You need two computers. On each set up network connections in Network Manager with IP addresses in the 192.168.1.* range. I used 192.168.1.5 and 192.168.1.6, with a netmask of 255.255.255.0, and no gateway.
This range is also the ZyXEL USG-50 default range, so it’s useful for working with that device as well.
Disconnect the switch from any other networking equipment. If it’s connected to a router, the router may pass traffic between vlans.
On each computer, ping the other computer.
Move the ethernet plugs around so you’re sometimes on the same vlan, and sometimes on different vlans. You should not be able to ping from one vlan to the other.
If you want to be thorough, get a piece of graph paper out, and make a test grid, and record when you cannot reach the other computer via ping:
1 4 5 1 _ _ _ 4 X _ _ 5 X X _
(Pay attention to the network icon. Your network might go away when you unplug, so you’ll need to force a reconnection.)
Testing across switches
To test the uplilnk, to make sure it’s sending traffic between the switches, you need to isolate the two switches form the router, and then run the same tests, but across the two switches.
Topology test
The overall topology of the network shouldn’t matter much, except that you need to use the uplink port (and downlink port) to connect to the router.
Define two tagged ports on each switch, and rearrange the wiring so the router sits in different positions in the network. Here are three arrangements for our test network.
switch – switch – router
switch – router – switch
router – switch – switch
No matter what the arrangement, you should be able to get out to the internet.
You can’t really test for vlan isolation because the default setup of the router is to route all traffic across vlans. That can be disabled via some firewall rules (but you can’t reliably test for both these things at once; it’s easier to test just one).