NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Odd VLAN behavior?
I'm having a vendor install a suite of security products from Verkada and will be placing the equipment on its own VLAN (VLAN42). My setup is as follows: Comcast Router >> Dumb Switch >> Two (2) ...
With only the [U]ntagged - and only that single VLAN config (no other [U]ntgged VLANs associated, and no [T]gged unless required) - on that single port for VLAN 42 (and the PVID 42 so the switch does assign untagged frames to the VLAN intended) this will work as intended.
Nothing that stops the network admin from using one VLAN untagged on all trunks, here VLAN1 for example.
Rneal1973 wrote:
Switch C:
Port1: Endpoint; VLAN42 tagged/untagged (should be an untagged access port, see below).
Port24: VLAN1 untagged, VLAN42 tagged
--- I'm just terribly confused as to WHY it's not working if the port is untagged.
Reading another post, I thought I figured it out, and a working configuration at our other location would suggest this to be the case, where the PVID of the port should be the VLAN, in this case 42.
The problem here appears to be the overloaded config for what is supposed to be the access port 1 on switch C serving the end point.
Ensure it's -only- [U]ntagged for VLAN 42 along with the PVID 42.
This is why I'm always pointing out - along with the ubiquitous PVID - that the same VLAN should not be carried as [T]agged -and- [U]ntagged on a single port-
On a side note, these are all Smart Managed switches, so I'll suggest moderator moving this thread to the Plus And Smart Switches Forum for discussing Smart Switches (T) and Plus Switches (E), including Local and Remote Management.
Regards,
-Kurt.
Thank you for the response, Kurt!
I probably muddied the waters a bit...
What I was attempting to explain was I can seemingly only get it working if I tag the port as VLAN42. Everything tells me on an access port, it should be untagged. But the behavior thus far has been if I leave it untagged, the device, whether it be my Surface, or the POE camera, is unable to obtain an IP. If I put VLAN1 on the port, untagged, both devices are able to get an IP from our main LAN & DHCP scope. If my post read as if the port was both tagged and untagged on VLAN42 simultaneously (is that even possible?), that's not the case.
I was trying to express I've tried the port in both configurations, and I can only get an IP (on my Surface) if I tag the port for VLAN42, and also configure my NIC as VLAN42. However, while this solution technically could work, I can't set a VLAN tag on the POE cameras. But I did overlook setting the PVID on the port to VLAN42. I'm heading to the office now to give it a try.
Thanks again!
With only the [U]ntagged - and only that single VLAN config (no other [U]ntgged VLANs associated, and no [T]gged unless required) - on that single port for VLAN 42 (and the PVID 42 so the switch does assign untagged frames to the VLAN intended) this will work as intended.
I'm currently at our main location where conceptually the same thing applies.
Got it working based on your recommendations.
Overlooking PVID was the main culprit, but it was an "exercise" nonetheless.
Connected to switch C, started to have similar issues.
So, I decided to "walk down," each switch to find the issue...
Can I get on VLAN41 from Switch A? Yes.
Can I get on VLAN41 from Switch B? Yes.
Can I get on VLAN41 from Switch C? No.
Ok, so Switch C is the issue, what is it? Don't have the LAG setup between Switch C & B yet (waiting for SFP sockets) so just using a single port to temporarily connect the switches. Oops! Tagged the wrong trunk port on Switch C!
All is well now, thanks again!
Confirmed performing the same steps with the PVID resolved the issue where this originally started at our other location using VLAN42. 😁
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
