How To Set Up VLANs When You Don’t Understand VLANs

By | March 3, 2016

Several years ago, I needed to partition a network into separate VLANs.  The switches I had were capable, but I wasn’t.  I was having trouble understanding what the terms meant (Tagged, Untagged, Excluded) and how to configure each port to achieve my desired result.  I had trouble finding a good I-don’t-really-care-that-much-about-VLANS-or-Cisco-documentation-I-just-want-this-to-work-so-I-can-get-on-with-what-I-am-really-trying-to-do kind of explanation, so I thought I would write one.  Remember I said that was years ago?  My TODO list is very long.

The switches I was using in this project were Cisco/Linksys SGE2000P which is a “small business” switch.

VLAN concepts:

  1. VLANs are a way to group ports, potentially across multiple switches, into networks (Virtual Local Area Networks). In this way, a switch can be partitioned to, among other things, serve multiple networks all isolated from each other.
  2. Each VLAN is identified by an ID which is a number.
  3. Each port on the switch is designated as Tagged, Untagged or Excluded in each VLAN.
  4. If a port is Tagged, the switch will add the VLAN ID to the header of any packets sent on that interface.  Tagged packets are only understood by network equipment that is VLAN aware.
  5. If a port is Untagged the switch will not add the VLAN ID to the header of packets sent on that interface and will remove and VLAN IDs in packets that came in on a Tagged interface.
  6. If a port is Excluded from a VLAN packets with that VLAN ID will never be sent out on that port.
  7. If a port is marked Untagged on one VLAN, it will be excluded from all other VLANs.  In other words, an Untagged interface can only be a part of one VLAN at a time.
  8. A port can be marked as Tagged on any number of VLANs

What does all of that mean?

Any port that is going to carry traffic between 2 switches must be able to carry packets from all of the VLANs so therefore must be included in every VLAN that must transit that link.  The switch on the other end must be able to determine which VLAN to forward the packet to so the packets sent out that port must be tagged. It is also important that both switches understand VLANs.

Any port that is going to connect to a non-switch device must be marked untagged in the VLAN the device is supposed to be a part of.

Example

Say you want to create 3 different networks with 2 VLAN capable 16 port switches.  We’ll use VLAN IDs 7, 8, and 9.

We want to configure the networks thusly:

  • Connect port 16 on switch #1 to port 16 switch #2.  This cable will carry traffic from all 3 VLANs between the switches.  These ports must be tagged in all 3 VLANs
  • VLAN 7 will include ports 1, 2, and 3 on switch #1 and ports 1 and 2 on switch #2. These ports must be untagged on VLAN 7  and excluded from VLANs 8 and 9.
  • VLAN 8 will include ports 4 and 5 on switch #1 and ports 3, 4, and 5 on switch #2. These ports must be untagged on VLAN 8 and excluded from VLANs 7 and 9.
  • All other ports will be on VLAN 9. These ports must be untagged on VLAN 9 and excluded from VLANs 7 and 8.

So configure the ports like this:

Switch #1
Port VLAN 7 VLAN 8 VLAN 9
1 Untagged Excluded Excluded
2 Untagged Excluded Excluded
3 Untagged Excluded Excluded
4 Excluded Untagged Excluded
5 Excluded Untagged Excluded
6 Excluded Excluded Untagged
7 Excluded Excluded Untagged
8 Excluded Excluded Untagged
9 Excluded Excluded Untagged
10 Excluded Excluded Untagged
11 Excluded Excluded Untagged
12 Excluded Excluded Untagged
13 Excluded Excluded Untagged
14 Excluded Excluded Untagged
15 Excluded Excluded Untagged
16 Tagged Tagged Tagged
Switch #2
Port VLAN 7 VLAN 8 VLAN 9
1 Untagged Excluded Excluded
2 Untagged Excluded Excluded
3 Excluded Untagged Excluded
4 Excluded Untagged Excluded
5 Excluded Untagged Excluded
6 Excluded Excluded Untagged
7 Excluded Excluded Untagged
8 Excluded Excluded Untagged
9 Excluded Excluded Untagged
10 Excluded Excluded Untagged
11 Excluded Excluded Untagged
12 Excluded Excluded Untagged
13 Excluded Excluded Untagged
14 Excluded Excluded Untagged
15 Excluded Excluded Untagged
16 Tagged Tagged Tagged

You might also need to know about PVID: What is PVID?
Try out this VLAN setup example: VLAN Example: Share VLAN aware multi-SSID access point between 2 networks


If you find this site helpful, please consider supporting my efforts by clicking My Amazon Affiliate Link and buying whatever you would normally buy or maybe Try Amazon Prime 30-Day Free Trial.