FlyerTalk Forums - View Single Post - Guidance needed - managed switches
Thread: Guidance needed - managed switches
View Single Post
Old Jul 25, 2018 | 12:54 pm
  #2  
gfunkdave
FlyerTalk Evangelist
Conversation Starter
All eyes on you!
20 Years on Site
 
Join Date: Nov 2002
Location: ORD
Posts: 14,773
A generic Networking for Dummies book probably talks about it, but here's the idea:

VLAN (virtual local area network) is a way to use the same physical switches and cables and have multiple independent and segregated networks running on them. VLAN-aware switches modify each Ethernet frame that passes through them to include a VLAN ID. This is called tagging the frame. The spec says the tag can be a number between 0 and 4095, so you can theoretically have up to 4096 VLANs coexisting. Many cheaper switches can't do the full range, however. In addition, VLANs 0 and 1 are usually reserved for special applications, so it's bad form to use them. If you run tagged traffic through a switch that isn't VLAN-aware, it will often think the frames are garbled and drop them. So if you want to use tagged traffic, you have to pass that traffic through only switches that are designed for it.

There are two kinds of traffic you can pass: tagged, which has the VLAN ID attached, and untagged, which doesn't. Generally on a managed switch, you define which ports are members of which VLAN, and whether they pass tagged or untagged traffic on that VLAN. PCs, printers, and other end-user devices generally can't read tagged traffic (though Linux/Unix can if you set them to), so any port that is directly connected to such a device must be set to untagged. Broadly speaking, there are three main types of port configuration:
  • Untagged. In this case, you set the VLAN on the port as a whole, and the switch will silently route only traffic on that VLAN to that port, and tag the traffic appropriately going out other ports on that VLAN. This is what you'd do if you plugged a printer or PC into the port. The port only passes traffic on its assigned VLAN.
  • Trunk/Tagged. All traffic is tagged with a VLAN. Usually you use this to plug into another managed switch. The port will pass all traffic on the VLANs it is assigned to, and it will tag the traffic appropriately.
  • Mixture. In this scenario, you set the PVID (primary VLAN ID) on the port. Untagged traffic going through that port is considered to be on the PVID, but the port will also pass tagged traffic for VLANs it is a part of.
An easy way to conceptualize it is to remember that the device connected to a given switch port must mirror the settings on that switch port.

Note that just having the different VLANs doesn't really help you if you don't have a way to route between them. If your router supports VLAN tagging, then you can set up the different networks in the router and it will route between them for you. If it doesn't, then you need to see if your switch is an OSI Level 2 or Level 3 switch. A L3 switch can route between the VLANs for you, while a L2 switch can't.

If you need a router that can handle it, I recommend the Ubiquiti EdgeRouter X - it's $49 and can handle gigabit speeds. There is a significant learning curve to it, though. Mikrotik also makes similar routers in this price range.

Netgear and TP_Link make very affordable VLAN-aware switches as well. You can get a 5 port one for about $35 and an 8 port for not much more.
gfunkdave is offline  
Reply