NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
M4100 Trunk, all addresses labeld with Native VLAN ID
Hi I have two M4100 Switches. One is directly connected to the Firewall on Port 1, where I have several tagged VLANs. The second Switch is connected from Port 5 to Port 1 on the second Switch. ...
Hi
Just for documentation: after ssh use "enable" first.
----
(M4100-24G-POE+) #show running-config interface 0/5
!Current Configuration:
!
interface 0/5
description 'SwitchEstrich'
switchport mode trunk
switchport trunk allowed vlan 1,5-8,22,99-101
vlan participation auto 1
vlan participation include 10-12,22,99,101,2001
vlan tagging 10-12,22,101,2001
exit
(M4100-24G-POE+) #show running-config interface 0/1
!Current Configuration:
!
interface 0/1
description 'Firewal Lan'
mtu 1522
switchport mode trunk
vlan participation include 5-6,8,10-12,22,99,101,2001
vlan tagging 5-6,10-12,22,99,101,2001
mode dvlan-tunnel
exit
---
mtu i'm aware of.
differnece is clearly visible. Thanks a lot.
The "mode dvlan-tunnel" on the firewall LAN port looks suspicious - I guess you want these VLANs directly on your firewall - and not DVLANs. The firewall will only work on the "outer" DVLAN, the "inner" VLAN tags wont be dealed with. FMI: https://kb.netgear.com/21940/What-are-double-VLANs-and-how-do-they-work-with-my-managed-switch
Grüsse,
-Kurt
Yes, definitely a rare occurence IMO in your use case it's rather causing issues, here is an example on how to remove it:
enable ! Enter Global Config, then Interface Config of 0/1 configure interface 0/1 ! Disable DVLAN no mode dvlan-tunnel ! Leave Interface, then Global Config mode exit exit ! Save configuration write memory
In the current configuration of port 0/1 all VLAN interfaces on your firewall need to tag the traffic as on all VLANs, untagged traffic is going to end up in VLAN 1 unless you set "switchport trunk native vlan X" since the default value according to the CLI manual is "switchport trunk native vlan 1". (default values are not shown, only with "show running-config all")
Also are you certain that VLAN 5-6 and 8 shouldn't be available on the uplink between the first switch and the second one while available on the Firewall's port? (You'd have to configure them on the other switch too, but just asking)
Sidenote: It's interesting to me to see that your your ports are in "switchport mode trunk" as the default setting according the the CLI Command Reference Manual is "switchport mode general". However it shouldn't negatively affect your configuration, leave it as is. Also while general is default, it has a "legacy behavior"mentioning... maybe the current GUI generates this configuration, interesting... :-)
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
