PVID is not needed for a simple DSA VLAN setup

I was slightly confused how PVID works since I learned Native VLANs when configuring Cisco switches. But luckily I found this article and that helped.

I have this setup on ZyXEL GS1900 switch:

It is simple - first / second port should "carry" VLANs into another OpenWrt / managed switch and the other ports are to connect PCs, printers...

Based on my reading of the article, the following config will have no effect since a single Untagged VLAN means that both Ingress / Egress are that single VLAN:

And with Cisco I would assign some unused VLAN as PVID on trunk ports to make sure that the untagged packets don't work (that they're tagged to an unused VLAN). But based on my reading of the article, untagged packets are ignored by default and the following Cisco-style config would actually break first and second trunk port:

In other words config from the first screenshot is all I need.

Could you please correct me if I'm wrong?

Thank you.

Mario

I would be wary using common 802.11Q definitions across all vendor devices, Cisco and OpenWrt included.

1 Like

It won't break first and second ports. Untagged packets ingress lan01 and lan02 will be assigned to vlan4000. Since there is no other port on the switch active in vlan4000, this can be ignored as well. This is the last example from the guide you posted.

1 Like

Thank you @trendy .

To summarize:

  • The first screenshot works 100% same as the second screenshot.
  • The first screenshot has similar effect as the third screenshot since in first case untagged packets are discarded and in third case they're tagged to VLAN 4000 which is not in use.
1 Like