@staticsafe Thanks! 😀

@phessler
*nod* Yeah, the terminology wasn't straightforward for me. Untagged packets when you want it on the primary VLAN, tagged when you want it on any of the secondary.

@viciousviscosity @phessler VLANs were one of those things that immediately made sense to me, but I could never explain to anyone else, even people whose job it was to use them 😅

@zigg @phessler
I can completely understand that, it's taken the network guys a few times and me fiddling around with the equipment myself for it to stick. 😀
I was always comfortable with splitting physical ports between VLANs, but now I'm understanding trunking, tagging and untagging.

@viciousviscosity @phessler @zigg

Every time I think "Oh, I can just use the primary LAN here, I'll never have to drag it off this switch!" I'm wrong.

So I tag everything. I use netflow to capture & flag anything on the primary LAN, because it's misconfigured.

But it's possible I'm suffering from Post Corporate Network Traumatic Stress Disorder.

@viciousviscosity you can't always do that, though. e.g. juniper doesn't allow mixing tagged and untagged on the same port.

some network peeps consider mixing tagged and untagged to be uncouth.

@phessler So… dedicated ports?

@viciousviscosity nah, if it has more than one vlan then we just tag everything. is rarely a problem.

@phessler Ohh, okay, explicitly tagging - so they're all trunked ports?

@viciousviscosity yup.

we only split ports for bandwidth reasons, or to avoid hairpins. (e.g. for firewalls/routers)