NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
VLAN ID & PVID
Hi, This has been discussed a lot of times, but I just can't find a satisfying answer.
This page was quite helping : https://kb.netgear.com/24721/How-does-a-VLAN-work-on-a-smart-switch
But...
On my Netgear switches you can set the PVID of Untagged Ports separately from their appartenance to a specific VLAN.
Why would you want a Untagged port's PVID to be different from the VLANs ID it belongs to?
Thanks.
ubiq1er wrote:Let's imagine my port 5 on my switch : PVID set to 1 / VLAN Membership in VLAN ID 10 - Untagged port.
Ok, let's go ahead...
ubiq1er wrote:- If an untagged frame enters this port : it goes to VLAN ID 1 and never touches VLAN ID 10, despite the fact that the port's membership is in VLAN 10.
Correct. That is what the PVID config is made for.
ubiq1er wrote:- If a tagged frame enters this port, the frame ignores the PVID (only used for untagged frames), and if the VLAN ID tag in the packet is 10 (as the port's membership), it is forwarded to VLAN 10, otherwise, it gets dropped.
Yes. The port has no config setting to limit untagged traffic only, the configured/matching tag is honored, otherwise it's dropped. Unrelated to the PVID setting.
ubiq1er wrote:- If a frame leaves this port 5, it is stripped from its tag and it can only come from VLAN 10.
Yes, because the VLAN 10 is configured [U]ntagged for the port. Again unrelated to the PVID setting.
ubiq1er wrote:I'm not sure about the last one, but wow, the relation between PVIDs and VLAN Memberships is more complex than I thought.
It's technically very clear 8-) However, it's the thing which is most confusing.
Now you are the Smart Managed Plus geek able answer almost any VLAN related question here in the community!
10 Replies
Replies have been turned off for this discussion
Because there could be (wide off .1q standards!) so called asymmetrical VLANs configured, e.g. where multiple VLAN can be untagged on one port or LAG, but only one had the PVID is where untagged frames are assigned to.
Ok, so there are some use cases.
Thank you.I guess that leaves me with a very last question to understand all the possible cases :
What would happen to an untagged packet entering an untagged port, if the PVID of this port was to be different from the VLAN ID to which this port belongs ?
Would this packet then be dropped ?
Would this packet be tagged ? If yes, with the PVID or the VLAN ID ?Of course, the frame will go to the VLAN the PVID does ask for ... this can be interesting for certain purposes 8-)
From the security prospective, the other question would be more interesting: What happens to a tagged frame which is sent to the port but there is no such VLAN allowed on the port.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
