NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
GS305E / GS308E VLAN 802.1Q issues
Hi, I'm trying to connect 2 Ethernet Plus switches in series, like this: pfSense <> switch A <> switch B
I'm having a real hard time making this work with VLANs and I've been trying for days now. I'm trying to use VLANs only and I can never reach switch B.
On pfSense I have the standard [untagged] LAN plus VLAN 1 and VLAN 8, along with any to any rules for each interface.
Starting with switch A after a factory reset, latest FW 1.0.0.11, it has 5 ports, I have port 5 plugged in to pfSense and port 4 plugged in to a PC that I'm using to manage everything (switch B not plugged in yet). After power-up I get an IP from the LAN. So far so good.
I start by adding VLANs 1 and 8. I also add dummy VLANs 501, 502, 503, and 505.
My plan is to use port 1 to connect to switch B.
Port 2 and 3 won't be used so I set each of them to their respective dummy VLANs 502 and 503, including the PVID.
The next thing I do is configure VLAN 1. I set port 1 and 5 to be tagged, and port 4 to be untagged.
I do not want to accept any untagged traffic on port 1 and 5 so I set those to their respective dummy VLANs, including the PVID.
The only port now that can handle untagged traffic is port 4, which connects to the PC, and it has PVID 1 and is configured for untagged VLAN 1.
I configure VLAN 8 to be tagged on port 1 and 5.
I reboot the switch, and as expected now instead of getting an IP from the LAN I'm getting an IP from VLAN 1.
Btw. it looks like to get an IP, the switch first tries untagged and then tries the tagged ports, starting with the lowest VLAN ID. If I had VLAN 3 and I didn't have 1, then it would get an IP from VLAN 3 instead.
Now I go ahead and plug in switch B.
The connection is switch A, port 1 to switch B port 1.
Switch B has already been configured at this point, as follows:
Port 1 goes to switch A, port 2 is empty but I will pretend it goes to the next thing. Ports 3 to 8 are not used.
For VLAN 1 and 8 I configured port 1 to be tagged and port 2 to be untagged.
I put the unused ports 3 to 8 on dummy VLAN 500, including the PVID.
Port 2 doesn't have anything plugged in so it shouldn't matter what the PVID is, so I kept it as 1.
I disabled untagged traffic on port 1 by adding it to dummy VLAN 601.
To summarize for switch B, the only port that is plugged in is port 1, which belongs to VLAN 601-U, 1-T, and 8-T, with PVID 601.
Switch B should be able to get an IP from DHCP on VLAN 1 or on VLAN 8 but it doesn't and it is unreachable.
Even if I set the PVID from switch B, port 1 to be 1, it makes no difference.
Why doesn't it get an IP address?
In summary: pfSense VLAN 1 <> port5,vlan1-T,switch-A,vlan1-T,port1 <> port1,vlan1-T,switch-B
I take it one step further and assign a static IP by the DHCP of VLAN 1 and I assign the same static IP in switch B, but I still can't reach it.
Does anybody know what I'm doing wrong or something I can try to further trouble-shoot this?
Hi schumaku, thank you very much for the response. You helped me solve my issue and it turns out I did not select the wrong product for my project, which would have been a shame because I bought a ton of those when the 5-port was only $15 and the 8-port was $28. I think I have over 10 in total, so I would have been bummed out.
The solution is that whichever VLAN is used for management, probably the lowest VLAN ID, in my case I'm using VLAN 1, the PVID of the parent switch of the port that is used to daisy chain them, perhaps called the trunked port or perhaps uplink, it needs to match that VID, so in my case 1, and that's it.
I just tried it by daisy chaining 3 of these switches, each one uses a single ethernet cable between them, and I'm pushing a whole bunch of VLANs all the way through and I'm able to access each of the switches and each of them is getting the IP from the DHCP of VLAN 1, so it is working beautifully, again in large part to what you wrote, so thank you again.
As a tribute to these wonderful switches a picture of my project. Bottom left is my current network which is a rats nest to say the least and at the top right is the new network that I'm building which uses VLANs and will be much better. Once it is done I will start migrating all my things over to the new one.
I can say it's a lot of fun to learn all this stuff and I really enjoy making my own cables too. Makes me feel like I know what I'm doing (even though I'm still a noob) haha.rats nest
8 Replies
To keep this discussion short and overseeable:
1. Most Plus switches (few exceptions only) are built on unmanaged switches, not on managed cores supporting a managed core and for example a proper management VLAN.
2. The device management is implemented (few core functions plus the configuration options on a Web UI) on a simple microcontroller, the complete IP stack, including DHCP, and the Web UI for configurations does work on untagged frames only. This does prohibit implementing a "dummy" management VLAN or using a tagged VLAN for the management or to connect a DHCP server over a tagged connection.
This should (or could) explain all "issues" - simply limitations of the switch design - you experience. This is how it was possible for Netgear (plus some other vendors offering similar products on the market) to implement such a switch for the cost of a naked unmanaged switch. End of the story.
a01 wrote:
Does anybody know what I'm doing wrong or something I can try to further trouble-shoot this?
You selected the wrong switch product for your project.
Hi schumaku, thank you very much for the response. You helped me solve my issue and it turns out I did not select the wrong product for my project, which would have been a shame because I bought a ton of those when the 5-port was only $15 and the 8-port was $28. I think I have over 10 in total, so I would have been bummed out.
The solution is that whichever VLAN is used for management, probably the lowest VLAN ID, in my case I'm using VLAN 1, the PVID of the parent switch of the port that is used to daisy chain them, perhaps called the trunked port or perhaps uplink, it needs to match that VID, so in my case 1, and that's it.
I just tried it by daisy chaining 3 of these switches, each one uses a single ethernet cable between them, and I'm pushing a whole bunch of VLANs all the way through and I'm able to access each of the switches and each of them is getting the IP from the DHCP of VLAN 1, so it is working beautifully, again in large part to what you wrote, so thank you again.
As a tribute to these wonderful switches a picture of my project. Bottom left is my current network which is a rats nest to say the least and at the top right is the new network that I'm building which uses VLANs and will be much better. Once it is done I will start migrating all my things over to the new one.
I can say it's a lot of fun to learn all this stuff and I really enjoy making my own cables too. Makes me feel like I know what I'm doing (even though I'm still a noob) haha.rats nest
I'm still playing around with this, trying to find rhyme or reason how it works and I can't. I still get it to work but basically I have to try a bunch of different things and then eventually it works.
If anybody else is having trouble with it, here is another thing to try, which has worked for me:
5-port switch (GS305E), factory reset.
First I connected using the static IP. I added VLAN 8, put all ports on 8, all of them tagged except for the first one which I put as untagged. Set all PVIDs to 8. Took all ports off of VLAN 1. Not able to delete VLAN 1 but no ports are configured for it. Then cycled power and plugged port 5 into the pfSense machine. Waited 30 seconds, then plugged the management PC into port 1 (the untagged one). Both the switch and the PC got an IP from VLAN 8.
I took it one step further by adding VLAN 2 and again I added all ports to VLAN 2 in the same way, keeping port 1 untagged and the rest tagged, but I kept all PVIDs at 8. Cycled power and now the PC stayed on VLAN 8 but the switch got switched to an IP from VLAN 2. This again confirms to me that the lowest VLAN number is used to get the IP and regardless of the PVID.
If I didn't succeed, my next step would have been to add a sacrificial switch between the main switch and the pfSense to change over to the desired VLAN. This can be a backup solution. Next I will try it with the 8-port switch, I think it works differently.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
