VLANs are virtual networks created on top of the existing network infrastructure. Each virtual network is identified by its VLAN tag, which is used to mark traffic originating from clients belonging to the specific virtual network. This allows you to apply network policies such as traffic prioritization, network access restrictions, and firewalling. To learn more about VLANs and how to create them, please read this article.
On PoE Switches, VLANs can be assigned on a per-port basis and classified as either default or allowed. More specifically, you can assign one default VLAN and/or up to several allowed VLANs to each individual Switch port.
Ports with a configured default VLAN will accept any incoming untagged data packets and attach the default VLAN tag to them. Similarly, outgoing data packets tagged with the default VLAN tag will be untagged before exiting from these ports.
On the other hand, when VLANs are configured on a port as allowed, VLAN tagged data packets matching any of the allowed VLANs will be accepted. In contrast to the default VLAN configuration, these VLAN tags are never modified upon entering or exiting a port.
Switch ports handle incoming and outgoing traffic differently depending on:
- how the VLANs are configured on the ports;
- and whether the data packets are tagged or not.
Please see the graphics below to understand how your Switch port configuration will affect incoming and outgoing data packets.
To learn how to configure default and allowed VLANs on a Switch port, please read this article.