× NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Start a New Discussion

Start a New Discussion

Orbi WiFi 7 RBE973
Reply

S350 GS308T - Not getting VLANs correctly

scotrod
Aspirant
Aspirant
‎2023-08-09 04:55 AM
‎2023-08-09 04:55 AM

S350 GS308T - Not getting VLANs correctly

Hello, recently I purchased S350 Smart Switch (GS308T) for home usage. This is my first managed switch and main reason for purchasing it was to better manage my homelab and learn about VLANs.

 

I created a VLAN from my pfSense router (which is a VM) and put some FW rules. This VLAN has an ID of 96. The same VLAN is created on the switch (refer to screenshot below):

 

scotrod_0-1691581662281.png

 

Here is a screenshot of the VLAN Membership page:

 

scotrod_1-1691581745550.png

 

Port 8 is connected to the pfSense and port 3 is connected to my company provided computer.

 

Problem is: According to Netgear's documentation:https://kb.netgear.com/31026/How-to-configure-a-VLAN-on-a-NETGEAR-managed-switch

"Ports which connect to client devices such as PCs should be marked as untagged (U). This is also known as an access port."

 

In my case, this does not work. When I set the port as untagged (U), the Windows 10 Pro 64x based laptop cannot get connection to anything. I've tried rebooting it, disabling the Ethernet adapter, setting manual IPs and DHCP, but nothing works. With setting the port as tagged (T), it works just like a charm.

 

Question is, why in my case this does not work? As far as I'm aware, Windows should not be VLAN aware (without additional modifications?).

 

Thank you.

Message 1 of 11
Labels:
0 Kudos
Reply

Accepted Solutions
schumaku
Guru Guru
Guru
‎2023-08-09 08:45 AM
‎2023-08-09 08:45 AM

Re: S350 GS308T - Not getting VLANs correctly

@scotrod wrote:

Problem is: According to Netgear's documentation:https://kb.netgear.com/31026/How-to-configure-a-VLAN-on-a-NETGEAR-managed-switch

"Ports which connect to client devices such as PCs should be marked as untagged (U). This is also known as an access port."

 

In my case, this does not work. When I set the port as untagged (U), the Windows 10 Pro 64x based laptop cannot get connection to anything. I've tried rebooting it, disabling the Ethernet adapter, setting manual IPs and DHCP, but nothing works. With setting the port as tagged (T), it works just like a charm.

 

Question is, why in my case this does not work? As far as I'm aware, Windows should not be VLAN aware (without additional modifications?).

The documentation is correct For an untagged port, and you want the port on VLAN 96 [U]ntagged, you have to set the PVID to 96, too - otherwise the untagged incoming frames will be sent to the VLAN 1, the default PVID. Just setting the port to [U]tagged for the VLAN 96 alone isn't sufficient.

 

Scroll down a little bit until you get the "Configure port PVID settings for untagged ports:" section.

 

Worth reading? S350 Series 8-Port Gigabit Ethernet Smart Switch Models GS308T and GS310TP User Manual - Configuration Examples - VLAN Configuration Examples p.334/335

 

The KB entry referred above applies to the Managed Switches and almost all VLAN capable switches.

View solution in original post

Message 2 of 11
Reply

All Replies
schumaku
Guru Guru
Guru
‎2023-08-09 08:45 AM
‎2023-08-09 08:45 AM

Re: S350 GS308T - Not getting VLANs correctly

@scotrod wrote:

Problem is: According to Netgear's documentation:https://kb.netgear.com/31026/How-to-configure-a-VLAN-on-a-NETGEAR-managed-switch

"Ports which connect to client devices such as PCs should be marked as untagged (U). This is also known as an access port."

 

In my case, this does not work. When I set the port as untagged (U), the Windows 10 Pro 64x based laptop cannot get connection to anything. I've tried rebooting it, disabling the Ethernet adapter, setting manual IPs and DHCP, but nothing works. With setting the port as tagged (T), it works just like a charm.

 

Question is, why in my case this does not work? As far as I'm aware, Windows should not be VLAN aware (without additional modifications?).

The documentation is correct For an untagged port, and you want the port on VLAN 96 [U]ntagged, you have to set the PVID to 96, too - otherwise the untagged incoming frames will be sent to the VLAN 1, the default PVID. Just setting the port to [U]tagged for the VLAN 96 alone isn't sufficient.

 

Scroll down a little bit until you get the "Configure port PVID settings for untagged ports:" section.

 

Worth reading? S350 Series 8-Port Gigabit Ethernet Smart Switch Models GS308T and GS310TP User Manual - Configuration Examples - VLAN Configuration Examples p.334/335

 

The KB entry referred above applies to the Managed Switches and almost all VLAN capable switches.

Message 2 of 11
Reply
scotrod
Aspirant
Aspirant
‎2023-08-09 12:22 PM
‎2023-08-09 12:22 PM

Re: S350 GS308T - Not getting VLANs correctly

Yes, this worked. Thank you!

 

If I may use the comment, why would this setup works when the port is set as "tagged"? I understand the logic of working when the port to my laptop is set as untagged - Windows does not tag the packets, so the switch is expecting untagged packets, and depending of my setup, it tags them with the correct VLAN ID - like right now.

 

But previously it worked just fine while the port was set as "tagged", however the traffic coming from the Windows laptop were not tagged.

Message 3 of 11
0 Kudos
Reply
schumaku
Guru Guru
Guru
‎2023-08-09 12:38 PM
‎2023-08-09 12:38 PM

Re: S350 GS308T - Not getting VLANs correctly

@scotrod wrote:

But previously it worked just fine while the port was set as "tagged", however the traffic coming from the Windows laptop were not tagged.

Whatever was in place and active before. Was the data path flowing over a switch which has done the proper tagging for example? As you say, normally a Windows client does not tag the traffic on it's own. Or you had configured the Windows network adapter for explicit tagging? Or the port was connected to another trunk port, probably configured for a trunk, for example on your security appliance?

Message 4 of 11
Reply
scotrod
Aspirant
Aspirant
‎2023-08-09 12:42 PM
‎2023-08-09 12:42 PM

Re: S350 GS308T - Not getting VLANs correctly

No additional configuration whatsoever. While trying it to make it work I even took another freshly preinstalled laptop with Windows on top of it, and again it worked while the port was set as "tagged".

 

Here is a screenshot of the Port PVID config menu:

scotrod_0-1691610057675.png

 

What is weird to me is that the VLAN Tag is set to None (defaults...), and currently it works like fine. The device which is connected to port 3 is in the 96 VLAN and has no issues.

Message 5 of 11
0 Kudos
Reply
schumaku
Guru Guru
Guru
‎2023-08-09 01:23 PM
‎2023-08-09 01:23 PM

Re: S350 GS308T - Not getting VLANs correctly

This port #3 does show up as untagged for VLAN 1,96 - why ever this is in place, it's wrong. Only the 96 must be untagged, not the VLAN 1. Your traffic does leak over VLAN 1.

 

Untagged 1.96.PNG

Message 6 of 11
Reply
schumaku
Guru Guru
Guru
‎2023-08-09 01:33 PM
‎2023-08-09 01:33 PM

Re: S350 GS308T - Not getting VLANs correctly

Check the VLAN Membership, select VLAN 1 ... guess you find an U for port

 

vlan membership port 3 vlan 1.PNG

 

The Web UI should in my opinion complain about this double [U]ntagged setting (added while adding the Untagged 96?) for this port. One more beer for me from Netgear?

Message 7 of 11
Reply
scotrod
Aspirant
Aspirant
‎2023-08-10 12:31 AM
‎2023-08-10 12:31 AM

Re: S350 GS308T - Not getting VLANs correctly

Correct, but I've never touched any of these:

scotrod_0-1691652602236.png

 

Does this means that every time I am setting up any port, I need to go to VLAN ID 1, and remove the "U" tag from there? I guess it needs to be empty?

Message 8 of 11
0 Kudos
Reply
schumaku
Guru Guru
Guru
‎2023-08-10 12:41 AM
‎2023-08-10 12:41 AM

Re: S350 GS308T - Not getting VLANs correctly

By default, all ports are configured as an access port for VLAN 1 [U]ntaggd, PVID 1. How should the new owner get access and take control otherwise?

Message 9 of 11
0 Kudos
Reply
scotrod
Aspirant
Aspirant
‎2023-08-10 12:46 AM
‎2023-08-10 12:46 AM

Re: S350 GS308T - Not getting VLANs correctly

Makes sence, I'm not trash-talking the product or anything, but trying to make it through. I just saw that this step is described under:

https://kb.netgear.com/31026/How-to-configure-a-VLAN-on-a-NETGEAR-managed-switch

"For each port added as untagged above, remove that port from VLAN 1. To do this, select VLAN 1 from the VLAN ID drop down menu and clear ports 5, 6, 7, 8, 9 & 10:"

 

So far so good, I still have plenty to learn (yes, I removed the 1 ID from the untagged VLANs menu for port 3), but you solved my problem and answered my questions. Many thanks for this.

Message 10 of 11
0 Kudos
Reply
schumaku
Guru Guru
Guru
‎2023-08-10 01:02 AM
‎2023-08-10 01:02 AM

Re: S350 GS308T - Not getting VLANs correctly

@scotrod wrote:

Makes sence, I'm not trash-talking the product or anything, but trying to make it through. I just saw that this step is described under:

https://kb.netgear.com/31026/How-to-configure-a-VLAN-on-a-NETGEAR-managed-switch

"For each port added as untagged above, remove that port from VLAN 1. To do this, select VLAN 1 from the VLAN ID drop down menu and clear ports 5, 6, 7, 8, 9 & 10:"

No time for trash talk here. 

 

As you referred this KB thread - applicable to a bunch of Managed Switch models only as per the "This article applies to:" information - for the second time, I can just repeat this is a KB for Managed Switches - however, many things are very similar on the Smart Switches. So when you scroll down a little bit more, you will find this:

 

untagged port - remove from VLAN 1.PNG

 

Hope you still enjoy the stay on your VLAN switch learning tour!

 

Regards

-Kurt

Message 11 of 11
Reply
Top Contributors
See All
Discussion stats
  • 10 replies
  • ‎2023-08-09 04:55 AM
  • 1610 views
  • 5 kudos
  • 2 in conversation
Announcements