SwOS/RB250-RB260-VLAN-Example
![](/images/thumb/e/ee/Icon-note.png/56px-Icon-note.png)
Note: These are basic VLAN configuration examples. In case a more detailed property description is needed, then please refer to VLAN Manual.
VLAN Example #1 (Trunk and Access Ports)
![Alt text](/images/a/ae/Ath1.png)
1) In VLAN menu configure Default VLAN ID on planned access ports to assign untagged traffic to specific VLAN in the switch.
![Alt text](/images/d/d1/SwOS_RB260_vlan1.png)
![Alt text](/images/5/59/Swos_RB250_vlan1.png)
2) In VLANs menu add VLAN entries and specify port membership to certain VLANs.
![Alt text](/images/1/17/SwOS_RB260_vlan2.png)
always strip
property for untagged ports and add if missing
for tagged port. All other ports that are not members for this specific VLAN should be marked with a not a member
property
![Alt text](/images/1/10/SwOS_RB250_vlan2.png)
3) At the end, enable strict VLAN filtering to ensure only allowed VLANs can pass through the ports.
![Alt text](/images/9/98/SwOS_RB260_vlan3.png)
![Alt text](/images/5/53/SwOS_RB250_vlan3.png)
always strip
property for untagged ports and add if missing
for tagged port. In order to successfully apply all VLAN related settings, a device reboot might be carried out
VLAN Example #2 (Trunk and Hybrid Ports)
![](/images/thumb/e/ee/Icon-note.png/56px-Icon-note.png)
Note: This configuration example only applies to RB260 device. Hybrid port configuration is not possible on RB250 device.
![Alt text](/images/a/a8/Ath2.png)
1) In VLAN menu configure Default VLAN ID on planned hybrid ports to assign untagged traffic to specific VLAN in the switch.
![Alt text](/images/d/d1/SwOS_RB260_vlan1.png)
2) In VLANs menu add VLAN entries and specify port membership to certain VLANs. Just like the previous example, an add if missing
property is used for a trunk port and same for hybrid ports where tagged traffic forwarding is allowed. For untagged traffic (defined by Default VLAN ID
) you need to use either leave as is
or always strip
property (black arrows).
![Alt text](/images/7/72/SwOS_RB260_vlan4.png)
3) At the end, enable strict VLAN filtering to ensure only allowed VLANs can pass through the ports. For hybrid ports to work properly, make sure VLAN Receive is selected as any
, otherwise ingress tagged or untagged traffic can be dropped (depending on selected option), but for the trunk port, it is possible to allow only packets with VLAN tag.
![Alt text](/images/9/98/SwOS_RB260_vlan3.png)