VLAN features

This article describes the VLAN features available in 60 GHz cnWave


The following 802.1Q features are supported per port

  • Adding single VLAN tag to untagged packets
  • Adding QinQ/double-tag to untagged packets
  • Adding QinQ outer tag to single tagged packets
  • Transparently bridge single/double tagged packets (default behaviour)
  • Remarking VLAN ID
  • Remarking 802.1p priority
  • Option to allow only the selected range of VLAN IDs
  • Option to drop untagged packets
  • Option to drop single tagged packets
  • Option to select ethertype of the outer tag

Note: VLAN configuration is applicable only when Layer2 bridge is enabled

Port Type



By default, ethernet port is in transparent mode. Packets will be transparently bridged without any 802.1Q processing.


Q mode allows adding single C-VLAN tag to untagged packets

Native VLAN ID and priority fields define the above mentioned C-VLAN tag properties.


This option allows to drop untagged packets. Native VLAN properties are not necessary to fill when untagged packets are dropped.

VLAN Filtering

Allows only the listed range of VLAN IDs.


QinQ mode allows adding double tag to untagged packets and outer S-VLAN to single tagged packets


These are C-VLAN tag properties of added tag.


These are S-VLAN tag properties of the added outer tag.


In QinQ mode, the above options allow to drop untagged/single tagged ingress packets. Native C-VLAN fields are not necessary when dropping single tagged packets. Native S-VLAN fields are not necessary when dropping untagged and single tagged packets.

VLAN Filtering


Allow only the listed range of VLAN IDs. VLAN ID of the outer tag is used for this check.

QinQ Ethertype

This ethertype is used while adding outer tag

VLAN ID remarking


VLAN ID of the ingress packet is remarked. In the above example, if a packet with VLAN ID 10 enters ethernet port, it is remarked to 100. In the egress path, the reverse remarking occurs. VLAN ID 100 is remarked to 10 and egresses the ethernet port.
The VLAN ID of the outer tag is used for remaking. For a double tagged ingress packet, S-VLAN ID gets remarked and for a single tagged packet, C-VLAN ID

802.1p overriding


Priority field in the (outer) VLAN tag of ingress packet can be overwritten using this option.

Management VLAN


A Single tag or double tag (select Add Outer tag check box) can be added to Management traffic.

Management VLAN on PoP

Following get tagged with Mgmt VLAN on PoP

  1. All traffic generated by PoP. HTTPS (GUI) , E2E, NTP, BGP etc
  2. All traffic that gets routed via PoP. This includes E2E traffic from CNs and DNs

Management VLAN on DNs and CNs

All IPv4 traffic generated by CNs/DNs like HTTPS (GUI), NTPv4.


Is there a reason theirs no way to lock down additional ports and disable them?

For instance, a V3000 at a remote client site if we don’t want the SFP+ and AUX ports enabled?
Right now it seems only way would be to set it to Q and Native VLAN to an invalid vlan that isn’t on the remote switch with no allowed vlans, as theirs no “disable” setting.

You can choose to disable any of the physical ports on the V3000 / V5000 / V1000 in the Networking Configuration page (screenshot shown below).


Yep came back to say i found it LOL, thought it would have been next to the config for the various ports but this makes sense :slight_smile: