Switch Overview¶
This document is an overview of how the switch operates and its capabilities.
See also
For instructions on how to configure the switch ports, see:
Configure LAN and OPT to act as switched ports on the same VLAN: Configuring the Switch Ports
Configure a trunk port to pass tagged VLAN traffic to another switch: Configuring a Router on a Stick.
Warning
The switch ports do not support the Spanning Tree Protocol (STP). Two or more ports connected to another Layer 2 switch, or connected to 2 or more different interconnected switches, could create a flooding loop between the switches. This can cause the router to stop functioning until the loop is resolved.
Warning
The switch is limited to a total maximum of 128 separate VLANs.
Interface Links¶
All three ports on the Netgate 1100 (WAN, LAN, OPT) are connected internally to a switch.
In addition to the three physical ports there is also an internal port
connected to the switch: Port 0 on the switch for an uplink and the mvneta0
interface which is the corresponding operating system interface for the switch
uplink.
The internal uplink port operates at 1 Gbps and connects the switch to the
SoC. From the perspective of the operating system, the only port is the
mvneta0 interface which also runs at the same 1 Gbps speed.
802.1q VLAN Mode¶
By default, the three physical ports are configured on separate VLANs which feed into the WAN, LAN, and OPT interfaces. These switch ports are customizable. For example, all of these configurations are possible:
WAN, LAN, and OPT as individual network interfaces.
WAN configured as a WAN, LAN and OPT configured as a switch for LAN A.
WAN, LAN, and OPT on the same VLAN as a single LAN A.
These scenarios are possible by utilizing VLANs. Each of the switch ports (LAN, WAN, OPT, and Port 0) are VLAN aware interfaces. They are capable of functioning as a standard access or trunk port:
- Access Port:
Adds a VLAN tag to inbound untagged traffic
- Trunk Port:
Allows tagged traffic containing specified VLAN IDs
In the default configuration, three VLANs are used to create the WAN, LAN, and OPT interfaces:
WAN |
VLAN 4090 |
LAN |
VLAN 4091 |
OPT |
VLAN 4092 |
The ports are configured to act as Access ports.
When data comes into the WAN interface, a VLAN tag of 4090 is added to the Ethernet frame.
When data comes into the LAN interface, a VLAN tag of 4091 is added to the Ethernet frame.
When data comes into the OPT interface, a VLAN tag of 4092 is added to the Ethernet frame.
Port 0 is configured to act as a Trunk port.
By default, only Ethernet frames containing a VLAN tag of 4090, 4091, or 4092 are allowed over the trunk.
Each VLAN configured on the switch uses the mvneta0 interface as its parent
interface. For example, the default interface assignments are:
WAN |
mvneta0.4090 |
LAN |
mvneta0.4091 |
OPT |
mvneta0.4092 |
This means mvneta0.4090, mvneta0.4091, and mvneta0.4092, as well as
any other VLANs created for the switch, all share the same 1 Gbps uplink.
Port Mode¶
Aside from being able to specify whether a switch port should act as an access or trunk port, it’s also possible to disable 802.1q VLAN mode. When this is done, a third mode called Port VLAN Mode is enabled. In this mode, any and all VLAN tags are allowed on all ports. No VLAN tags are added or removed. Think of it as a dummy switch that retains VLAN tags on frames, if present. This mode is useful when there are numerous VLANs on a network and the goal is to physically segment the switch, while allowing the same VLANs on all segments of the switch.
In Port VLAN Mode, rather than specifying which interfaces are associated to a VLAN, the configuration can specify which physical ports form a switch. For example, to create two physical switches that act as individual dummy switches - - allowing tagged or untagged traffic
Though the switch supports this mode, the nature of the way the ports are used makes it less useful than 802.1q mode