Community discussions

MikroTik App
 
ik3umt
Member Candidate
Member Candidate
Topic Author
Posts: 295
Joined: Tue Jul 08, 2014 3:58 pm

css326 vlan question

Fri Oct 26, 2018 5:10 pm

New to SwitchOS
I taken a read to https://wiki.mikrotik.com/wiki/SWOS/CSS326-VLAN-Example
Why is there no need (at least I haven't seen) to declare TAGGED vlan on ether2 ??

Thank you
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: css326 vlan question

Fri Oct 26, 2018 8:07 pm

Let's focus on Example #1 from the link posted ....

Step 1) ... default VLAN ID gets configured for ports 6, 7 and 8. Meaning that if on ingress (from cable to port) switch receives untagged frame, it will add VLAN tag with VLAN ID set to the defined value (e.g. 200 on port 6). Likewise on egress (from port to cable) switch will strip VLAN header from frames with VLAN ID equal to the defined value.
Switch will not change frames with other VLAN IDs.

Step 2) ... limits which VLANs are accepted by which ports (both ingress and egress). If frame's VLAN is not on zhe allowed list, it will not pass through this port.

Steps are performed in this order on ingress and in reverse order on egress.

Both steps combined answer your question: as 3 VLANs are allowed on port 2 and none if them is default VLAN ID of it, switch will accept only tagged frames (and only tagged with VLAN IDs 200, 300 and 400) on ingress and will only transmit tagged frames on egress.
Similar reasoning covers access ports, e.g. port 7: only VLAN ID 300 is allowed and due to being default VLAN ID, VLAN tag gets stripped on egress and added (to untagged frames) on ingress.

Slightly more complicated Example #2 covers hybrid ports. All 3 VLANs are allowed on port 7, which has VLAN ID 300 set as default VLAN ID. On egress it will transmit all 3 VLANs but will strip VLAN tag from frames belonging to VLAN 300 (other VLANs remain tagged). On ingress it will add VLAN tag with VLAN ID 300 to frames received tagless and will accept also tagged frames with VLAN tags 200 and 400.

N.B. In RouterBoard devices, VLAN ID 1 is mostly synonimous to untagged ... and sometimes behaviour can be unexpected. So whenever you start to deal with VLANs, never use VLAN ID 1 when you expect to have tagged frames.

Who is online

Users browsing this forum: No registered users and 11 guests