Router Charts

Router Charts

Router Ranker

Router Ranker

Router Chooser

Router Chooser

NAS Charts

NAS Charts

NAS Ranker

NAS Ranker

More Tools

More Tools

LAN & WAN How To


The next step is to change the PVID (Port Default VLAN ID) setting on each port. The PVID is the VLAN ID the switch will assign to all UnTagged frames received on each port. As mentioned, I'm not using VLAN-aware devices, so all frames will arrive at the switch UnTagged. The frames will then receive the PVID associated with their port.

PVIDs are the key to breaking up a broadcast domain in this example! The simple rule to remember is that you set each port's PVID equal to the number of the VLAN that you want it to logically belong to. This is where naming the VLANs is important.

So, my VoIP server and ATA are connected to switch ports 6 and 7, so I set both their PVIDs to 4, which I named the VoIP VLAN. Similarly, my data devices are plugged into switch ports 2 through 5, so they get a PVID of 3, which is the Data VLAN. Ports 1 and 8 are left over and get a PVID of 2, which is the Network VLAN.

Changing PVIDs on the SRW is accomplished via the Port Setting menu, and you simply put in the number of the VLAN that applies to all UnTagged frames arriving on that port, as in Figure 12.

PVID port mapping
Click to enlarge image

Figure 12: Mapping PVIDs to ports

Click Save, and you've completed the configurations. I did this on a live network; you would be wise to do this during little or no activity on a production network. If you have a defined maintenance window, this type of work definitely belongs in that time frame.

One issue I ran into while configuring VLANs on this managed switch was locking myself out of the switch's management interface, which by default is on VLAN1. The end result I'm going for will leave nothing on VLAN1, so I'm going to have to change the switch's default setting from VLAN1 while in VLAN1, and then go to a port in VLAN2 to complete the configurations.

The easiest way I found to do this is to change the PVID on port 1, which is connected to the RV042, to a PVID of 2, and then change the network setting of the SRW to VLAN2, as in Figure 13. I then moved the Ethernet cable connected to my Laptop from port 8 of the SRW to a port on the RV042 to finish the configurations.

Tip TIP: Some inexpensive managed / "smart" switches don't have the ability to change the VLAN of the Management interface. In that case, you would use the default VLAN (usually either 0 or 1) as the "Network" VLAN in this example.

If you lock yourself out of the switch management interface, there is also a console connection option. On switches without console connections, you'd need to reset the switch to its default configuration and start over.

Management config

Figure 13: Putting the switch on a different VLAN


With the switch VLAN configurations complete, it is time to test. The goal of this exercise was to separate the Data components from the VoIP components, so pings from the Data to the VoIP VLAN and back are a good way to see if you've succeeded.

Indeed, pings from components in the Data VLAN did not reach components in the VoIP VLAN, and vice versa, which is what I want. However, all components need Internet access, so checking a browser on servers in both VLANs or pinging a reliable Internet host such as Google or Yahoo are good tests.

Since VoIP elements are part of this exercise, placing test calls is a good idea, both to and from stations, as well as to and from outside POTS numbers. Make sure to transmit and receive audio in both directions to ensure no one-way audio problems. One-way audio would indicate a routing or firewall problem blocking the voice path of the communication stream.

Another benefit of VLANs is that my network is now more secure than it was as a single LAN. Any device can flood the network with broadcast traffic, forming a denial of service attack against other devices on the same VLAN. However, since broadcasts can't cross VLANs, a device on my Data VLAN now can't flood my VoIP VLAN.

With these steps completed, my network is now divided into two separate VLANs and a third that overlaps the two. Figure 14 is a simple picture of my network with VLANs implemented. The four devices on the left have access to each other and the Internet. The two VoIP devices have access to each other and the Internet. Broadcasts in either VLAN will not affect the other.

After VLANs

Figure 14: The network divided into VLANs

More LAN & WAN

Top Performing Routers


Top Performing NASes

1 drive
2 drives
4 drives
6 drives
8 drives

Over In The Forums

  • RT-N66U-Traffic, which PC is using?
    We have this Router which has 4 PC's wired to it, is there a way to know though the Traffic Manager or otherwise which of the 4 PC's moving the Data?...
  • Cannot access from PC
    Hello: First a little history. Comcast forced me to replace my cable modem with a TC8305C because the one I had was end of life. This one does...
  • Openvpn static key configuration gone
    I was running an old merlin firmware (270.26) version and when i updated to version 50 beta 1, i have seen that the openvpn static key configuration...
  • Sync two routers (USB folders) via OpenVPN
    Hello I have two RT-AC66U routers running with Asus-Merlin running OpenVPN. Everything works well but I would like to automatically sync folders...
  • AC87, iTunes WiFi Sync and Handoff issue
    Hello, I recently purchased and configured an RT-AC87R router and it is working great but I have 2 main issues with it: * iTunes does not see my...