Defining VLAN Membership

The Port to VLAN Page enables mapping ports to VLANs. A port can belong to multiple VLANs if it is in Trunk or General modes.

The view on this page provides the information per VLAN. To change membership on a per port basis, use the VLAN To Port Page.

If a frame is sent VLAN-tagged, a four-byte tag (VLAN tag) is added to each Ethernet frame, increasing the maximum frame size from 1518 to 1522. The tag contains the VLAN ID (0 - 4095) and the VLAN Priority Tag (VPT) (0-7) (see the QoS General Configuration for details on VPT).

All intermediate VLAN-aware devices, carrying VLAN traffic along the path between end nodes, must be either manually configured with the VLAN port membership or dynamically learned from GVRP.

Untagged port membership, between two VLAN-aware devices with no intervening VLAN- aware devices, should be to the same VLAN. Otherwise, traffic will leak from one VLAN to another.

VLAN-tagged frames can pass through VLAN-aware or VLAN-unaware network interconnection devices. If none of the intermediate network devices to an end node support VLAN, then the port on the last device that reaches the end node must be an untagged VLAN member.

Note the following points:

The port mode is shown on this page for reference only. It is configured it in the Interface Setting Page.

The Forbidden/Excluded settings are relevant both to ingress and egress traffic. The complementary included is implied here if Tagged or Untagged is selected. Unless otherwise stated, the port is a member of the VLAN.

The Tagged/Untagged settings are only relevant for traffic egressing this port. If a port is an untagged member of a specific VLAN, it can still receive untagged traffic by PVID to that VLAN.

All other settings are per VLAN, but PVID is a per-port setting, regardless of the VLAN selected.

Mapping Interfaces to VLAN

The Port to VLAN Page enables you to map ports or LAGs to a VLAN.

To map ports or LAGs to a VLAN:

Click VLAN Management > Port to VLAN. The Port to VLAN Page opens.

Select a VLAN from the VLAN list. The default VLAN can also be selected.

Each port or LAG is marked with one of the following modes:

Access — Port belongs to a single untagged VLAN. When a port is in Access mode, the packet types that are accepted on the port (packet type) cannot be designated. It is not possible to enable/disable ingress filtering on an access port.

Trunk — Port can be member of one or more VLANs. It is an untagged member of at most one VLAN, and is a tagged member of all other VLANs of which it is a member.

General — Port can be tagged or untagged and be members of one or more VLAN. (full 802.1Q mode).

For each port or LAG, select one of the following values:

Forbidden — Port is not able to join the VLAN even if it is was dynamically added using a protocol such as GVRP.

Excluded — Port is not a member of the VLAN. However, the interface can be added to the VLAN through GVRP. This option is not available for the default VLAN.

Untagged — Interface is an untagged VLAN member. Packets forwarded by the interface are untagged.

Tagged — Interface is a tagged member of a VLAN. All packets forwarded by the interface are tagged and contain VLAN information.

For each port or LAG, one or both of the following values may be selected:

PVID — Port PVID is set to this VLAN.

Multicast TV VLAN— Select to make the port a member of the selected VLAN as a Multicast TV VLAN. This option is grayed out for Trunk and General port modes.