Netgear, Routing, Switching

The Views Expressed Below Do not in any way reflect Internal Doctorine or Official Statements of Netgear Inc. These are just my notes – Use at your own Risk.

First read [main article] followed by the [updates] on my article called the “VLANs on Netgear Switches – Layer 2 –  802.1q”: NETGEAR VLANS and this example on making 2 VLANS

NOTE: Netgear and HP deal with VLANS similarly.

Notes on Layer2 and Layer3 
Most environments contain switches and routers (firewalls). Some routers/firewalls understand VLANS, and some dont. For the ones that do its important to understand how they work with VLANS and how they understand them (the article below explain this).
This article is on INTERVLAN ROUTING (layer3) which also incorporates (and sits on top of) 802.1q layer 2 vlans.
Difference between VLAN routing and INTERVLAN routing? There is no such thing as VLAN routing (routing is a layer 3 concept), there is only routing and it can be setup to route packets from one vlan (layer2 network) to another vlan(layer 2 network). There is no layer 2 technology that can connect 2 vlans (not that Im aware of). INTERVLAN Routing is an option that automatically setups the routing (layer3) to connect vlans together. On Layer3 Switches this is a “manual” process (its just called routing. I say “manul” because it can technically be done automatically with OSPF and RIP or statically/manually with Static Routes)
LAYER3 – ROUTING connects subnets together (has to be setup with many settings). INTERVLAN ROUTING is basically automatic ROUTING (done with a click of button or checkbox)
LAYER2 – VLANS: segregates subnets by segragating broadcasts (and all traffic)

The following are just conclusions of some tests that I have done.

ProSafe / Prosecure Firewall(Routers) VLANS

They are layer 3 devices

It’s safe to assume the following:

Any intervlan routing happens at the CPU

Layer 2 activities happen at the ASIC (does not hit the CPU)

 INTERFACE TERMS:

The best way to describe the actions of the terms is with an analogy to something familiar (the Layer 2 and Layer 3 switch). So pretend the Router to be a Layer 3 Switch when trying to think of how the vlans work.

On a port you can set exactly 1 Default VLAN

Default VLAN: Its the equivalent of setting UNTAG and PVID setting on a Layer 2 Switch for that vlan

For each vlan you can set on what LAN ports it participates which is called Membership

Membership: Its the equivalent of setting a TAG for that vlan on a Layer 2 Switch for that vlan

 Remember UNTAGS override TAGS:

If there results a port which has UNTAG set to vlan X and membership also set to vlan X, which would seemingly result in PVID X and TAG X and UNTAG X, the actual result is PVID X and UNTAG X

Example: Port 2 Default vlan is 10, Vlan 10 also is a member of port 1 and 2 and 3 and 4. The fact that its also member of port 1,3, and 4 is unrelated to this topic. Then end result for port 2 seems like it would be: UNTAG2, TAG2, PVID2 – However as we just read the Override comes about and thus its UNTAG2, PVID2

 InterVLAN Routing: Its the equivalent of making vlan interfaces with routing enabled on them, on a Layer 3 Switch

 —CHEAT SHEET—

Default VLAN: UNTAG and PVID (Note UNTAGS override TAGS) – Layer 2

Membership: TAG – Layer 2

Intervlan Routing: Interface VLAN – Layer 3

Leave a Reply

Your email address will not be published. Required fields are marked *