NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Can't get VLAN's working across uplink between GS110EMX switches
We have two GS110EMX switches, one each at opposite ends of a satellite office, using port 10 to provide a 10Gbe uplink between the two. On switch number 1, Port 9 is used for services by a 10Gbe NIC on an office NAS on one switch, and on switch nunber 2 port 9 is used for a video editing workstation. The remaining 1gbe ports have workstations and wifi access points attached, as well as admin interfaces for the NAS and firewall.
It works fine as a flat topology, and tagged and untagged VLAN traffic works as expected within a single switch, but I cannot find a setting in the "advanced" VLAN section that actually allows VLAN tagged traffic to traverse the uplink from switch 2 to devices connected to switch 1.
Currently I have just two VLANs,1 and 50. Port 10 is set for PVID 1, untagged VLAN 1, tagged vlan 50 on both switches. If I plug into a port that allows tagged 50 on switch 1 and ping the management interface for the NAS on port 7 that is also on tagged vlan 50, it works. If I plug into a port that supports tagged vlan 50 on switch 2 and attempt to ping the same NAS management interface, it fails.
Well, it's almost always somethign stupid and obvious. In the process of setting up a second client per your suggestion, I discovered that the uplink and 10G workstation connections got swapped so there is no surprise as to why there was no VLAN 50 tagged traffic was not passing. Argh. Thanks for the assist, at least it made me re-check something that helped me figure it out.
5 Replies
Replies have been turned off for this discussion
Netgear does confusingly push four VLAN configuration variants on these routers Web UI - be reminded only use the same each and every time. This applies to all Netgear Smart Managed Plus / Click / Gaming / Gaming Pro and Smart Managed Pro / Insight Managed series.
This is all you should ever use for a real world 802.1Q config:
VLAN -> 802.1Q -> Advanced -> VLAN Configuration / VLAN Membership / Port PVID
Here an example - Port 10 is used as a Trunk, VLAN ID 1 and VLAN ID 10 are configured tagged. That's all (put the PVID e.g. to PVID 1 or a "catch all" if you might not want untagged (and unwaned) traffic on a trunk. Port 1..9 serve VLAN ID 1 untagged access ports, Port #8 is used as a dedicated access port for VLAN 250, Port #1 does also carry VLAN 250 tagged. No rocket science.
Username000 wrote:On switch number 1, Port 9 is used for services by a 10Gbe NIC on an office NAS on one switch, and on switch nunber 2 port 9 is used for a video editing workstation.
... but I cannot find a setting in the "advanced" VLAN section that actually allows VLAN tagged traffic to traverse the uplink from switch 2 to devices connected to switch 1.
Currently I have just two VLANs,1 and 50. Port 10 is set for PVID 1, untagged VLAN 1, tagged vlan 50 on both switches.
If I plug into a port that allows tagged 50 on switch 1 and ping the management interface for the NAS on port 7 that is also on tagged vlan 50, it works. If I plug into a port that supports tagged vlan 50 on switch 2 and attempt to ping the same NAS management interface, it fails.Wait. Unless your NAS and/or the worksation (or wireless AP, ...) does support multiple interfaces with tags, a normal NAS or Worksation wiht a flat interface does always connect to an purt configured for untagged VLAN. See the example above - the VLAN ID 250 does run tagged on a trunk (Port #10), while the same VLAN 250 can be accessed on port #8.
The very similar config does run on two GS110EMX by the way - and the main intention is very similar to your VLAN 50 - having a second VLAN (here the ID 250) available direct on the Port #8 (Need dedicated GbE only, Note: VLAN ID 250 Untagged on both ends, PVID 250, no memeber of the VLAN ID 1), while the trunk does run the VLAN ID 250 tagged.Suspect just the underlined part of your config is wrong, this should be Untagged for your VLAN 50, PVID 50, and _no_ membership for VLAN ID 1.
This is your VLAN 50 :
NAS <-> #9 VLAN 50 [U]ntagged, PVID 50, VLAN 1 [ ]nomember <-> #10 Trunk with VLAN ID 50 [T]agged <-trunk-link-> #10 Trunk with VLAN ID 50 [T]agged <-> #9 VLAN 50 [U]ntagged, PVID 50, VLAN 1 [ ]nomember <-> Video Workstation
This is your VLAN 1:
Firewall, others, ... <-> #1..#8 VLAN 1 [U]ntagged, PVID 1, VLAN 50 [ ]nomember <-> #10 Trunk with VLAN ID 1 [T]agged <-trunk-link-> #10 Trunk with VLAN ID 1 [T]agged <-> #1..9 VLAN 1 [U]ntagged, PVID 1, VLAN 50 [ ]nomember <-> othersYeah I have a lot of stacked M4300's etc at other sites, these much smaller switches leave a lot to be desired. I use separate physical interfaces on the NAS and ASA for management and I don't want to get into that aspect of the setup as it is not relevant to the issue at hand except to say that they exist.
In the attached graphic, switch 1 is on top, switch 2 is on the bottom.
If I plug in a laptop configured for VLAN 50 to port 5 on Switch 2 and ping a device on port 2 Switch 1 and get no response. If I unplug the laptop with it still attempting to ping and carry it to switch 1, then plug into port 5 on switch 1, it gets responses.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
