Skip to content
Click here to open the documentation of locally-managed switches, including the CLI and API guides.

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=switch-management-VLANs

VLANs

On the VLANs page, you can add, delete and edit the VLANs assigned to the switch.

To add a VLAN, do as follows:

  1. Click Add VLAN.
  2. In the Add VLAN window, enter the VLAN information and click Save.

The information you must enter is described below:

  • Name: Enter a name for the VLAN.
  • VLAN ID: Enter the VLAN ID. This must be a number from 2 to 4094.
  • Color: Select a color to be displayed in the admin console for the VLAN. This is only a visual guide and doesn't affect the VLAN function.
  • Description: Enter a description for the VLAN.

  • Untagged ports: From the drop-down menu, select which ports are untagged. These ports only allow traffic to pass from the single VLAN.

    Warning

    All untagged ports use the default VLAN ID. To allow traffic from other VLANs ports must be tagged.

  • Tagged ports: From the drop-down menu, select which ports will be tagged. These are trunk ports, allowing traffic from multiple VLANs to pass through a single port.

Add VLAN window.

GVRP

GVRP (GARP VLAN Registration Protocol or Generic VLAN Registration Protocol) is an IEEE 802.1Q-compliant method for automatically configuring VLAN membership.

To use GVRP, do as follows:

  1. Go to VLANs > GVRP.

  2. Use the radio buttons to turn on or turn off GVRP. When Not set is selected, no configuration is pushed from Sophos Central, and any local settings will be used.

    Turn on GVRP.

  3. Click Update.

    Click update.

  4. In the ports table, use the drop-down menus to configure the following settings on a port-by-port basis.

    1. Status: Turn on or turn off GVRP.

      Set GVRP status.

    2. Restricted VLAN: Turn on or turn off restricted VLAN.

      Set restricted VLAN.

    3. Join time (ms): Set the time in milliseconds that join messages are sent. You must use multiples of 10 and the available values are from 10 to 4,999,000.

      Set join time.

    4. Leave time (ms): Set the time in milliseconds that leave messages are sent. You must use multiples of 10 and the available values are from 10 to 9,999,000.

      Set leave time.

    5. Leave all time (ms): Set the time in milliseconds that leave all messages are sent. You must use multiples of 10 and the available values are from 10 to 10,000,000.

      Set leave all time.

  5. Click Update.

    Update ports.

Voice VLAN

Use voice VLAN to configure the VLAN carrying your voice over IP (VoIP) traffic. Voice traffic on this VLAN will be prioritized to ensure call quality.

You can specify your voice VLAN using the VLAN ID or an OUI ID.

Note

If you select "Not set", configuration isn’t pushed from Sophos Central, so the local configuration is still used.

To configure voice VLAN, do as follows:

  1. Go to VLANS > Voice VLANs.

  2. Under Global settings > Voice VLAN status, select Auto.

    Voice VLAN status.

  3. Under Voice VLAN ID, select the VLAN ID that corresponds to your voice VLAN.

    Voice VLAN ID.

  4. Under VLAN priority tag, select a priority tag for your voice VLAN.

    VLAN priority tag.

  5. Under DSCP, enter a DSP value. Available values are 0 to 63.

    DSCP tagging.

  6. Under 802.1 CoS status, turn on or turn off CoS.

    CoS status.

  7. Under CoS priority, select a CoS priority.

    CoS Priority.

  8. Under Aging time, enter an aging time between 30 and 1,440.

    Aging time.

  9. Click Update.

    Click update.

To configure voice VLAN, do as follows:

  1. Go to VLANS > Voice VLANs.
  2. Under Global settings > Voice VLAN status, select OUI.

  3. Under VLAN priority tag, select a priority tag for your voice VLAN.

    VLAN priority tag.

  4. Under DSCP, enter a DSP value. Available values are 0 to 63.

    DSCP tagging.

  5. Under 802.1 CoS status, turn on or turn off CoS.

    CoS status.

  6. Under CoS priority, select a CoS priority.

    CoS Priority.

  7. Under Aging time, enter an aging time between 30 and 1,440.

    Aging time.

  8. Click Update.

    Click update.

  9. Under OUI settings, click Add.

    OUI settings add.

  10. In the popup window, enter the OUI address. This consists of the first three octets of the device's MAC address.

    OUI address.

  11. (Optional) Provide a description.

  12. Click Save.

    Click Save.

Ingress filtering

Use ingress filtering to further filter traffic on a port-by-port basis.

To configure ingress filtering, do as follows:

  1. Go to VLANs > Ingress filtering.

  2. In the ports table configure the following options on a port-by-port basis.

    1. Under Accept type, you can choose whether to accept All packets, or just Tagged or Untagged packets.

      Accept type.

    2. Under Ingress filtering, turn on or turn off ingress filtering.

      Turn ingress filtering on or off.

    3. Under Priority ingress filtering, turn on or turn off priority ingress filtering.

      Turn priority ingress filtering on or off.

  3. Click Update.

    Click Update.