This switch does not allow you to choose which ports the default VLAN is connected to. Seeing that the configs for the default VLAN do get dumped into the config backup file, I decided to patch that file, modifying and uploading the internal config of the switch instead of politely asking it to remove that VLAN from some ports.
If you open the config file with a hex editor, you'll notice somewhere in the middle the strings "Default_VLAN", followed by the names of the VLANs you created. Each of these strings form part of a VLAN entry in the internal config model for the switch. Understanding how these entries are encoded is essential to patching the config.
This is an example of how the entries look like (I was already starting to mess with the config, that's why it shows "Default" instead of "Default_VLAN" for the VLAN name):
00000490: ffff ffff ffff ffff ffff 0008 0001 4465 ..............De
000004a0: 6661 756c 7400 0000 0000 0000 0000 0000 fault...........
000004b0: ff00 0000 0001 0002 6c61 6e00 0000 0000 ........lan.....
000004c0: 0000 0000 0000 0000 0000 0700 0000 0501 ................
000004d0: 0078 746c 5f65 7363 7500 0000 0000 0000 .xtl_escu.......
000004e0: 0000 0000 f100 0000 3101 0008 7073 345f ........1...ps4_
000004f0: 7361 6665 0000 0000 0000 0000 0000 0500 safe............
00000500: 0000 0101 0fa0 7465 7374 5f76 6c00 0000 ......test_vl...
00000510: 0000 0000 0000 0000 0800 0000 0801 0000 ................
00000520: 0000 0000 0000 0000 0000 0000 0000 0000 ................
After some reverse engineering, I figured out that every entry (including the default VLAN) follows this form:
xxxx yyyy yyyy yyyy yyyy yyyy yyyy yyyy yyyy yy00 aa00 0000 bb01
^^^^ ^^^^ ^^^^ ^^^^ ^^^^ ^^^^ ^^^^ ^^^^ ^^^^ ^^ ^^ ^^
| | | |
| | | |-- Tagged ports bitmask
| | |------------ Member ports bitmask
| |------------------------------------ VLAN name
| (probably null terminated, 15 chars)
|------------------------------------------------------------- VLAN ID
Where the MSB of the bitmasks corresponds to port 8, and the LSB to port 1.
Ports:
- t: tagged port
- u: untagged port
- 0: not a member of the VLAN
Decoding the above example entries, yields the following results:
D e f a u l t uuuuuuuu
0001 4465 6661 756c 7400 0000 0000 0000 0000 0000 ff00 0000 0001
l a n 00000tut
0002 6c61 6e00 0000 0000 0000 0000 0000 0000 0000 0700 0000 0501
t l _ e s c u uutt000t
0078 746c 5f65 7363 7500 0000 0000 0000 0000 0000 f100 0000 3101
p s 4 _ s a f e 00000u0t
0008 7073 345f 7361 6665 0000 0000 0000 0000 0000 0500 0000 0101
t e s t _ v l 0000t000
0fa0 7465 7374 5f76 6c00 0000 0000 0000 0000 0000 0800 0000 0801
So essentially what I needed to do to restrict the default VLAN to ports that didn't send nor recieve untagged packets was to replace this:
D e f a u l t uuuuuuuu
0001 4465 6661 756c 7400 0000 0000 0000 0000 0000 ff00 0000 0001
by this:
D e f a u l t 0000000u
0001 4465 6661 756c 7400 0000 0000 0000 0000 0000 0100 0000 0001
Where port 1 is a "trunk" port that carries all the VLANs to another switch.
Test if ports excluded from VLAN 1 can still be used to manage the switch. Since this switch has so many security problems, it'd be nice if it turned out that the management software in the microcontroller was only listening on the default VLAN.