NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
GS308T VLAN 802.1Q Tags missing in Egress from switch
I have a GS308T switch connected to two test hosts and a management device assd shown in the diagram.Port 5 is connected to Test Host 1, which is set to VLAN-tag all frames for VLAN ID 102.
Port 6 is connected to Test Host 2, which is VLAN-unaware.
I have configured the VLANs as shown below:
The following scenario seems wrong to me, and is certianly not what I want to happen:
- Test Host 1 sends an ARP to test Host 2.
- This ARP is VLAN-tagged and is only forwarded by the switch to Test Host 2 (good so far)
- Test Host 2 receives the ARP untagged (also good)
- Test Host 2 replies, and the switch forwards the reply only to Test Host 1
- The reply is untagged as it exits the switch (BAD)
tcpdump shows the tagged request and untagged reply on the same interface of Test Host 1. Can anyone explain how to get the switch to output tagged frames? I want this so I can use my VM infrastructure and/or linux virtual interfaces to assign traffic to VLANs.
I've tried using more relaxed ingress filtering policies, but the issue is the lack of tags on the packets, not that I want them to be dropped. In all my experimentation so far, I am unable to generate a config that results in the switch transmitting 802.1q tagged packets to a host.
The issue was that windows removed VLAN tags from incoming packets before handing them to VMs.
The switch is fine, I just made the mistake of assuming that virtualization would bypass the VM Host's network stack.
4 Replies
Replies have been turned off for this discussion
Test host 1 is on g5 and using tagged frames for VLAN 101 and 102?
Test host 2 is on g3 for VLAN 101, respectively g6 for VLAN 102?
g3 is not connected to anything, but Test Host 2 is on g6.
g5 (Test Host 1) is tagged on 101,102
- Test Host 1 is configured to transmit tagged frames
g6 (Test Host 2) is untagged on 102
- Test Host 2 expects/transmits untagged frames
Here's the table (since images aren't working in the post).
Interface PVID VLAN member VLAN Tag Acceptable Frame Ingress Filtering Current Ingress Filtering Untagged VLANs Tagged VLANs Forbidden VLANs Dynamic VLANs Port Priority g1 1 1 None Admit All Enable Enable 1 None None None 0 g2 1 1 None Admit All Enable Enable 1 None None None 0 g3 101 101 None Admit Untagged Only Enable Enable 101 None None None 0 g4 1 1 None Admit All Enable Enable 1 None None None 0 g5 1 101-102 101-102 VLAN Only Enable Enable None 101-102 None None 0 g6 102 102 None Admit Untagged Only Enable Enable 102 None None None 0 g7 1 1 None Admit All Enable Enable 1 None None None 0 g8 1 1 None Admit All Enable Enable 1 None None None 0 The switch config looks perfectly fins - nothing complex. The test result however is certainly showing a problem, I would expect this packet to be tagged on it's way out, too.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
