Hi,
in your scenario any of your switches has at least one port (left: port 4, middle: ports 1 and 2, right: port 3), that has to transmit more than one VLAN (namely VLAN 2 (blue) and VLAN 3 (red)).
In general if a switch has at least one port to be used with at least two VLANs, you have to:
- Disable Port-Based VLAN
- Enable 802.1Q VLAN
In your case you have to do so for all three switches.
Then:
For the left switch:
- Add a new VLAN 2 (blue) and set port 4 to "Tagged" and port 6 to "Untagged" (leave alle other ports in state "Not Member")
- Add a new VLAN 3 (red) and set port 4 to "Tagged" and port 5 to "Untagged" (leave alle other ports in state "Not Member")
- The already existing VLAN 1 should now have ports 1-4 and 7-8 in state "Untagged" and ports 5-6 in state "Not Member"
- in PVID settings set ports 1-8 to the following PVID values: 1, 1, 1, 1, 3, 2, 1, 1
For the switch in the middle:
- Add a new VLAN 2 (blue) and set ports 1 and 2 to "Tagged" (leave alle other ports in state "Not Member")
- Add a new VLAN 3 (red) and set ports 1 and 2 to "Tagged" (leave alle other ports in state "Not Member")
- The already existing VLAN 1 should now still have all ports 1-8 in state "Untagged".
- in PVID settings set ports 1-8 to the following PVID values: 1, 1, 1, 1, 1, 1, 1, 1
For the right switch:
- Add a new VLAN 2 (blue) and set port 3 to "Tagged" and port 8 to "Untagged" (leave alle other ports in state "Not Member")
- Add a new VLAN 3 (red) and set port 3 to "Tagged" and port 7 to "Untagged" (leave alle other ports in state "Not Member")
- The already existing VLAN 1 should now have ports 1-6 in state "Untagged" and ports 7-8 in state "Not Member"
- in PVID settings set ports 1-8 to the following PVID values: 1, 1, 1, 1, 1, 1, 3, 2
As a result only the devices in the same VLAN (2 or 3) can talk to each other. All devices connected to other ports are assigned to VLAN 1 and can only talk to each other but not to devices belonging to VLANs 2 or 3. The switch management address is only accessible via a switch port assigned to VLAN 1.
If you want to add one of the other ports of any of the three switches to VLAN 2 or VLAN 3, you have to
- Edit the VLAN X (X=2 or 3 respectively) and set the desired port to "Untagged"
- Set the PVID value (in PVID settings) of the desired port to X (X=2 or 3 respectively).
Some basics:
- The PVID value of a port identifies the VLAN that untagged frames entering the port ("receiving direction") will be assigned.
- In the "sending direction" a frame belonging to VLAN X is sent untagged on port Y, if port Y is configured "Untagged" for VLAN X.
- Note: Any port can be configured "Untagged" for at most one VLAN only.
- A port that is configured "Untagged" or "Not Member" for a VLAN X, can be configured "Tagged" for any number of VLANs other than X.
PT
