VLANs

On the VLANs tab, you can manage switch VLAN features, such as basic VLAN configuration, GVRP protocol settings for automatic VLAN membership management, Voice VLAN configuration for prioritizing VoIP traffic, and ingress filtering controls that determine packet acceptance based on VLAN tags.

You can see the following information about the VLANs on your switch:

• ID: Shows the VLAN ID in the color you selected when configuring the VLAN. Colors are only a visual guide and don't affect the VLAN's function.
• Name: The name assigned to the VLAN.
• Description: The description for the VLAN.
• Configuration source: Shows the origin of the VLAN settings.
• Untagged ports: Shows the ports that pass traffic without VLAN tags. All untagged ports use the default VLAN ID.
• Tagged ports: Shows the ports that pass traffic with the specified VLAN tag. To allow traffic from VLANs other than the default, you must select tagged ports.
• Ports configuration source: Shows the origin of the port's configuration.

• Conflicts: Shows conflicts between Sophos Central and local switch configurations.

  Click Resolve conflicts or Import to Sophos Central for each VLAN to synchronize the settings.

To add a VLAN, click Add VLAN, configure the VLAN settings, and click Save.

To edit a VLAN, click edit on the VLAN whose settings you want to change.

To delete a VLAN, select the VLANs you want to remove and click Delete.

GVRP

GARP VLAN Registration Protocol (GVRP) is an IEEE 802.1Q-compliant protocol for automatically managing VLAN membership. GVRP uses Join and Leave messages to manage the switch's VLAN membership. On the GVRP tab, you can manage the GVRP settings on the switch.

Click Turn on or Turn off and click Update to turn GVRP on or off on the switch.

You can see the following information about GVRP on the switch:

• Port: Shows the port to which the GVRP settings apply.
• Status: Shows whether GVRP is turned on or turned off for the specified port.
• Restricted VLAN: Shows whether the port is in restricted VLAN mode. In this mode, the port only learns VLANs that are already configured on the switch. It ignores join messages for all other VLANs.
• Join time(ms): Shows the configured join time. This controls how long a switch waits before sending GVRP Join messages to advertise VLAN membership.
• Leave time(ms): Shows the configured leave time. This controls how long a switch waits before sending GVRP Leave messages to deregister VLAN membership.
• Leave-all time(ms): Shows the configured leave-all time. This controls how often the switch sends GVRP LeaveAll messages to refresh VLAN registration information.
• Configuration source: Shows the origin of the port's GVRP configuration.

Click Update after making changes to save the settings.

Click Clear to clear any unsaved changes you've made.

Click LAG ports to view the settings for LAG ports.

Voice VLANs

Use the Voice VLANs tab to configure the VLAN carrying your voice over IP (VoIP) traffic. The switch prioritizes traffic on this VLAN to ensure call quality.

Global settings

You can configure the following global settings for the voice VLAN:

• Voice VLAN status: Select one of the following options:

  • Not set: Use the switch's local voice VLAN configuration.
  • Disabled: Turn off voice VLAN.
  • Auto: Automatically detect VoIP devices and assign them to the voice VLAN.
  • OUI: Identify voice devices by Organizationally Unique Identifier (OUI) and assign them to the voice VLAN.

• Voice VLAN ID: Sets the voice VLAN ID for the network. Switches only support one voice VLAN.

• VLAN priority tag: Defines a service priority for traffic on the voice VLAN. The switch uses this value to set the priority of any received VoIP packets when the voice VLAN feature is active on a port.
• DSCP: Sets the Differentiated Services Code Point (DSCP). This is a value between 0 and 63 that marks packets for QoS. See Differentiated services.
• 802.1p CoS status: Enable this function to have outgoing voice traffic marked with the selected CoS priority value.

• CoS priority: Sets the 802.1p priority tag for voice VLAN traffic. The priority values and the traffic typically associated with them are as follows:

  • 7: Network Control (highest)
  • 6: Voice/Video Signaling
  • 5: Voice Media Traffic. This is the most common priority setting for voice traffic.
  • 4: Video Media
  • 3: Critical Applications
  • 2: High Priority Data
  • 1: Medium Priority Data
  • 0: Best Effort (lowest)

• Aging time: The aging time controls how long the switch waits before removing an automatically assigned port from the voice VLAN after voice traffic stops. When voice traffic stops and the MAC address of the voice device expires, the voice VLAN aging time begins. The switch removes the port from the voice VLAN after the aging time expires. If voice traffic resumes during the aging time, it resets.

Port settings

You can see and configure the following port settings for the voice VLAN:

• Port: Shows the port to which the voice VLAN settings apply.
• Status: Shows whether the voice VLAN is turned on or turned off for the specified port.

• CoS mode: Shows the method for assigning CoS priority to voice VLAN traffic as one of the following options:

  • Source: The switch applies source QoS attributes to packets with OUIs in the source MAC address.
  • All: The switch applies all QoS attributes to traffic assigned to the Voice VLAN.

• Configuration source: Shows the origin of the port's configuration.

• Operation status: Shows the operating status for the voice VLAN on the specified port.

Click Update after making changes to save the settings.

Click Clear to clear any unsaved changes you've made.

Click LAG ports to view the settings for LAG ports.

OUI settings

You can manually add specific manufacturers' MAC addresses and descriptions to the OUI table. The switch forwards all traffic received on the voice VLAN ports from a specific IP phone with a listed OUI to the voice VLAN.

You can see and configure the following OUI settings for the voice VLAN:

• OUI address: Shows the globally unique ID assigned to a vendor by the IEEE to identify VoIP equipment.
• Description: Shows the vendor's name or description assigned to the OUI.
• Configuration source: Shows the origin of the OUI settings.

To add an OUI, click Add, enter the OUI address and Description, and click Save.

To delete an OUI, select the OUIs you want to remove and click Delete.

Ingress filtering

When an untagged packet enters a port, the switch attaches the Port VLAN ID (PVID) to it. When the switch receives a packet on a given port tagged with that port's PVID, it forwards the packet to the port corresponding to the packet's destination address. If a port receives a packet with a VLAN ID that doesn't match its PVID, the switch drops the packet. If no VLANs are configured on the switch, all ports are assigned the default VLAN ID, 1.

You can see and configure the following settings for ingress filtering:

• Port: Shows the port to which the voice VLAN settings apply.

• Accept type: Shows whether the port accepts tagged, untagged, or all packets.

  • All: The port accepts both tagged and untagged packets.
  • Tagged: The port only accepts tagged packets. The port discards any untagged packets it receives.
  • Untagged: The port only accepts untagged packets. The port discards any tagged packets it receives.

• Ingress filtering: Shows whether ingress filtering is on or off.

  • On: The switch discards tagged packets if the VID doesn't match the PVID of the port.
  • Off: The switch forwards all packets according to the switch's VLAN configuration.

• Priority ingress filtering: Shows whether priority ingress filtering is on or off. When it's on, the switch drops packets with a VLAN ID of 0.

• Configuration source: Shows the origin of the ingress filtering settings.