I have never used VLANs before, so I'd like confirmation that it will work as I think.
We have three Netgear GS724T and a fortinet router.
If I configure a port to be Untagged on VLAN 1 with a PVID set to 1, and Trunk on VLAN 2, will it accept and transmit untagged packet on VLAN 1 and accept and transmit Tagged packet on VLAN 2 ?
I would like to keep the current default configuration of every port untagged on VLAN 1 and start to add new VLAN as needed without breaking the Internet access or access to the ESX virtual machines. My first test would be to put the ESX Ethernet port Trunk on VLAN 2 to test with a single VM on VLAN 2, and the other VMs still untagged on VLAN 1.
VLAN membership – Tagged and Untagged
vlan
Related Topic
- Difference Between Untagged and Tagged Ports – VLAN Explained
- VLAN – Behavior of Untagged Traffic on TRUNK and ACCESS Ports
- VLAN Security – Is Splitting a Switch with VLANs Secure?
- VLAN Configuration – Converting Untagged VLAN to Tagged VLAN
- 802.1x Authentication – Dynamic VLAN Assignment of Tagged Frames
Best Answer
Here's one way to think about it:
A port with more than one VLAN associated with it is called a Trunk. A Trunk can have exactly ONE untagged vlan (also called the Native VLAN), and one or more Tagged VLANS. If you set a VLAN to be untagged on a port, there is no PVID associated with it; there is no PVID field in the Ethernet frame.
If a trunk port is configured with VLAN1 untagged, and VLAN 2 tagged, then all devices that use untagged frames (PCs etc) will communicate on VLAN 1 and be blissfully unaware of any other VLANs. If a device can tag frames with a PVID =2, then it can communicate on VLAN 2.