VLAN: PVID and VID explained

VLAN: PVID and VID explained

I first started using VLANs (Virtual Local Area Networks) in my home network because I wanted to have a server accessible from Internet without that server having any access to the rest of my servers, only isolated to Internet. To do that I replaced my Asus router with an EdgeRouter. It took a while reading and watching YouTube clips about VLANs to understand the concept and how to configure the actual ports (pvid and vid) on the router and in my VMware ESXi server. So here is my explination on how it works.

Each interface can be configured to have a PVID (Port VLAN ID), a VID (VLAN ID) or both.

The VLAN aware switch configuration of the EdgeRouter.

The VLAN ID information is attached to each data packet telling devices what network the packet belongs. You then have to create firewall rules to separate the networks, as a router will always route packets between networks if it knows the routes.

Use PVID if all devices on that port belongs to the same VLAN. VID is used when you are forwarding packets to another VLAN aware device on that port, such as a VMware ESXi server or an WiFi access point having multiple networks (with different VLANs) on it. If no VLAN tag is set, the router will put the one set in PVID on it, this becomes sort of the default VLAN if nothing else is set.

In short:

  • PVID – Set this if all devices behind the port is on the same VLAN. Only one VLAN ID is allowed.
  • VID – Set this if you have several different VLANs behind this port (separated by commas). In this case PVID becomes the default VLAN ID if a packet comes through with no VLAN ID. The port becomes a trunk for multiple networks to another router, switch or server, which in turn have PVIDs defined.

So while VID is a trunk of multiple VLANs, the PVID is the end port of a VLAN.

 

Kategorier

Stockholm, Sweden

hej@mwtech.se

buymeacoffee.com/mwtech

© 2024 MW: Tech
Magnus Werner.