Router Charts

Router Charts

Router Ranker

Router Ranker

Router Chooser

Router Chooser

NAS Charts

NAS Charts

NAS Ranker

NAS Ranker

More Tools

More Tools

LAN & WAN How To

Set PVID

The next step is to change the PVID (Port Default VLAN ID) setting on each port. The PVID is the VLAN ID the switch will assign to all UnTagged frames received on each port. As mentioned, I'm not using VLAN-aware devices, so all frames will arrive at the switch UnTagged. The frames will then receive the PVID associated with their port.

PVIDs are the key to breaking up a broadcast domain in this example! The simple rule to remember is that you set each port's PVID equal to the number of the VLAN that you want it to logically belong to. This is where naming the VLANs is important.

So, my VoIP server and ATA are connected to switch ports 6 and 7, so I set both their PVIDs to 4, which I named the VoIP VLAN. Similarly, my data devices are plugged into switch ports 2 through 5, so they get a PVID of 3, which is the Data VLAN. Ports 1 and 8 are left over and get a PVID of 2, which is the Network VLAN.

Changing PVIDs on the SRW is accomplished via the Port Setting menu, and you simply put in the number of the VLAN that applies to all UnTagged frames arriving on that port, as in Figure 12.

PVID port mapping
Click to enlarge image

Figure 12: Mapping PVIDs to ports

Click Save, and you've completed the configurations. I did this on a live network; you would be wise to do this during little or no activity on a production network. If you have a defined maintenance window, this type of work definitely belongs in that time frame.

One issue I ran into while configuring VLANs on this managed switch was locking myself out of the switch's management interface, which by default is on VLAN1. The end result I'm going for will leave nothing on VLAN1, so I'm going to have to change the switch's default setting from VLAN1 while in VLAN1, and then go to a port in VLAN2 to complete the configurations.

The easiest way I found to do this is to change the PVID on port 1, which is connected to the RV042, to a PVID of 2, and then change the network setting of the SRW to VLAN2, as in Figure 13. I then moved the Ethernet cable connected to my Laptop from port 8 of the SRW to a port on the RV042 to finish the configurations.

Tip TIP: Some inexpensive managed / "smart" switches don't have the ability to change the VLAN of the Management interface. In that case, you would use the default VLAN (usually either 0 or 1) as the "Network" VLAN in this example.

If you lock yourself out of the switch management interface, there is also a console connection option. On switches without console connections, you'd need to reset the switch to its default configuration and start over.

Management config

Figure 13: Putting the switch on a different VLAN

Testing

With the switch VLAN configurations complete, it is time to test. The goal of this exercise was to separate the Data components from the VoIP components, so pings from the Data to the VoIP VLAN and back are a good way to see if you've succeeded.

Indeed, pings from components in the Data VLAN did not reach components in the VoIP VLAN, and vice versa, which is what I want. However, all components need Internet access, so checking a browser on servers in both VLANs or pinging a reliable Internet host such as Google or Yahoo are good tests.

Since VoIP elements are part of this exercise, placing test calls is a good idea, both to and from stations, as well as to and from outside POTS numbers. Make sure to transmit and receive audio in both directions to ensure no one-way audio problems. One-way audio would indicate a routing or firewall problem blocking the voice path of the communication stream.

Another benefit of VLANs is that my network is now more secure than it was as a single LAN. Any device can flood the network with broadcast traffic, forming a denial of service attack against other devices on the same VLAN. However, since broadcasts can't cross VLANs, a device on my Data VLAN now can't flood my VoIP VLAN.

With these steps completed, my network is now divided into two separate VLANs and a third that overlaps the two. Figure 14 is a simple picture of my network with VLANs implemented. The four devices on the left have access to each other and the Internet. The two VoIP devices have access to each other and the Internet. Broadcasts in either VLAN will not affect the other.

After VLANs

Figure 14: The network divided into VLANs

More LAN & WAN

Featured Sponsors


Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Top Performing Routers

AC3200
AC2600
AC1900
AC1750
AC1200

Top Performing NASes

NoRAID
RAID1
RAID5

Over In The Forums

i'm running 380.57 build and just started using qos . after doing so my 2.4ghz internet doesn't work, im connected but still. my 5ghz works perfectly ...
I see a lot of people who when they want to buy a non consumer router tend to only know about ubiquiti rather than other brands. I mean theres cisco l...
I've been running 3.0.0.4_374.35_4-sdk5 for the past 2 years; it works reasonably well. Every time I try to upgrade to newer firmware, I have problem...
Hey guys, here's my situation. I installed an outdoor access point at a high-rise for free open access to their pool area which has upwards of 75 cli...
Hi I have an issue and was wondering if there is a fix or its the way it is. I have a 87u and PIA VPN with merlin firmware. when I use selective rout...

Don't Miss These

  • 1
  • 2
  • 3