Netonix Forums

I have a quick question that should be fairly straight forward, but I'm having difficulty with... I am new to configuring Netonix products, and I have a WS-12-250-AC, and I need to create a separate vlan on the device.

I want to separate ports 1 and 2 on a separate vlan that is not accessible from the other ports but that are able to communicate with each other. How might I achieve this?

Thanks,

Lynn

So say you want to separate ports 1 and 2 from all others

Remove ports 1 and 2 from the Default VLAN by putting E instead of U

Next create a new VLAN any ID does not matter and put a U on each port 1 and and E on all other ports.

But by using U on this new VLAN for port 1 and 2 they will not accept packets that have a VLAN Tag. If you want to pass only Tagged packet on ports 1 and 2 you would use a T instead of U. If you want to pass Tagged and Untagged packets through ports 1 and 2 use a Q on ports 1 and 2

Thank you! I think that I was confused using the QinQ and the E and U. I had a E on the defaultID for ports 1 and 2, and had a T for the vlan id. I understand now why that was not working. I'll test and let you know the results. Again, many thanks!

Sincerely,

Lynn

Basically when setting up VLANs you are defining the ingress and egress conditions for each port and defining where each VLAN can send and receive packet to and from (the ports defined)


U = packets coming in have no VLAN ID Tag or if leaving strip off the VLAN ID Tag

E = Exclude this port altogether from the VLAN

T = Means that the port only accepts packets that are Tagged with a VLAN ID that matches on the VLAN definitions for that port or is defined in the VLAN Access List
T = Means that packets leaving this port will leave the VLAN ID Tag intact.

Q = Means that it will accept Tagged packets that matches on the VLAN definitions for that port or is defined in the VLAN Access List
Q = Means that packets leaving this port will have the outer VLAN ID Tag stripped off leaving either an Untagged packet or the inner VLAN ID still intact thus QinQ

Also note that if you're using Q to separate 2 ports making a little virtual switch and you want both Tagged and Untagged packets you have to define the allowed VLAN IDs that are allowed using the VLAN Access List

Another way to isolate 2 ports that would pass both Tagged an Untagged packets would be to create 2 VLAN definitions for those 2 port. 1 definition would use 2 Us to allow Untagged packets and another definition with T and then specify the VLAN IDs you want to pass in the VLAN Access List on those ports

I am wanting to use the Netonix to power all my radios, and a mikrotik router on a tower, I have 4 radios and 1 router. I want to put the uplink side of the router and backhaul radio to main on 1 & 2, and then I want the downlink side of the radios on the other ports. I'll also put a LAN port from the router on the other ports shared with the other radios. Thus the need to separate the traffic from 1&2 to the rest of the switch. I could also use port isolation between the other radios to help prevent broadcast traffic between the other radios. Do you see any other complications or easier ways to accomplish this?

Thanks,

Lynn

Read, study, and think what I am doing on my VLAN Tab
viewtopic.php?f=30&t=452

Also watch the Video on Youtube for hints: https://www.youtube.com/watch?v=8JvBEAD4MFM