have VLAN-capable devices (firewalls or Access-Point with VLAN-Interfaces/VLAN-capable SSIDs preconfigured, etc.), you have to set up the Port tagged to the VLAN-ID you want to pass through. In our example, we will set up a VLAN with VID=10 on a GS2200. By default, all VLAN Ports are untagged members in VLAN1, and all ports have PVID = 1. This makes VLAN-incapable devices connected to the ports communicate via VLAN1.

First, navigate to:

SWITCHING > VLAN > VLAN Setup > Static VLAN

 

You then can see click on add/edit to add a VLAN10 menu:

In this menu, create a VLAN by activating the VLAN, giving it a Name (we went here for "VLAN10" and assigned the VLAN-ID - in our example 10. Afterwards, set the membership of the ports you want to set to "Fixed", set up tagging (since we want these ports tagged) and then press "Add" to apply the setting and create the VLAN. 

Note: Do not forget to press "Save" if you want these settings permanently saved onto switch configuration!

 

Untagged VLAN

Sometimes, the end device in question is not VLAN-capable but still shall join a VLAN (like most PCs do not have VLAN settings within their network interface cards). In our example, a PC connected to Port 10 of our GS2200 switch is supposed to become a member of VLAN10 without actually having VLAN established on its network interface card. For this, navigate again to

SWITCHING > VLAN > VLAN Setup > Static VLAN

This time, we will choose the Port our PC is connected to to be an untagged member in VLAN 10. For this, we set membership status to "Fixed" while unchecking the "Tagged"-Checkbox.

After that, we press again "Apply" to apply our settings. 

Please note that only one untagged membership per Port is allowed! This automatically means that we have to take away the default untagged membership in VLAN1. Mark the VID1 and click "Add/edit" to edit the VLAN1:

Here, ensure that you have VLAN1 set for the VLAN10-untagged Port to "Forbidden", or tag it via Tx-Tagging-Checkbox. Afterwards, save temporarily via the "Apply" button.

As a next step, it is important to know that the PVID of a port must always match its untagged membership - so we still have to set up the PVID of Port10 of the switch to being 10. This can be done via:

SWITCHING > VLAN > VLAN Setup > VLAN Port Setup

Here, you can set the PVID according to our needs:

You know I can plug in the PC on Port10 of your switch and receive an IP address from VLAN10 of the USG!

Note: Do not forget to press "Save" if you want these settings permanently saved onto switch configuration!

 

 

What have we learnt?

The most important learning out of this generic setup example are:

  • Tagged and untagged VLANs are set up differently (Tagged Membership vs. Untagged Membership+PVID)
  • Only one untagged membership per Port allowed
  • PVID has to match the untagged membership

For more information on VLANs, these might be interesting articles to browse through as well:

VLANs - A deeper look at how they work

Separate VLANs on a ZyWALL/USG

How to configure VLAN on a USG device

GS1900: How to configure VLAN on Zyxel Switch

Articles in this section

Was this article helpful?
8 out of 13 found this helpful
Share

Comments

0 comments

Please sign in to leave a comment.