Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.
Table of Contents:
Overview:
This recommended Read aims to provide a complete guide on configuring VLANs on a Sophos switch, including both tagged and untagged ports.
In the context of Sophos switches, it's important to note that we refer to 'tagged ports' as trunk ports, which are typically used to carry traffic for multiple VLANs, and 'untagged ports' or access ports, which are used for end devices within a single VLAN.
We’ll systematically explore the process to help you effectively set up and manage VLANs on your Sophos switch.
Scenario:
Configure VLAN using Command Line Interface (CLI).
This example will provide a step-by-step guide on configuring VLAN on a Sophos switch via CLI. This includes defining the VLAN ID, setting a descriptive name, configuring untagged and tagged ports, and setting the PVID for VLAN. In our example, we will use VLAN 100.
Configurations:
- Enter Global Configuration Mode:
CS101-8FP# conf t
CS101-8FP(config)#
- Create VLAN 100
CS101-8FP(config)# vlan 100
CS101-8FP(config-vlan)#
- Add a Descriptive Name to VLAN 100:
CS101-8FP(config-vlan)# ports name "GROUP-100"
This command sets a descriptive name ("GROUP-100") to VLAN 100
- Create an untagged port for VLAN 100:
CS101-8FP(config-vlan)# ports add gigabitethernet 0/2-4 untagged gigabitethernet 0/2-4
This command configures gigabit ethernet ports 0/2 to 0/4 as untagged for VLAN 100.
- Create Tagged Port for VLAN 100:
CS101-8FP(config-vlan)# ports add gigabitethernet 0/8
This command configures port gigabit Ethernet 0/8 as a tagged for VLAN 100.
- Exit VLAN Configuration Mode:
CS101-8FP(config-vlan)# exit
PVID:
The PVID is a setting assigned to an individual switch port, specifying the VLAN ID to be assigned to incoming untagged traffic on that port. In simpler terms, when an untagged frame arrives at a port, the switch assigns it the VLAN specified by the PVID for that particular port. In the context of Sophos switches, incoming traffic is initially set to PVID 1. To ensure traffic is placed in the correct VLAN, changing or setting the PVID to the appropriate VLAN ID on your desired port(s) is essential. reference KBA: https://support.sophos.com/support/s/article/KBA-000008034?language=en_US
- Set PVID for VLAN 100 on Untagged Ports:
CS101-8FP(config-if-range)# interface range gigabitethernet 0/2-4
CS101-8FP(config-if-range)# switchport pvid 100
CS101-8FP(config-if-range)# exit
CS101-8FP(config)# save
These commands configure the PVID for VLAN 100 on untagged gigabit ethernet ports 0/2 through 0/4 and finally save the configuration.
Here is the full configuration for VLAN 100, Tagged and Untagged ports, and PVID for untagged ports, ports 0/2 through 0/4.
CS101-8FP# conf t CS101-8FP(config)# CS101-8FP(config)# vlan 100 CS101-8FP(config-vlan)# CS101-8FP(config-vlan)# ports name "GROUP-100" CS101-8FP(config-vlan)# ports add gigabitethernet 0/2-4 untagged gigabitethernet 0/2-4 CS101-8FP(config-vlan)# ports add gigabitethernet 0/8 CS101-8FP(config-vlan)# exit CS101-8FP(config-if-range)# interface range gigabitethernet 0/2-4 CS101-8FP(config-if-range)# switchport pvid 100 CS101-8FP(config-if-range)# exit CS101-8FP(config)# save
Related Information:
Sophos Switch PVID: https://support.sophos.com/support/s/article/KBA-000008034?language=en_US
Sophos Switch VLAN: https://docs.sophos.com/nsg/switch/help/en-us/cliGuide/networkServices/vlan/index.html