Hi all-

i have a CSS326-24G-2S+ running SwOS. I have a dedicated SAN unit running TrueNAS with two 10G SFP ports, both are plugged into the switch. One port is for accessing the TrueNAS interface, which works fine, the other I would like to have on its own private VLAN so my servers can run their VMs from the SAN and not compete with "regular" network traffic. I have enabled "Independent VLAN lookup" under Settings, and under VLANs created a new VLAN with an ID of 200 and unchecked all the boxes except for the two that I want (one of the SFP ports as well as one of the regular ethernet ports that is hooked up to the server). Under the VLAN tab I specified "enabled" and "only tagged" for those two ports.

On the SAN i gave the specific interface 10.100.5.100, and on the server I also gave it 10.100.5.200 for its specific interface in the VLAN. Both machines can ping themselves but not each other. I've been going through the documentation as well as watching some YT videos and it _seems_ like I have the switch set up correctly, but I clearly must be doing something wrong since the two machines can't see each other on those particular IPs.

Is there something obvious I'm missing in my configuration? I'm trying to learn so this is more homelab experimentation than anything else, but it would be nice to know how to properly isolate the traffic on the switch.

Thanks for any info!

Tacho

Under the VLAN tab I specified "enabled" and "only tagged" for those two ports.

Which means that devices, connected to these two ports, have to be configured for tagged operation as well. Are they? If SAN and servers don't work with tagged VLANs, then you have to configure these two ports as access ports (untagged with PVID=200 set).

...
Which means that devices, connected to these two ports, have to be configured for tagged operation as well. Are they? If SAN and servers don't work with tagged VLANs, then you have to configure these two ports as access ports (untagged with PVID=200 set).

Ah ha! That was the problem! In hindsight that makes sense, I hadn't configured the other machines to send "200" as the tag. Once I set them to "Untagged" they can both see each other. Thank you very much mkx, I definitely learned something, which is what I wanted to do.