The Linksys Smart Gigabit Switch (LGS308, LGS308P, LGS30MP, LGS318, LGS318P, LGS326, LGS326P, and LGS326MP) offers a quick and easy solution to extend your office network. The switch features gigabit speed ports, a web-based setup page for easy configuration and management, and PoE+ support for networking devices to be located anywhere without the need for alternating current (AC) outlets.
This article will guide you on how to set up a VLAN on the Linksys Smart Gigabit Switch.
Default VLAN settings
Default VLAN settings
When using factory default settings, the device automatically creates VLAN1 as the default VLAN. The default interface status of all ports is Trunk and all ports are configured as untagged members of the default VLAN.
The default VLAN has the following characteristics:
- It is distinct, non-static/non-dynamic and all ports are untagged members by default.
- It cannot be deleted.
- It cannot be given a label.
- It cannot be used for any special role, such as unauthenticated VLAN or voice VLAN. This is only relevant for telephony OUI-enabled voice VLAN.
- If a port is no longer a member of any VLAN, the device automatically configures the port as an untagged member of the default VLAN. A port is no longer a member of a VLAN if the VLAN is deleted or the port is removed from the VLAN.
When the VLAN ID (VID) of the default VLAN is changed, the device performs the following on all the ports in the VLAN after saving the configuration and rebooting the device:
- Removes VLAN Membership of the ports from the original default VLAN (takes effect after reboot).
- Changes the Port VLAN Identifier (PVID) of the ports to the VID of the new default VLAN.
- The original default VID is removed from the device. It must be recreated to use it again.
- Adds the ports as untagged VLAN members of the new default VLAN.
Creating a new VLAN
You can create a VLAN but this has no effect until the VLAN is attached to at least one port, either manually or dynamically. Ports must always belong to one or more VLANs.
The switch supports up to 128 VLANs, including the default VLAN. Each VLAN must be configured with a unique VID with a value from 1 to 4094. The device reserves VID 4095 as the Discard VLAN and VID 4094 for 802.1x. All packets classified to the Discard VLAN are discarded at ingress and are not forwarded to a port. The VLANs page enables you to change the default VLAN and create a new VLAN.
Follow these steps to change or add a VLAN:
NOTE: Some of the subtabs may vary depending on the model number of your switch.
- VLAN - Select one of the following options:
- Single VLAN - Select to create a single VLAN.
- Range of VLANs - Select to create a range of VLANs and specify the range of VLANs to be created by entering the starting VID and ending VID (inclusive). When using the Range of VLANs, the maximum number of VLANs you can create at one time is 100.
- VLAN ID - Enter a VLAN ID.
- VLAN Name - Enter a VLAN name.
- VLAN ID Range - Enter a range of VLANs.
Modifying the VLAN ports settings
- Interface - Select a Port or LAG.
- Interface VLAN Mode - Select the interface mode for the VLAN. The options are:
- Access - The interface is an untagged member of a single VLAN. A port configured in this mode is known as an Access Port.
- Trunk - The interface is an untagged member of one VLAN at most and is a tagged member of zero or more VLANs. A port configured in this mode is known as a Trunk Port.
- General Port - The interface can support all functions as defined in the IEEE 802.1q specification. The interface can be a tagged or untagged member of one or more VLANs.
- PVID - Enter the PVID of the VLAN to which incoming untagged and priority-tagged frames are classified. The possible values are 1 to 4094.
- Acceptable Frame Type - Select the type of frame that the interface can receive. Frames that are not of the configured frame type are discarded at ingress. These frame types are only available in General Mode. The possible values are:
- Admit All - The interface accepts all types of frames: untagged frames, tagged frames, and priority-tagged frames.
- Admit Tagged Only - The interface accepts only tagged frames.
- Admit Untagged Only - The interface accepts only untagged and priority frames.
- Ingress Filtering (available only in General Mode) - Select to enable ingress filtering. When an interface is ingress filtering enabled, the interface discards all incoming frames that are classified as VLANs of which the interface is not a member. Ingress filtering can be disabled or enabled on General Ports. It is always enabled on Access Ports and Trunk Ports.
When a port has a forbidden default VLAN membership, that port is not allowed membership in any other VLAN. An internal VID of 4095 is assigned to the port.
To forward packets properly, intermediate VLAN-aware devices that carry VLAN traffic along the path between end nodes must be manually configured.
Untagged port membership between two VLAN-aware devices with no intervening VLAN-aware devices must be connected to the same VLAN. In other words, the PVID on the ports between the two devices must be the same if the ports are to send and receive untagged packets to and from the VLAN. Otherwise, traffic might leak from one VLAN to another.
Frames that are VLAN-tagged can pass through other network devices that are VLAN-aware or VLAN-unaware. If a destination end node is VLAN-unaware but is to receive traffic from a VLAN, then the last VLAN-aware device (if there is one) must send frames of the destination VLAN to the end node untagged.
Follow these steps to learn how to add a port to a VLAN:
3. To add a Port or LAG to a VLAN, select it and click Join VLAN.
Enter the values for the following fields:
- VLAN Mode
- Access - The interface is an untagged member of a single VLAN. A port configured in this mode is known as an Access Port.
- Trunk - The interface is an untagged member of one VLAN at most and is a tagged member of zero or more VLANs. A port configured in this mode is known as a Trunk Port.
- General Port - The interface can support all functions as defined in the IEEE 802.1q specification. The interface can be a tagged or untagged member of one or more VLANs.
- Tagging
- Forbidden - The interface is not allowed to join the VLAN. When a port is not a member of any other VLAN, enabling this option on the port makes the port part of internal VLAN 4095 (a reserved VID).
- Excluded - The interface is currently not a member of the VLAN. This is the default for all the Ports and LAGs when the VLAN is newly created.
- Tagged - The interface is a tagged member of the VLAN.
- Untagged - The interface is an untagged member of the VLAN. Frames of the VLAN are sent untagged to the interface VLAN.
- PVID - PVID is set to this VLAN. If the interface is in Access Mode or Trunk Mode, the device automatically makes the interface an untagged member of the VLAN. If the interface is in General Mode, you must manually configure VLAN membership.
VLAN Memberships
The VLAN Memberships page displays the VLAN memberships of the ports in various presentations. You can use them to add memberships to or remove memberships from the VLANs.
When a port has a forbidden default VLAN Membership, that port is not allowed membership in any other VLAN. An internal VID of 4095 is assigned to the port. To forward packets properly, intermediate VLAN-aware devices that carry VLAN traffic along the path between end nodes must be manually configured.
Untagged port membership between two VLAN-aware devices with no intervening VLAN-aware devices, must be connected to the same VLAN. In other words, the PVID on the ports between the two devices must be the same if the ports are to send and receive untagged packets to and from the VLAN. Otherwise, traffic might leak from one VLAN to another.
Frames that are VLAN-tagged can pass through other network devices that are VLAN-aware or VLAN-unaware. If a destination end node is VLAN-unaware but is to receive traffic from a VLAN, then the last VLAN-aware device (if there is one), must send frames of the destination VLAN to the end node untagged.
Use the VLAN Memberships page to display and configure the ports within a specific VLAN.
Follow these steps to assign a port to one or more VLANs:
- Interface - Select Port or LAG ID.
- PVID - PVID is set to this VLAN. If the interface is in Access Mode or Trunk Mode, the device automatically makes the interface an untagged member of the VLAN. If the interface is in General Mode, you must manually configure the VLAN membership.
- Access - Select to make the interface an access interface on this VLAN.
- Trunk - Select to make the interface a trunk interface on this VLAN.
- General Port - The interface can support all functions as defined in the IEEE 802.1q specification. The interface can be a tagged or untagged member of one or more VLANs.
- Forbidden - The interface is not allowed to join the VLAN. When a port is not a member of any other VLAN, enabling this option on the port makes the port part of internal VLAN 4095 (a reserved VID).
- Excluded - The interface is currently not a member of the VLAN. This is the default for all the Ports and LAGs when the VLAN is newly created.
- Tagged - The interface is a tagged member of the VLAN. This is not relevant for Access Ports.
- Untagged - The interface is an untagged member of the VLAN. Frames of the VLAN are sent untagged to the interface VLAN. This is not relevant for Access Ports.
This section describes how to configure MAC-based VLAN groups.
VLAN groups classify packets into VLANs based on their MAC addresses. VLAN groups can be used to separate traffic into different VLANs for security and/or load balancing.
If several classification schemes are defined, packets are assigned to a VLAN in the following order:
- TAG - If the packet is tagged, the VLAN is taken from the tag.
- MAC-based VLAN - If a MAC-based VLAN has been defined, the VLAN is taken from the source MAC-to-VLAN mapping of the ingress interface.
- PVID - VLAN is taken from the port default VLAN ID.
MAC-based VLAN classification enables packets to be classified according to their source MAC address. You can then define MAC-to-VLAN mapping per interface. You can define several MAC-based groups, with each group containing different MAC addresses.
These MAC-based groups can be assigned to specific Ports or LAGs. MAC-based groups cannot contain overlapping ranges of MAC addresses on the same port.
The following table describes the availability of MAC-based groups in various SKUs:
MAC-based group availability
SKU | System Mode | MAC-based groups support |
Smart | Layer 2 | Yes |
Layer 3 | No | |
Managed | Layer 2 | Yes |
Layer 3 | No |
Follow these steps to define a MAC-based group to assign a MAC address to a VLAN group ID
- Assign the VLAN group to a VLAN (using the MAC-based VLAN page). The interfaces must be in General Mode.
- If the interface does not belong to the VLAN, manually assign it to the VLAN using the VLAN Memberships page.
Follow these steps to assign a MAC address to a VLAN Group:
- Group ID - Enter a user-created VLAN group ID number.
- MAC address - Enter a MAC address to be assigned to a VLAN group.
- Prefix Mask - Enter one of the following:
- Host - Source host of the MAC address
- Length - Prefix of the MAC address
Your Ports or LAGs must be in General Mode. Follow these steps to assign a MAC-based VLAN group to a VLAN on an interface:
- Interface - Enter Port or LAG on how to receive traffic.
- Group ID - Select a VLAN group, defined in the MAC-based Groups page.
- VLAN ID - Select the VLAN to which traffic from the VLAN group is forwarded.
In a LAN, voice devices such as IP phones, VoIP endpoints, and voice systems are placed into the same VLAN. This VLAN is referred to as the voice VLAN. If the voice devices are in different voice VLANs, IP (Layer 3) routers are needed to provide communication.
Auto voice VLAN
The switch supports the Telephony (organizationally unique identifier) OUI mode and Auto voice VLAN mode. The two modes affect how voice VLAN and/or voice VLAN port memberships are configured.
In Telephony OUI mode, the voice VLAN must be a manually-configured VLAN and cannot be the default VLAN.
When the device is in Telephony OUI mode and a port is manually configured as a candidate to join the voice VLAN, the device dynamically adds the port to the voice VLAN if it receives a packet with a source MAC address matching one of the configured telephony OUIs. An OUI is the first 3 bytes of an ethernet MAC address.
Voice endpoints
To have a voice VLAN work properly, voice devices such as IP phones and VoIP endpoints must be assigned to the voice VLAN where it sends and receives its voice traffic.
Two possible scenarios:
- A phone/endpoint may be statically configured with the voice VLAN.
- A phone/endpoint may obtain the voice VLAN in the boot file it downloads from a TFTP server. A DHCP server may specify the boot file and the TFTP server when it assigns an IP address to the phone.
You can create a network policy manually or enable the device to automatically generate a network policy based on a voice VLAN configuration.
The device expects the attaching voice devices to send voice VLAN-tagged packets. On ports where the voice VLAN is the native VLAN or configured with Auto voice VLAN by Telephony OUI, voice VLAN untagged packets are possible.
Voice VLAN CoS
The device can advertise the CoS/802.1p and DSCP settings of the voice VLAN by using LLDP-MED network policies. You can create your network policy manually or enable the device to automatically generate the network policy based on your voice VLAN configuration. MED-supported devices must send their voice traffic with the same CoS/802.1p and DSCP values, as received with the LLDP- MED response.
You can disable the automatic update between voice VLAN and LLDP-MED and use your own network policies.
Working with the OUI mode, the device can additionally configure the mapping and remarking (CoS/802.1p) of the voice traffic based on the OUI.
By default, all interfaces are CoS/802.1p trusted. The device applies the Quality of Service (QoS) based on the CoS/802.1p value found in the voice stream. For telephony OUI voice streams, you can override the Class of Service (CoS) and optionally remark the 802.1p of the voice streams by specifying the desired CoS/802.1p values and using the remarking option under Telephony OUI.
Voice VLAN constraints
The following constraints exist:
- Only one voice VLAN is supported.
- A VLAN that is defined as a voice VLAN cannot be removed.
In addition, the following constraints are applicable for Telephony OUI:
- The voice VLAN cannot be VLAN1 (the default VLAN).
- The voice VLAN QoS decision has priority over any other QoS decision, except for the Policy decision.
- A new VLAN ID can be configured for the voice VLAN only if the current voice VLAN does not have candidate ports.
- The interface VLAN of a candidate port must be in General or Trunk Mode.
- The voice VLAN QoS is applied to candidate ports that have joined the voice VLAN and to static ports.
- The voice flow is accepted if the MAC address can be learned by the Forwarding Database (FDB). If there is no free space in FDB, no action occurs.
- Voice VLAN ID - Enter the identifier of the current voice VLAN.
- CoS/802.1p - Select the CoS/802.1p value to be used by the LLDP-MED as a voice network policy.
- Telephony OUI Voice VLAN - Check this box to enable automatic adding of ports to voice VLAN when OUI packets are received.
- Remark CoS/802.1p - Check this box to enable remarking of packets with the CoS/802.1p value.
- Aging Time - Enter the time delay to remove a port from the voice VLAN after all of the MAC addresses of the phones detected on the ports have aged out.
Follow these steps to view or add a new OUI:
- Telephony OUI - The first six digits of the MAC address that are reserved for OUIs.
- Description - User-assigned OUI description.
Telephony OUI Interfaces
Quality of Service (QoS) attributes can be assigned per port to the voice packets in one of two modes:
- All QoS values configured to the voice VLAN are applied to all of the incoming frames that are received on the interface and are classified to the voice VLAN.
- Telephony Source MAC address (SRC) - The QoS values configured for the voice VLAN are applied to any incoming frame that is classified to the voice VLAN and contains an OUI in the source MAC address that matches a configured Telephony OUI.
Use the Telephony OUI Interfaces page to add an interface to the voice VLAN on the basis of the OUI identifier and to configure the OUI QoS mode of voice VLAN.
Follow these steps to configure Telephony OUI on an interface:
- Interface - Select Port or LAG.
- Telephony OUI - If enabled, the interface is a candidate port of the Telephony OUI-based voice VLAN. When packets that match one of the configured Telephony OUIs are received, the port is added to the voice VLAN.
- QoS Mode - Select one of the following options:
- All - QoS attributes are applied on all packets that are classified to the voice VLAN.
- Telephony Source MAC Address - QoS attributes are applied only on packets from IP phones.