I am still so lost.
The concept of vlans hasn't clicked yet. I suggest looking at these vlan references
Virtual Local Area Networks (VLANs) read this first. Then watch video.
VLANs (above article, but in Video format)
Then watch
What is the Native VLAN? and finally
Routing Between VLANs
And if while watching those, if there are things that don't make sense, see the
networking fundamentals play list and make sure you understand how and why things work. The first link also has links to other material that goes into more detail, but my recommendation is that if things are not clear in the first link, go through the fundamentals playlist in order from the beginning as a "refresher". Knowing the fundamentals will make many networking things much easier to understand.
Then we can get to the question
So how would I set up VLANs with only non-vlan-aware devices (like 2 Windows PCs)?
Because the answer to the question depends whether the two PCs are on the same vlan or on separate vlans.
Understanding how to use and configure vlans without understanding how they work is like trying to make modifications to a circuit without understanding how it works.
Understanding how vlans work without understanding how ethernet works is like trying to understand how a circuit works without understanding what each component does. e.g. understanding how a voltage divider works without understandind ohms law and what a resistor is. Put another way, it is the difference between duplicating a project you find online vs what bigclive does on his youtube
videos.
If all you want is a "
heathkit" with all the parts and explicit instructions to make a working device, then you may be able to find example configurations online and make small tweaks to them and get something to work. Maybe that's your goal, to get something to work, not to learn how to do it yourself. But that doesn't seem to be the normal personality type for someone with your self assesment "an extra class ham also and have been in tech for 30 years".
So my advice is to start simple and make sure you understand how and why things work. Only then will things make sense, at least that is true in my experience.
So you need to understand some terminology - i.e. what untagged and tagged mean, and what a vlan-aware means. And how a vlan-aware switch works. The IEEE 802.1Q specs treat a bridge as a black box, i.e. the spec only describes what outputs the bridge must have when presented with a specific set of inputs; it does not specify how the implementation works inside. (an ethernet switch normally means a hardware implementation of a bridge device in an ASIC). Personally, I don't use @k6ccc description of what happens when an untagged frame is received on an access port, although there may be implementations that do exactly what he says. I prefer to use the word "classify" instead of "tag" when referring to what the switch does when it receives an ethernet frame, and how it determines which vlan a received frame will be placed in while it is internal to the switch. To me, the only place that IEEE802.1Q tags apply is when external to the switch, e.g. on a wire. Internally, the bridge must have a way to keep the vlans distinct, that is all the spec says. If it helps you to think of switches/bridges as using IEEE802.1Q tags internally, and that all traffic internal to the switch is tagged, and tags are only removed when sending traffic out untagged ports, then that is one way to think about it.
Untagged just means a "standard"
ethernet frame, where the
ethertype field isn't one of the TPID values (0x8100 is the standard IEEE 802.1Q, but some more advanced switches understand service tags 0x88A2 as well)
A loose analogy (and analogies can't be perfect) is that vlans are like different frequencies, and that an untagged port has a modem (modulator/demodulator) attached that is for a specific frequency that will be used inside the switch to keep the "conversation" distinct. Then any port that is tuned to that frequency (a member of the vlan) will be able to communicate with others on the same frequency.
I assume you have found this
example section of the manual. The problem with those examples is that they are stand alone devices. And to work with each other, both ends of a link must agree on which one (if any) vlan is untagged, and what vlans are supposed to be allowed on the link. In other words, if you have a device with a trunk port with tagged vlans 20 and 30 and an untagged vlan 10 on one end, and a device configured with tagged vlans 50 and 60 and untagged vlan 1 on the other end, then the only thing that will flow between is the untagged traffic, but it will be considered to be in different vlans at each end. The left will consider the traffic to be on vlan 10, where the right will consider the traffic to be on vlan 1.
And vlans by design are virtually separated from each other. The only way for different vlans to communicate with each other is by a router (and each vlan will be a different subnet) or by intentionally mismatching untagged vlans (and then its all still in the same broadcast domain, just using different vlans in the two switches. See the
challenge quiz for an example.