VLANS: Tagged and untagged ports. Yes, again. (resolved)

Started by oliviermyre, October 26, 2023, 12:14:40 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 26, 2023, 12:14:40 AM Last Edit: October 27, 2023, 01:25:11 AM by oliviermyre
Hi everyone,

Second post on here and first time setting things up this way for me, so (again) please bear with me.

Here is a summary of my networks physical connections with vlans setup:

Protectli device:
WAN/igb0: to ISP Gateway (bridged)
LAN/igb1: Connected to a single computer for setting up the FW appliance
igb2 & igb3: hold Lagg0 to 8-port managed switch 1. (I followed a youtuber (homenetworkguy) and found his idea of putting all vlans on a lagg is a clever idea.)

Switch 1:
- port1: to lagg0 / igb2 *
- p2: to lagg0 / igb3 *
- p3: tagged "10, 20, 99" to switch 2
- p4: untagged 10 to wifi AP
- p5-p8: untagged 30 to IoT

Switch 2:
- p1: tagged "10, 20, 99" (to switch 1) **
- p2: untagged 10 to wifi AP
- p3: untagged 20
- p4: untagged 99
- p5-p8 not in use

I know. Two switches daisy chained... Not the best.
But believe me, it's the best in my case. I got 2 places where the tech stuff is, and the two places are separated by like 60 ft. And no, it's not realistic nor possible nor desirable to "move" any of those two physical places to the other.
That being said, I wonder about vlans as its my first time with this stuff...

* First question: Should these 2 ports on switch 1 be tagged with all my vlans to go through? Is that considered trunk?
** Second question: Should this port also be tagged?

I kinda figured out that any port going to a single host will be untagged and ports going to another switch/router/etc will be tagged, but is it the case in both ways for tagged ports (ie both my switches)?
I'm confused as I'm not sure if I should see the network as directional or not... if it makes sense.

Thanks for the help out there
October 26, 2023, 01:10:36 PM #1
Hi oliviermyre.
Regarding your first question, a trunk port should pass tagged traffic, so the answer is yes.
And about the second question, if I understood right, you are referring to the the lagg0 port, and I answer yes.

When you define link aggregations, then have a single logical port. That is the port where you must define the VLANs, not the physical ones.

The communication between any host and a switch is untagged in both ways. Ports used to connect a single host is in access mode.
When you connect two switches with a single physical port or a logical aggregation of ports, communication between those ports is tagged. The switch is responsible of tagging packets that come from a host and go to another switch and untag packets that come from a switch and go to a host.
The same is true for packets that flow between a switch and a router.
Print
Go Up Pages1
User actions