M4100 Trunk, all addresses labeld with Native VLAN ID

Question

Hi&nbsp;I have two M4100 Switches. One is directly connected to the Firewall on Port 1, where I have several tagged VLANs. The second Switch is connected from Port 5 to Port 1 on the second Switch.&nbsp;Under Switching -&gt; Vlans -&gt; VLAN Trunking Configuration I have all relevant VLANs selected and the port is marked as Trunk. On both switches the same (except the port number).&nbsp;I can see all devices connected to the second switch on the first switch, but all tagged to vlan 1 instead of the correct vlan which is totally visible on the second switch. it looks, like the first switch is just dropping the tags and retagging the packets to the native vlan id I select.&nbsp;what do i miss?&nbsp;&nbsp;

msi · Answer

If you can manage logging into the switch via telnet or preferably SSH, post the output of 'show running-config interface 0/x' , where x is in your the port to the firewall (SW1 port 1) and the ports on both switches where they are interconnected together (SW1 port 5 and SW2 port 1). Also it would be helpful to know if the firewall expects all VLANs to be tagged or if one among all VLANs is expected untagged.

Sometimes it's easier to suggest a fix with the actual text-based configuration. I can imagine a small misconfiguration with the VLAN configuration or the PVID.

If you don't know your way on the CLI, you can also export the configuration from the switch, open it in a text editor on your machine and post the relevation sections starting with 'interface 0/x' and until the appearance of an 'exit'.(We don't need to see the full configuration.)

eBakknPHbIJZcZG · Answer

Hi&nbsp;Just for documentation: after ssh use "enable" first.&nbsp;----(M4100-24G-POE+) #show running-config interface 0/5!Current Configuration:!interface 0/5description 'SwitchEstrich'switchport mode trunkswitchport trunk allowed vlan 1,5-8,22,99-101vlan participation auto 1vlan participation include 10-12,22,99,101,2001vlan tagging 10-12,22,101,2001exit(M4100-24G-POE+) #show running-config interface 0/1!Current Configuration:!interface 0/1description 'Firewal Lan'mtu 1522switchport mode trunkvlan participation include 5-6,8,10-12,22,99,101,2001vlan tagging 5-6,10-12,22,99,101,2001mode dvlan-tunnelexit&nbsp;---&nbsp;mtu i'm aware of.differnece is clearly visible. Thanks a lot.&nbsp;

schumaku · Answer

The "mode dvlan-tunnel" on the firewall LAN port looks suspicious - I guess you want these VLANs directly on your firewall - and not DVLANs. The firewall will only work on the "outer" DVLAN, the "inner" VLAN tags wont be dealed with. FMI: https://kb.netgear.com/21940/What-are-double-VLANs-and-how-do-they-work-with-my-managed-switch

Grüsse,

-Kurt

msi · Answer

Yes, definitely a rare occurence IMO in your use case it's rather causing issues, here is an example on how to remove it:&nbsp;enable

! Enter Global Config, then Interface Config of 0/1
configure
interface 0/1

! Disable DVLAN
no mode dvlan-tunnel

! Leave Interface, then Global Config mode
exit
exit

! Save configuration
write memory&nbsp;In the current configuration of port 0/1 all VLAN interfaces on your firewall need to tag the traffic as&nbsp; on all VLANs, untagged traffic is going to end up in VLAN 1 unless you set "switchport trunk native vlan X" since the default value according to the CLI manual is "switchport trunk native vlan 1". (default values are not shown, only with "show running-config all")&nbsp;Also are you certain that VLAN 5-6 and 8 shouldn't be available on the uplink between the first switch and the second one while available on the Firewall's port? (You'd have to configure them on the other switch too, but just asking)&nbsp;&nbsp;Sidenote: It's interesting to me to see that your your ports are in "switchport mode trunk" as the default setting according the the CLI Command Reference Manual is "switchport mode general". However it shouldn't negatively affect your configuration, leave it as is. Also while general is default, it has a "legacy behavior"mentioning... maybe the current GUI generates this configuration, interesting... :-)

Forum Discussion

M4100 Trunk, all addresses labeld with Native VLAN ID

4 Replies

Related Content

GS305E Trunking tagged and untagged vlans

GS108Ev3 Port Trunking

Trunk cannot pass untagged traffic

Trunk Port

Averiguar ip address

NETGEAR Academy

ProSupport for Business