NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
GS305E / GS308E VLAN 802.1Q issues
Hi, I'm trying to connect 2 Ethernet Plus switches in series, like this: pfSense <> switch A <> switch B I'm having a real hard time making this work with VLANs and I've been trying for days now. I'...
Hi schumaku, thank you very much for the response. You helped me solve my issue and it turns out I did not select the wrong product for my project, which would have been a shame because I bought a ton of those when the 5-port was only $15 and the 8-port was $28. I think I have over 10 in total, so I would have been bummed out.
The solution is that whichever VLAN is used for management, probably the lowest VLAN ID, in my case I'm using VLAN 1, the PVID of the parent switch of the port that is used to daisy chain them, perhaps called the trunked port or perhaps uplink, it needs to match that VID, so in my case 1, and that's it.
I just tried it by daisy chaining 3 of these switches, each one uses a single ethernet cable between them, and I'm pushing a whole bunch of VLANs all the way through and I'm able to access each of the switches and each of them is getting the IP from the DHCP of VLAN 1, so it is working beautifully, again in large part to what you wrote, so thank you again.
As a tribute to these wonderful switches a picture of my project. Bottom left is my current network which is a rats nest to say the least and at the top right is the new network that I'm building which uses VLANs and will be much better. Once it is done I will start migrating all my things over to the new one.
I can say it's a lot of fun to learn all this stuff and I really enjoy making my own cables too. Makes me feel like I know what I'm doing (even though I'm still a noob) haha.rats nest
To keep this discussion short and overseeable:
1. Most Plus switches (few exceptions only) are built on unmanaged switches, not on managed cores supporting a managed core and for example a proper management VLAN.
2. The device management is implemented (few core functions plus the configuration options on a Web UI) on a simple microcontroller, the complete IP stack, including DHCP, and the Web UI for configurations does work on untagged frames only. This does prohibit implementing a "dummy" management VLAN or using a tagged VLAN for the management or to connect a DHCP server over a tagged connection.
This should (or could) explain all "issues" - simply limitations of the switch design - you experience. This is how it was possible for Netgear (plus some other vendors offering similar products on the market) to implement such a switch for the cost of a naked unmanaged switch. End of the story.
a01 wrote:
Does anybody know what I'm doing wrong or something I can try to further trouble-shoot this?
You selected the wrong switch product for your project.
Hi schumaku, thank you very much for the response. You helped me solve my issue and it turns out I did not select the wrong product for my project, which would have been a shame because I bought a ton of those when the 5-port was only $15 and the 8-port was $28. I think I have over 10 in total, so I would have been bummed out.
The solution is that whichever VLAN is used for management, probably the lowest VLAN ID, in my case I'm using VLAN 1, the PVID of the parent switch of the port that is used to daisy chain them, perhaps called the trunked port or perhaps uplink, it needs to match that VID, so in my case 1, and that's it.
I just tried it by daisy chaining 3 of these switches, each one uses a single ethernet cable between them, and I'm pushing a whole bunch of VLANs all the way through and I'm able to access each of the switches and each of them is getting the IP from the DHCP of VLAN 1, so it is working beautifully, again in large part to what you wrote, so thank you again.
As a tribute to these wonderful switches a picture of my project. Bottom left is my current network which is a rats nest to say the least and at the top right is the new network that I'm building which uses VLANs and will be much better. Once it is done I will start migrating all my things over to the new one.
I can say it's a lot of fun to learn all this stuff and I really enjoy making my own cables too. Makes me feel like I know what I'm doing (even though I'm still a noob) haha.
rats nest
I'm still playing around with this, trying to find rhyme or reason how it works and I can't. I still get it to work but basically I have to try a bunch of different things and then eventually it works.
If anybody else is having trouble with it, here is another thing to try, which has worked for me:
5-port switch (GS305E), factory reset.
First I connected using the static IP. I added VLAN 8, put all ports on 8, all of them tagged except for the first one which I put as untagged. Set all PVIDs to 8. Took all ports off of VLAN 1. Not able to delete VLAN 1 but no ports are configured for it. Then cycled power and plugged port 5 into the pfSense machine. Waited 30 seconds, then plugged the management PC into port 1 (the untagged one). Both the switch and the PC got an IP from VLAN 8.
I took it one step further by adding VLAN 2 and again I added all ports to VLAN 2 in the same way, keeping port 1 untagged and the rest tagged, but I kept all PVIDs at 8. Cycled power and now the PC stayed on VLAN 8 but the switch got switched to an IP from VLAN 2. This again confirms to me that the lowest VLAN number is used to get the IP and regardless of the PVID.
If I didn't succeed, my next step would have been to add a sacrificial switch between the main switch and the pfSense to change over to the desired VLAN. This can be a backup solution. Next I will try it with the 8-port switch, I think it works differently.
I needed to edit my post but wasn't allowed, so I have to reply to it.
With my last configuration what happened was that the switch itself was on VLAN 2 but the PC was on VLAN 8 (because of the PVID). I could no longer access the switch interface.
I took it back to the laptop where I have it set up to use the static IP of the switch (192.168.0.239) and this allowed me to get back in, then I made one change, which is to set up a special port for management. For this I changed port 3 to be untagged for VLAN 2 and I set the PVID to 2. Next I switched it back the way it was with a power-cycle and everything was the same way as before but now when I moved the management PC from port 1 to port 3, it got an IP from VLAN 2 and then I was able to access the switch interface. Note that I had to manually change https to http for it to come up.
There is probably another solution which is to forward the port within pfSense so that the PC on VLAN 8 can talk to the switch on VLAN 2 but the way I have it set up now I don't actually mind it. There will be 2 ports reserved for the PC, one is for normal use and the other one is if I need to manage the switches.
Next I will try it with the 8-port switch.
Now for the 8-port switch. As I had already suspected, it works differently. From a developer point of view I would have kept the 5 and 8 port running the same firmware, just one having 3 ports disabled, and I was under this assumption from day 1 but this is not the case. Despite both even having the same FW version (1.00.11EN for the 8-port).
I configured it the same way as the 5-port. All ports on VLAN 8 tagged, except port 1 VLAN 8 untagged. All PVIDs are 8. All ports removed from VLAN 1. Just like before the management PC got an IP from VLAN 8 but the 8-port switch actually got an IP from the untagged LAN. This is where the 5-port would have gotten an IP from VLAN 8 as well.
Then I did the same change as before, which was to include VLAN 2 and this time the 8-port switch still got an IP from the untagged LAN. The 5-port in this case would have switched to an IP from VLAN 2. The only thing that works the same is that when I switch the PC from port 1 to port 3 (the one set up as the management port), the PC does switch from VLAN 8 to 2 just like the 5-port did, but I still can't access the interface because the switch is on the untagged LAN.
To try and solve this issue I created a fake VLAN that exists only on the switch, VLAN 33. The port that goes to pfSense, which is port 8, is configured as untagged for VLAN 33. I created another management port, which is port 4, which is also untagged on VLAN 33. Then I set the PVID of port 4 also to 33.
This time when I switched the PC to port 4, it came out untagged on port 8 (this was expected despite tagged VLAN 2 and 8 on port 8), and now I was able to access the switch interface. The problem with this is that I don't want anything to use the untagged LAN and when everything is all set and done I will block the LAN and only allow my VLANs. The 8-port switch does not allow me to use a VLAN for it, but the 5-port switch does.
2 more key differences that I noticed:
When doing a factory reset using the reset button, the 5-port switch lights up all LEDs to show when this is done but the 8-port switch has no feedback.
The 5-port switch has an option that is under System->Maintenance->Access Control which lets me set an IP address (and mask?) presumably to only allow management from one PC. I think that's a nice feature and completely missing from the 8-port.
The conclusion is, and I will verify this in my next post, the 8-port switch can still be used for VLANs but it can't be the root switch. A 5-port switch (GS305E) must be used after pfSense/DHCP server and it can translate the untagged LAN from the 8-port switch to the proper management VLAN.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
