NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
re: VLAN Default vs Native Vlan 108v3 / 7224
Hi,
Can someone here kindly explain and share clear examples on how to setup Native Vlans on 1 switch. For example we have a 24 port switch, we want to create 2 vlans vlan 10 and vlan 20 4 Computers in each vlan. We want to protect the vlans from hacks / vlan hopping etc. We all know to not use vlan 1 etc, but what is the exact meaning and how do we setup for this situation.
Thank you for all your help.
7 Replies
A native VLAN is not something you explicitly configure. All the things people make a lot of noise about in the net is related to (in Cisco terms) trunk ports, where you have multiple VLAN tagged as a connection between two switches or to a router with multiple VLAN (and multiple IP subnetworks of course). Since a trunk port can carry multiple VLAN, and is not assigned to a single untagged VLAN, what VLAN tag should it apply to that untagged packet? This is where the term Native VLAN comes in. The Native VLAN is the VLAN associated with all untagged packets on a tagged/trunk port. By default, the Native VLAN is usually the same as the default VLAN on the switch e.g. VLAN 1. On the Netgear Smart Managed Plus and Pro switches you can define the PVID on the port, defining to which VLAN the untagged frame is associated to.
Most of these concerns are related to shortcomings on some vendor switch model and OS. Yes, it was Cisco and IOS, but other vendors suffered from the same. Lot of hot air...
In your set-up, with four (again in Cisco terms) access port for VLAN 10 [u]ntagged, PVID 10 and four access ports for VLAN 20 [u]ntagged, PVID 20 - so all eight ports are used on your eight port unit are alread in use. There is no trunk port on your config, and oyu can fully configure everything exactly to the point you want. No other VLAN IDs are allowed, so injecting other VLAN tags is off the table, and the port PVID setting does define the VLAN you want the untagged frames going to.
Said that, you can use VLAN 1 and VLAN 10 for example - will make things much easier, especially for the newbee.
Instead of fighting ghosts, you should be much more concerned on how you intend to use the two VLAN 10 and 20 with four computers - no router connected, no DHCP services, ...
Oh almost missed it: The subject "108v3" (whatever you had in mind - reads to me like a GS108v3) can't be configured for VLANs.
Can you clarify the meaning of clearing ports 1 thru 5 on Vlan i.e setting the U or T to blank. For example ports 1 thru 5 are in (vlan 10) and these ports are set to U. Port 6 is set to T. PVID 10 for ports 1 thru 5. Why must we go back to vlan 1 members and set ports 1 thru 5 to blank? What is the purpose of setting it to blank? what happens if we leave it as U instead?
--------------
Also for native vlans the lab scenario we have is TWO gsm7224/v2 switches.
Example: SW1 (vlan10 U) <----(T) is on port 6 ---> SW2 (vlan 10 U) Ports 1 - 5 vlan10
What happens if we connect PC1 to port 18 on SW1 and ping PC2 on port 22 on SW2. will this work because ports 18 and 22 but are not part of any vlans?
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
