NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
GS305E Trunking tagged and untagged vlans
Hi there.
I recently purchased a GS308EPP. In basic 802.1Q mode, I temporarily used it to connect:
- (V)lan 1 (default Lan): still a few controlling/managing devices;
- Vlan 20 : Data; and
- Vlan 30: IoT.
In short, a managing device (ethernet or wifi) can pilot an IoT device and access to Data directly or thru IoT âś…đź‘Ś
I need to move the GS308EPP to the projected location to power up a WAX628 amongst others.
So I thought that the GS305E would be sufficient to switch the default (v)lan and 2 vlans above.
❌ However none of the basic or advance 802.1Q works with same connectivity.
- IoT devices have internet access; but cannot reach Data anymore.
- Data devices can be reached from default Lan but not in IoT.
- Lan device can access Data directly and thru the app piloting IoT device, but IoT cannot receive Data (per above).
First I thought of a Firewall issue and expressly set a rule to connect these devices. But not result - and it was not necessary with GS308epp.
Reading the forum on this product, I tried to understand what I did wrongly. So would really appreciate any correction on this setup. Many thanks !
16 Replies
Provide a screenshots of
- Advanced VLAN Configuration, and
- for each VLAN ID - the Advanced VLAN Membership, plus
- the Advanced PVID
Insert as inline photos in the community system, in full size
It sounds like the GS305E isn’t handling VLANs the same way as the GS308EPP, which is causing your inter-VLAN communication issues. While both support 802.1Q VLAN tagging, the GS305E has limited VLAN management features compared to the GS308EPP. This is likely why:
IoT devices can access the internet but can’t reach the Data VLAN.
Inter-VLAN routing or proper VLAN isolation is not behaving as expected.
The GS305E might not be properly tagging/untagging VLANs or forwarding traffic across VLANs like the GS308EPP does.
Even with firewall rules in place, if the switch doesn’t handle VLAN tagging correctly, traffic won’t route as intended. You may need to either go back to the GS308EPP or use a more advanced switch that properly supports VLAN trunking and inter-VLAN communication for your setup.
Hi fzmuhammad and thanks! that's my fear tbh, but I think I have missed a setup parameter and perhaps someone will catch it here.
barreaudb two things I don't understand:
- You talk of a firewall and an AP, but only one port seems to be configured as a correct trunk config - for your use case, I tend to suspect at least two ports with proper trunks.
- What is the idea of overloading the config with more than one VLAN ID as tagged? This is a guarantee for a nightmare. Sure, on a few switch platforms, the so called Asymmetric Switching was sometimes possible (with an additional control, as the switch must support that) - but most decent switches don't support this feature anymore. What does partially work in your case (on both switches when I get you right) is some kind of that.
Since no Netgear Plus Switches (new naming Easy Smart Managed Essential Switches) are supporting IPv4 "routing" - and I doubt you are keen to deal with complex ACL to create some firewall functionality - better handle the IP routing and firewall handling on some more sophisticated firewall system with some fancy customer friendlier controls.
Keep us posted how this works out.
Regards,
-Kurt.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
