I was hoping this to be little more clear. But as far as I have learned it it’s like this: In essence it’s all about untagged traffic on a port. Cisco requires you to define a port as trunk or access. When a port is a trunk port they will call the untagged traffic the native vlan. On an access port you have to set the PVID. Some switches have their own way (like Cisco) with defining trunk or access ports. Some switches like Ubiquiti’s don’t differentiate between trunk and access ports and simply allow 1 untagged vlan per port, whether that port is carrying tagged VLAN’s or not. Some “smart” switches require you both to define untagged vlan membership and PVID. They also allow multiple VLAN’s to exit the port untagged. PVID in this case defined in what VLAN ingress traffic is being thrown. Why you would want multiple untagged egress VLAN’s on a port is beyond me. But this is usually the confusing part in semi-managed smart switches like the Netgear GS105E and the TP-link SG108E etc.

@JasonsLabVideos

Жыл бұрын

Nailed it. It sucks that every manufacture has a different way of doing a standard.

@bcookbsdwebsol

Жыл бұрын

Ubiquiti Unifi switches vs Ubiquiti Edge switches.. Unifi are the web managed devices. Default port profile is All which is any vlans including 1. You are free to make a profile (I call mine) Trunk-1 in which all defined vlans are allowed, or as you see fit. Not passing vlan1 has its own fun with mst as Cisco wants vlan1.. But you are free to define things as well as you understand them in Unifi devices.

@JasonsLabVideos

Жыл бұрын

@@bcookbsdwebsol IMO Edge switches are way nicer..

@sundwitzi9225

Жыл бұрын

Your comment is the best description I've got so far! 👍

Any traffic that does not have a 802.1q tag as it arrives on the trunk will be considered to be on the native vlan. If a port is configured for the native vlan, it will be able to communicate with anything on that vlan on the swirch as well as any untagged traffic that arrives on the trunk. Vlan 1 being the default native vlan on Cisco. Also if you have a native vlan on a trunk port, traffic placed on that trunk from devices in the native vlan will not be tagged. This can lead to the receiving switch interpreting this traffic to be on the native vlan, even if the vlan ids don't match (this will cause a native vlan mismatch on Cisco) Gets even trickier when you have a Cisco switch connected to a non Cisco switch, as the vlan ID can change from switch to switch.

I thought you explained it very well! Simply, and to the point. I've heard many people attempt to explain the concepts, but in such complicated fashion, that even if you already understand it, you could get confused.

Nice video Willie 😊

Great info as always

Yes, thank you! 🙏Finally some one clearly explains the difference and what they are for. It doesn't help that some manufacturers use different terminology for the same function too!

Clear as mud.

Hey Willie. Here's the idea for a cool video series... An exampe network setup with a cisco switch, unifi switch, and some sort of a router :) or better yet a L3 switch and a router/gateway. Add a wifi network (or better yet, couple) on a separate vlans just for sh.. and giggles :) Then you can really dive deeper into trunks, tagged vs untagged traffic etc.. Great video, as always! Thank You.

On my main switches in the rack where there is no endpoints connected, all ports are tagged with all VLANs Only on parts on the switches that are connected to an endpoint device. Do I enable the VLAN? I want them to be on whether it be a camera or a laptop or a desktop. When it comes to wireless devices, the VLANs are set up specifically for IOT devices and my main VLAN. Everything else is hardwired

Good job. Whenever you have to use the same words to define other words, you know it's tough.

Is that possible to assign a VLAN ID based on TCP port number?

Very timely. In my experience it's possible to lose management connectivity to your switches if you assign them IP addresses in the non native vlan. Further muddies the waters when I believe best practices says no traffic on untagged vlans. I feel I've have a decent working knowledge of vlan configuration but this aspect has always remained mysterious so I've just worked around it.

HERE IS THE SIMPLEST EXPLANATION *Terms* _Untagged_ A standard Ethernet frame (802.3) that has no VLAN ID field within it. _Tagged_ Synonymous with *Trunked*. An 802.1q frame that has a VLAN ID set in the appropriate field within the frame. *Rules* 1. Every port MUST have a single VLAN ID as the Untagged VLAN (default is 1). 2. Every port MUST have a single VLAN ID as the PVID VLAN (default is 1). 3. Every port MUST have the same VLAN ID set for both the Untagged and PVID. 4. Every port MAY have one or more VLAN ID's set as Tagged VLAN's for that port. 5. A port that does not define any Tagged VLAN's is known as an "access port" 6. A port that defines at least one Tagged VLAN is known as a Trunk port. *Scenario 1 A Switch Receives an Untagged Frame* It will internally associate that frame with with the PVID set on the port which it was received on. *Scenario 2 A Switch Receives a Tagged Frame* It will only receive the frame if the port it was received on has a Tagged VLAN ID that matches the VLAN ID field of the frame, otherwise the frame is dropped/ignored. It will then internally associate the frame with the VLAN ID that it was tagged with. *Scenario 3 A Switch must decide where to forward an outbound frame* It will transmit an untagged frame (802.3) out all ports whose Untagged VLAN ID matches the frame. It will simultaneously transmit a tagged frame (802.1q) out all ports whose Trunked VLAN ID matches the frame.

thanks mr howe. pvid / native / trunks what a mangle going from cisco to hpe aruba trunks. agggh! cleared it up for me.

Hi, thanks for your help, I have a question, what happen if I have one port configured in native vlan mode and another port in pvid port ... are they compatible each other ?

@WillieHowe

10 ай бұрын

Yes

Hey is there any email address/business tel over which you can approached?

More confused now. Since adding a managed switch to my Synology mesh setup I can’t use my guest network due to the VLAN ID. Not a single device can connect to the guest Wi-Fi.

@WillieHowe

Жыл бұрын

Make sure the VLAN is tagged on the router ports -- both main and meshpoint.

the best

Strange, i just did a video about this.

I'm guilty of using both interchangeably when referring to the native VLAN. Its kind of Ubiquiti's fault though ;). By default every port is somewhat of a "trunk" port.

Thanks for the video. Would have been even more clearer if you also used diagrams and tagging examples.

It’s confusing until you learn it. The best way is trail and error. Color drawing a trunk and the default vlan, and a custom trunk with a default untagged vlan and ragged vlan. Mabe I am getting to deep for this video!

Setting the PVID designates which vlan will be the "default untagged" vlan across all ports, which is by convention, Vlan-1. Which is why we generally use Vlan-1 as the "Management" vlan for all our switches, servers, APs, in a network.. So, unless you intentional want to change your "default untagged" network to another vlan, don't change the PVID, or you'll be setting that vlan untagged across all the switch ports... The behavior of this is different for each manufacture, so check before making any hard & fast rules about it. I can have Vlan-1 as my PVID, and still assign port 10 with Vlan-20 untagged if I want, without changing the PVID...

@jonpinkley2844

Жыл бұрын

That's not my interpretation of PVID. What you are describing it the "default vlan" (in Cisco terminology), and that is the pvid that will be used by default if not specified. PVID is a standards based term, it is in the 802.1Q spec, and it is the vlan that will be associated with an untagged (or priority only tagged) frame received on the port. PVID stands for Port Vlan ID; another indication that it is related to a specific port, and not the "default untagged" vlan across all ports.

Trunk interfaces should match allowed vlans.. some vendors default pass all defined vlans some do not. If you plug into a defined trunk interface with an undefined interface - what happens? This is where native (if defined) would “kick in”. Think of it as error checking.. Security wise, creating a vlan for native would let you know that something needs attention as native vlans are patches or band aids. If you are in charge of managing a switch or network you are tasked with being “in control”. Native allows you to be sloppy or “not in control” and things keep working.. (if defined in that capacity, in a security capacity you are aware of the potential and want the port to act a defined way..) A correctly defined trunk to trunk, native is never seen. Trunk to “not trunk”, is when native would be seen. Understanding this situation, or the potential for this situation; this is network design and helping yourself or others. There should be limited “unknowns” - you are tasked with being “in control”.. My 0.02

@WillieHowe

Жыл бұрын

AFAIK UniFi is the only switch to allow all by default.

Building my first ever VLAN... Got thrown into the deep end at start... Configuring VLAN in "pfSense", "Netgate SG-1100 Built in switch", "Unifi" in the same network and one SSID with two codes but depending on the code it will give access to diffrent VLAN. I'M SO LOST 😅

More confused 🤯

Let's talk port channel...