NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
GS108PEv3 issues with management network and tagging vlans.
I am currently having issues with a newly purchased GS108PEv3 and accessing the management interface while having multiple tagged vlans..
General Information:
VLAN1 (untagged) 10.0.10.0/24, untagged on all ports
VLAN101: 10.0.101.0/24, tagged port 7,8
VLAN102: 10.0.102.0/24, tagged port 7,8
VLAN103: 10.0.102.0/24, tagged port 7,8
VLAN104: 10.0.102.0/24, tagged port 7,8
VLAN105: 10.0.102.0/24, tagged port 7,8
VLAN106: 10.0.102.0/24, tagged port 7,8
VLAN107: 10.0.102.0/24, tagged port 7,8
VLAN108: 10.0.102.0/24, untagged port 2, tagged port 7,8
VLAN999: Work phone network, not sure on addressing, private network for work vpn, untagged port 1
Switch installed at desk
port 1: Work phone network
port 2: Office Camera
port 3: Desktop PC
port 7: downlink to switch-garage, untagged vlan1, tagged vlan101-108,vlan999
port 8: uplink to udm pro, untagged lvan1, tagged vlan101,108,vlan999
The problem I'm running into with the above setup is this
udm pro port 7 (downlink to netgear switch) untagged 1, tagged 101-108,999
all devices work correctly but pings consistently drop to netgear management interface, can barely open webui, and fails more times than not.
if I change udm pro port 7 config to only untagged 1 the netgear management interface now works perfectly and no pings drop.
what I think is happening:
the netgear management interface is trying to live on all vlan interfaces
Why: I configured my Desktop PC on port 3 to untagged vlan108 and changed the pvid to 108. without renewing my dhcp lease (so still on 10.0.10.0/24 network I could still ping 10.0.10.237 (netgear management ip). but could not access the rest of my network. This should not happen, the netgear management ip should not be available on vlan108, only vlan1. once I renewed my lease and got a 10.0.108.0/24 ip address pings to 10.0.10.237 started to drop and be sporadic again.
4 Replies
I assume that this 10.0.102.0/24 subnet in so many VLANs is just a typo and you have distinctive subnets in each VLAN. If not, I’m out of this.
Your configuration looks almost fine to me. However, it was difficult for me to understand it because you said “tagged vlans.” Why? Well, you do not tag/untag VLANs. It is quite opposite. You mark certain ports as tagged or untagged when you add them to a VLAN. Basically, you add a port to a VLAN and indicate whether it expects tagged or untagged frames from a device connected to it.
You have Ports 7 and 8 as uplink/down links and their definitions look fine to me, but only if their PVIDs are set to 1. Most of VLAN issues I have seen and I have had myself were caused by wrong PVID! You also need to make sure that the ports on the other side of the links are defined exactly the same way.
Then, you have ports where your end-point devices are connected to. Unless you use some other ways of VLAN assignments, these ports should be members of just one and only one(!) VLAN and their PVID should be set to the VID of the corresponding VLANs. Therefore, you should remove these ports from VLAN 1 to avoid any issue and confusion. What you have observed is something I would’ve expected since you made Port 3 an untagged member of both VLAN 1 and 108.
If I understand your configuration correct, the routing among VLANs is done by the router. So providing all VLAN definitions are correct, if there are still any issues with it, I would look for a cause of it on the router’s side.
Yep, sorry doesn't look like I can edit now and was doing a lot of copy and pasting in original post, all networks are independent and not on the same ip address scheme.
ex: VLAN101 = 10.0.101.0/24 VLAN102 = 10.0.102.0/24 and so forth.
ports 7 and 8 do have pvid's of 1 with vlan 1 untagged and other vlans tagged
vlan 1 is removed from any ports that have a specific vlan assignment, so ports 1 and 2 do not have vlan 1 marked as untagged or tagged.
switches on other side are configured the same way with an untagged vlan 1 and tagged 101-108,999
ex:
interface 48
name "garage switch to netgear"
tagged vlan 100-108,999
untagged vlan 1
exitas for the port 3 thing I might not of been clear, I changed port 3 from vlan 1 to vlan 108 (removed it from untagged vlan 1, and changed it's pvid to 108)
Also, when experiencing some “erratic” network behavior, I would suspect a broadcast storm due to a network loop or multicasting without control of it. While investigating the issue, I would reduce the number of connections to bare minimum and expand the network gradually observing the impact.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
