PVID for Trunk Port on the B One connected to a Managed Switch

Hello all,
Optional Background info: I recently purchased a B One router and am on a steep learning curve. I started down this long and winding path when I purchased IoT cameras and wanted to keep my computer safe. I originally put my IoT cameras on the guest network, but was unable to connect an IoT hub on the guest network via Ethernet. I learned that VLANs was the solution, but I resisted purchasing a router with robust VLAN capabilities feeling totally intimidated by networking concepts and all the cryptic discussions that went over my head. I first purchased a router with pre-configured VLANs and it was super easy to configure, but discovered it was too limiting for my needs.

That brings me to the B One. I’ve spent countless hours in the past few months and while I’ve a learned a lot, I’m not done. I am trying to configure a trunk port for the managed switch and after that will be an access point.

So far, I have the B One working as expected, albeit incomplete. I have multiple VLANs with inter-VLAN connections disabled. I am not consciously using LAN 1. I unassigned Port 1 from LAN 1. However, I don’t understand the PVID option when configuring the trunk port. The explanation given is “Untagged frames received by the port are classified to a VLAN indicated by Port VLAN Identifier (PVID). All frames from the VLAN are untagged on egress.”

In my diagram, you can see I have selected VLANs 11,14 and 16 for the trunk port. So why would there be untagged frames going to the switch? It seems like those might be “interloper” frames that I don’t want??? I think I’d only want to send frames for one of the VLANs I created. As I mentioned, I don’t plan to use LAN 1, at least intentionally. Please explain the use cases and thought process of selecting a default PVID. What are the security risks? What else should I be asking? And what is the purpose of tagging the frames with the chosen PVID if they are untagged on egress. Do they mean when exiting the switch? Please help me understand

Please refer to my network diagram. Thanks in advance!

Peplink B One Network Diagram 011800×1286 138 KB

Its essentuially saying “what is the untagged v;lan on that port”.

So you can have a few vlans (ie separated networks), one of which has no vlan tag downstream.

You have vlan 11, 14, 16… lets add vlan 10 as well, and say that’s a management network. You set the PVID to vlan 10 on the trunk port from the peplink to the switch, and anything plugged into the switch on a port with no vlan becomes vlan 10 at the peplink.

Thanks for your reply!

I have more understanding and another question… When you said “Its essentuially saying “what is the untagged vlan on that port”.” which port are you referring to, the port on the Peplink or the port on the switch the trunk port is connected to?

the peplink B One port, in that instance.

I appreciate your willingness to communicate with someone who doesn’t speak the language.

FYI… I updated my diagram to reflect how I interpreted your reply and added two questions Q#1 and Q#2 to verify whether I understand. They are:

Q#1: If Port 4 in the Peplink is not assigned to a VLAN, then are frames for the attached PC going through the trunk port tagged as VLAN 10?

Q#2: Since Ports 2,4,7 & 8 are not assigned to a VLAN, is it correct to say that any client plugged into these ports are in VLAN 10?

2026-02-26 Peplink Network Diagram1800×1286 172 KB

No- PVID is not set on BOne port4 (only on port1), so those devices would be in vlan1/untagged vlan from the peplinks perspective

for the devices on the untagged switch ports, thats right… from the switches perspective, its untagged. When the traffic reaches the peplink b one port 1, the peplink then tags that traffic as vlan 10.

Networking is complicated the more you get into it. Thanks again for your expertise!