N-TRON® Overlapping VLANs

A VLAN is an administratively configured LAN segment that limits the traffic in multiple broadcast domains. Instead of physically reconnecting a device to a different LAN, network administrators can accomplish this task by configuring a VLAN compliant switch to create logical network segments. A key feature of N-Tron's VLAN (tagged and port) implementation is the concept of overlapping members. We will discuss Port VLAN first.

OVERLAPPING PORT VLAN (500 Series with -A)

Port VLANs logically segment a switch transparently. Referring to Figure 1, using a 508TX-A, consider the following example where the Office LAN uplink is on Port 1, the PLC is on Port 2, and the Control devices being accessed by the PLC are on ports 3-8. In this case, the network administrator would like to set up VLAN partitions to keep the Office LAN separate from the Control LAN, but still have the capability to access the PLC from a workstation connected to the Office LAN.

This example shows how to set up the PLC as an overlapping member to both VLAN group 2 (VID2) and VLAN group 3 (VID3). To accomplish this, we will create an abstract VLAN (VID4) that has all ports as a secondary member, and only port 2 (the overlapping member) with a PVID of 4. Please note that port 2 is a secondary member of the other two groups as well.

Command Line Interface (CLI) entry to accomplish this configuration

CLI\SWITCH\VLAN> PORT [ENTER]
Port VLAN selected.
/ (Go to top of menu tree)
? (Show menus/commands)
info (Get information about VLAN)
enable (Enable Port VLAN)
tagged (Switch to Tagged VLAN)
group1 (configure Port VLAN Group 1)
group2 (configure Port VLAN Group 2)
group3 (configure Port VLAN Group 3)
group4 (configure Port VLAN Group 4)
group5 (configure Port VLAN Group 5)
group6 (configure Port VLAN Group 6)
group7 (configure Port VLAN Group 7)
group8 (configure Port VLAN Group 8)
cleargroups (clear Port VLAN Groups 2 through 8)

CLI\SWITCH\VLAN> GROUP4 [ENTER]
Configure Port VLAN Group 4.

Enter ports to Join VLAN Group 4 (Example: '367(enter)')
Enter Port Numbers (or ESC to exit)> 1,2,3,4,5,6,7,8 [ENTER]
These ports were removed from group1: 1 2 3 4 5 6 7 8

Would you like all these ports to have PVID=4 ?
Enter 'NO' or (YES):
CLI> NO [ENTER]
Enter ports to have PVID=4
(Example: '367(enter)')
Enter Port Numbers (or ESC to exit)> 2 [ENTER]

*** These ports now have null PVIDs: 1 3 4 5 6 7 8 ***
*** All ports should have valid PVIDs before configuration is complete. ***

CLI\SWITCH\VLAN> GROUP3 [ENTER]
Configure Port VLAN Group 3.

Enter ports to Join VLAN Group 3 (Example: '367(enter)')
Enter Port Numbers (or ESC to exit)> 2,3,4,5,6,7,8 [ENTER]

Would you like all these ports to have PVID=3 ?
Enter 'NO' or (YES):
CLI> NO [ENTER]
Enter ports to have PVID=3
(Example: '367(enter)')
Enter Port Numbers (or ESC to exit)> 3,4,5,6,7,8 [ENTER]

CLI\SWITCH\VLAN> GROUP2 [ENTER]
Configure Port VLAN Group 2.

Enter ports to Join VLAN Group 2 (Example: '367(enter)')
Enter Port Numbers (or ESC to exit)> 1,2 [ENTER]

Would you like all these ports to have PVID=2 ?
Enter 'NO' or (YES):
CLI> NO [ENTER]
Enter ports to have PVID=2
(Example: '367(enter)')
Enter Port Numbers (or ESC to exit)> 1 [ENTER]

Setup Information and Enabling Port VLAN

CLI\SWITCH\VLAN> INFO [ENTER]

Port VLAN is DISABLED.
When enabled:
All outgoing pkts will be untagged.

VLAN GROUP1 includes these Ports: none
VLAN GROUP2 includes these Ports: 1 2
VLAN GROUP3 includes these Ports: 2 3 4 5 6 7 8
VLAN GROUP4 includes these Ports: 1 2 3 4 5 6 7 8
VLAN GROUP5 includes these Ports: none
VLAN GROUP6 includes these Ports: none
VLAN GROUP7 includes these Ports: none
VLAN GROUP8 includes these Ports: none

There is more info. Press 'SPACE BAR' to continue, or escape to exit >

Incoming pkts will use these PVIDs to determine group membership:
Port 1 PVID=2
Port 2 PVID=4
Port 3 PVID=3
Port 4 PVID=3
Port 5 PVID=3
Port 6 PVID=3
Port 7 PVID=3
Port 8 PVID=3

CLI\SWITCH\VLAN> ENABLE [ENTER]
Port VLAN is Enabled.

CLI\SWITCH\VLAN>

OVERLAPPING PORT VLAN (9000 Series)

Referring to Figure 2, using a 9000, consider the following example where the Office LAN uplink is on Port A1, the PLC is on Port A2, and the Control devices being accessed by the PLC are on ports A3-A6. As in the previous case, the network administrator would like to set up VLAN partitions to keep the Office LAN separate from the Control LAN, but still have the capability to access the PLC from a workstation connected to the Office LAN.

This example shows how to set up the PLC as an overlapping member to both VLAN Group 2 (VID2) and VLAN Group 3 (VID3). To accomplish this, we will create an abstract VLAN (VID4) that has all ports that are being used as secondary members, and only port 2 (the overlapping member) with a PVID of 4. Please note that port 2 is a secondary member of the other two groups as well. Note: Default VLAN retains all ports not on Groups 2-4.

Web Interface Entry to Accomplish this Setup

- Use the Web Interface to create VLAN Groups 2-4 as above and make sure the PVIDs are set as above via Port Configuration.
- Make sure to enable/disable RSTP configuration for each VLAN as required.

Command Line Interface (CLI) entry to accomplish this setup

N-TRON/Admin#[54]vlan> vlan add 2 1 -name "Group 2" -untagged 1-2 -admit all [ENTER]

PVID of port 1 is set to 2.
PVID of port 2 is set to 2.
Vlan Added with Vlan id : 2
N-TRON/Admin#[55]vlan> vlan add 3 1 -name "Group 3" -untagged 2-6 -admit all [ENTER]

PVID of port 3 is set to 3.
PVID of port 4 is set to 3.
PVID of port 5 is set to 3.
PVID of port 6 is set to 3.
Vlan Added with Vlan id : 3
N-TRON/Admin#[56]vlan> vlan add 4 1 -name "Group 4" -untagged 1-6 -admit all [ENTER]

Vlan Added with Vlan id : 4
N-TRON/Admin#[57]vlan> port set pvid 2 4 [ENTER]

PVID of port 2 is set to 4.
N-TRON/Admin#[58]port/set> vlan show config [ENTER]

N-TRON/Admin#[59]vlan/show> stp set bridgeadminstatus 1 disable [ENTER]
Admin Status successfully Set
N-TRON/Admin#[60]stp/set> stp set bridgeadminstatus 2 disable [ENTER]
Admin Status successfully Set
N-TRON/Admin#[61]stp/set> stp set bridgeadminstatus 3 disable [ENTER]
Admin Status successfully Set
N-TRON/Admin#[62]stp/set> stp set bridgeadminstatus 4 disable [ENTER]
Admin Status successfully Set
N-TRON/Admin#[63]stp/set>
Note: RSTP is disabled in the code above for all VLANs

OVERLAPPING TAGGED VLAN (500 Series)

Tagged VLAN allows switch segmentation to span across multiple managed switches. This type of VLAN is ideal for LANs that consist of various types of communication groups such as Office LANs, Controls Systems, and IP Cameras. When used properly, it will effectively isolate two or more groups from each other in a logical manner. This means that Broadcast, Multicast, and Unicast frames in one VLAN will not interfere with another isolated VLAN group.

Referring to Figure 3, we will create a Tagged VLAN trunk (using Port 1 on each switch) between two 500 Series switches. This application will logically isolate the IT / Office LAN from the Controls System LAN as regards both switches. It will also allow you to use a single physical connection as the VLAN Trunk connecting the two switches. Note that only the two N-Tron switches need to understand tagged VLAN to achieve this, as all other traffic is untagged. You may choose to use the Port Trunking feature between the two 508TX-A switches to provide higher bandwidth and media redundancy.

Command Line Interface (CLI) entry to accomplish this configuration

CLI\SWITCH\VLAN> group2 [ENTER]

Configure Tagged VLAN Group 2.

Enter VID or [(ESC)] to exit> 2 [ENTER]
Enter ports to Join VLAN Group 2 (Example: '367(enter)')
Enter Port Numbers (or ESC to exit)> 1 2 [ENTER]

Would you like all these ports to have PVID=2 ?
Enter 'NO' or (YES):
CLI> yes [ENTER]
For incoming pkts with tagged VID=2, the outgoing pkts are untagged for ports: 1 2
Would you like to change that ? Enter 'YES' or (NO):

CLI> yes [ENTER] For VID=2 enter ports for outgoing untagged pkts: 2 Wait......

These ports were removed from group1:
1 2

CLI\SWITCH\VLAN> group3 [ENTER]

Configure Tagged VLAN Group 3.

Enter VID or <(ESC)> to exit> 3 [ENTER]
Enter ports to Join VLAN Group 3 (Example: '367(enter)')
Enter Port Numbers (or ESC to exit)> 1 3 4 5 6 7 8 [ENTER]

Would you like all these ports to have PVID=3 ?
Enter 'NO' or (YES):
CLI> yes [ENTER]

For incoming pkts with tagged VID=3, the outgoing pkts are untagged
for ports: 1 3 4 5 6 7 8
Would you like to change that ? Enter 'YES' or (NO):
CLI> yes [ENTER]
For VID=3 enter ports for outgoing untagged pkts: 3 4 5 6 7 8
Wait......

These ports were removed from group1:
3 4 5 6 7 8

CLI\SWITCH\VLAN> info [ENTER] (to verify configuration)

Tagged VLAN is DISABLED.
When enabled:

All incoming untagged pkts are sent to PVID group.

VLAN GROUP1 has a VID of: 1, and includes these Ports: none
GROUP1 outgoing pkts are untagged for ports: none
VLAN GROUP2 has a VID of: 2, and includes these Ports: 1 2
GROUP2 outgoing pkts are untagged for ports: 2
VLAN GROUP3 has a VID of: 3, and includes these Ports: 1 3 4 5 6 7 8
GROUP3 outgoing pkts are untagged for ports: 3 4 5 6 7 8

There is more info. Press 'SPACE BAR' to continue, or escape to exit >

For each port, untagged incoming pkts will use these PVIDs to determine group membership:

Port 1 PVID=3
Port 2 PVID=2
Port 3 PVID=3
Port 4 PVID=3
Port 5 PVID=3
Port 6 PVID=3
Port 7 PVID=3
Port 8 PVID=3

CLI\SWITCH\VLAN> enable [ENTER]

Tagged VLAN is Enabled.

CLI\SWITCH\VLAN>

[***CYCLE POWER OF SWITCH***]

NOTE: Repeat above steps on second switch...

Home | Products | Partners | Tech Support | Tech Library | Press Room | About | Contact | Site Map | Privacy Policy
Questions or Comments? Copyright © 2012 B&B Electronics Mfg