Configuring VLANs on SLX Series Switches
VLANs are often created to provide segmentation and/or security on Local Area Networks. By using VLANs, it is possible to control the flow of traffic and react quickly to a device being relocated within the network. When configured properly, VLANs can reduce the administration time required for a larger network. While VLANs generally behave the same in all managed switches, the terminology and configuration methods may be different from switch to switch. To learn about VLAN configuration please review the following sections:
- Frequently Asked Questions
- VLAN Configuration
Frequently Asked Questions
Q: Which managed switches support VLANs, and what modes are supported?
A: All Sixnet Managed switches fully support both port and tag based VLANs.
Q: What are the differences between port based and Standard VLAN modes?
A: Port based VLANs are the simplest type of VLAN. They do not pass VLAN information from one switch to another, and should generally be used if only one managed switch on the network will be used for VLANs. Standard VLAN mode uses the IEEE 802.1Q standard and can pass VLAN data from switch to switch, allowing for switch ports which can pass data from multiple VLANs simultaneously.
Q: Is the Management VLAN configurable?
A: The Management VLAN is configurable on gigabit models only. This includes all models with part numbers such as SLX-xxMG-1. All non gigabit model switches may only have default management VLAN of 1.
Q: Do SLX Series switch support VLAN “Trunking”?
A: Yes, however what is often referred to as a VLAN trunk or channel is called a Network port in SLX series switches. See section two for more details.
Q: What is the difference between Shared and Independent learning modes?
A: Shared learning mode keeps one address database for all VLANs, while Independent mode will create a separate database for each specified FDB. This allows the user to have one or more VLANs in separate databases, often useful when the same data is transmitted by the same MAC address on two different ports. Typically, servers or devices with redundant network interfaces would require the use of Independent mode.
All VLAN configuration can be done from the VLAN Settings and VLAN Port Settings pages of the web interface, as well as from the CLI. For this guide all configurations will be done via the web interface. In this sample scenario, the network is configured as shown below for a Standard (tag-based) VLAN.
The devices attached to ports 1, 2 and 3 are all devices which are not VLAN-aware such as computers or PLCs. These ports are referred to as Edge ports. Other vendors may refer to them as access ports.
Ports 9 and 10 are the connections between the two switches. These ports are configured to be connected to another VLAN-aware device such as another switch or a router. This is referred to as a Network port. This may be referred to elsewhere as a trunk or a channel. In this example, RSTP is also enabled on these switches. If you do not have redundancy in your network, only one network port should connect the two switches.
To begin VLAN configuration, select the VLAN Settings page and set the VLAN mode to Standard:
To add VLANs, click the Add VLAN button at the bottom of the page. You may do this as many times as you need to create your VLANs. The first VLAN to be created is the Office VLAN, with a VLAN ID of 10. Enter the VLAN name, the desired VLAN ID (VID) and check the box for each port you would like to include in this VLAN, as shown below:
Next, create the remaining two VLANs for the IT and PLC VLANs, VLANs 20 and 30 respectively:
Note that each VLAN has ports 9 and 10 included in addition to the specific ports for that VLAN. This is necessary in order to allow VLAN traffic from all VLANs to pass between the two switches.
Before clicking commit, please ensure that you are connected to a port which is not being included in a new VLAN. Otherwise, you may lose connectivity to the switch. For this example, ports 4 through 8 would all be acceptable ports to configure the switch from.
Once you are satisfied with your configuration, click the commit button.
After the VLAN settings are properly committed, click on the VLAN Port Settings menu to configure the individual ports of the switch.
Ports 1 through 3 are connected to end devices such as computers and PLCs, which do not understand VLAN information. Because of this, these ports must be set to port type Edge. Setting a port to this type will instruct the switch to remove the VLAN tags from traffic which is leaving the switch. This setting combined with the correct PVID setting will allow end devices to assigned specific VLANs.
In this example, Ports 1-3 are also given the PVID of the VLAN which they are included in on the VLAN Settings page. Ports 9 and 10 are the links between the two switches. These ports should be set to type Network. This setting should be used for connections between switches, and will pass data from any VLAN it is included in. The PVID does not need to be modified from the default of 1 for network ports. When the settings have been committed for all of the necessary ports, it should look like:
Note: For added security, you may optionally check the Force check box for edge ports. This option will remove any VLAN tag from incoming traffic and tag the traffic with the PVID of that port.
When this configuration is in place, VLANs should be fully operational. In the sample network, the switches are configured exactly the same, allowing communication by each device only within its own VLAN. Since RSTP is enabled on this network, Ports 9 and 10 can both be connected, allowing a redundant path for all VLAN communication between the switches.
It is also important to note that once the PVID has been changed from the default for a given port (as with ports 1-3) that port may no longer be used for management of the switch. In order to manage the switch, you must be connected to a port with a PVID of 1 (or the management VLAN ID if it has been changed) and which is included in the management VLAN.
For more advanced VLAN configuration utilizing MSTP, please also review the MSTP Concepts and Configuration Guide.
It is the customer's responsibility to review the advice provided herein and its applicability to the system. Red Lion makes no representation about specific knowledge of the customer's system or the specific performance of the system. Red Lion is not responsible for any damage to equipment or connected systems. The use of this document is at your own risk. Red Lion standard product warranty applies.
Red Lion Technical Support
If you have any questions or trouble contact Red Lion Technical Support by clicking here or calling 1-877-432-9908.
For more information: http://www.redlion.net/support/policies-statements/warranty-statement