Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.
Table of Contents
Techvid Video
Overview
This recommended Read aims to provide a complete guide on configuring VLANs, including both tagged and untagged ports, on a Sophos switch.
In the context of Sophos switches, it's important to note that we refer to 'tagged ports' as trunk ports, which are typically used to carry traffic for multiple VLANs, and 'untagged ports' or access ports, which are used for end devices within a single VLAN.
We will explore the process step by step to help you effectively set up and manage VLANs on your Sophos switch.
Scenario:
Scenario:
In this example, we have 2 workstation members of 2 different VLANs.
Access Switch
Ports: 2–4 Untagged Port VLAN 100
Ports: 5–7 Untagged Port VLAN 200
Port 8:
- Tagged Port VLANs 100 and 200
- Connected to XGS firewall to carry traffic for VLANs 100 & 200.
PC 1 – SUPPORT VLAN
Member of VLAN SUPPORT-100 which resides in VLAN 100.
Connected to port 2 on the Sophos Access Switch
PC 2 – SALES VLAN
Member of VLAN SALES-200 which resides in VLAN 200.
Connected to port 5 on the Sophos Access Switch
Configurations
Log in to Sophos Switch
Add VLAN
To add VLAN navigate to Configure > VLAN settings > 802.1Q then click “+Add”
In the Add VLAN window enter the details of your desired VLAN
- Enter your desired VLAN ID. This must be a number from 2 to 4094.
- Enter the desired VLAN name.
- Then click ‘Apply.’
Tagged Ports (Trunk Port)
- To configure a tagged port, navigate to Configure > VLAN settings > 802.1Q then click ‘Edit’ on the VLAN(s) created.
- Click the 'Tagged' box.
- Select your desired tagged port. In this example, choose Port 8.
- Click the 'checkmark' icon.
5. Then click 'Apply'.
We have successfully created a Tagged Port (Trunk Port) for VLANs 100 and 200.
Untagged Port (Access Port)
- Click ‘Edit’ your desired VLAN to create untagged ports. In this example we choose SUPPORT-100.
- Click on the ‘Untagged’ Box
- Click on your desired port(s). In this example ports 2, 3 and 4.
- Click the 'checkmark' icon.
5.Then click on ‘Apply’.
Port VLAN ID (PDVID)
The PVID is a setting assigned to an individual switch port, specifying the VLAN ID to be assigned to incoming untagged traffic on that port.
In simpler terms, when an untagged frame arrives at a port, the switch assigns it the VLAN specified by the PVID for that particular port. In the context of Sophos switches, incoming traffic is initially set to PVID 1.
To ensure traffic is placed in the correct VLAN, it's essential to change or set the PVID to the appropriate VLAN ID on your desired port(s).
More details can found here for reference: Sophos Cloud Switch: PVID
PVID Configuration
In our example, we will be configuring PVIDs as follows:
- PVID 100 on ports 2, 3 and 4.
- PVID 200 on ports 5, 6 and 7.
To configure PVID navigate to
- Configure
- VLAN settings
- PVID and Ingress filter
- Choose your required port(s). In this example ports 2, 3 and 4
- Then click ‘Edit’
Once the PVID Window appears:
- Select your desired PVID, in this example 100 (SUPPORT-100).
- Click Apply.
Related Information
Techvid Video https://techvids.sophos.com/share/watch/fnLELAk4EchQoFRDepxJNA?
Edited TAGs
[edited by: Erick Jan at 12:00 AM (GMT -8) on 11 Jan 2024]
