NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

sentur's avatar
sentur
Tutor
Oct 18, 2023
Solved

Help setting VLANs on Netgear GS908E switch? Not receive an IP in the correct VLAN tagged IP range

I'm trying to set up VLAN tags on a Netgear GS908E switch. But I'm either not understanding or getting something very wrong.   Here's a network diagram. VLAN tags are set on my gateway Unifi UDR. T...
Troubleshooting
  • schumaku's avatar
    schumaku
    Oct 18, 2023
    sentur wrote:
    1. UDM is managing the IoT VLAN and all other VLANs for that matter.
      1. It’s doing Gateway / Router / VLAN tag and network management and DHCP for all VLANs.
      2. UDM (LAN Port 2) is connected to Negear switch (LAN Port 1)
    1.  

    You must understand and know how your UDM is is configured providing the VLAN 1 and 20 on what becomes the trunk port for the GS908E. If you can connect a computer to this port, and you get DHCP from what is serving the VLAN 1, it's most likely not tagged. .

     

    sentur wrote:

    I think this is correct?

    1. VLAN ID 1:
      1. Tagged → Ports 1, 2, 4, 6, 7, 8
      2. Exclude → Ports 3, 5
    2. VLAN ID 20: IoT
      1. Tagged → Ports 3, 5
      2. Exclude → Ports 1, 2, 4, 6, 7, 8

    Why oh why you changed all 1..8 to be tagged? It's only the trunk where you carry multiple VLANs which is all tagged (or one VLAN runs untagged). 

     

    1. VLAN ID 1:
      1. Tagged → Ports 1 .. under the assumption the VLAN 1 is delivered as tagged. This is the de-facto standard for trunk links carrying multiple VLANs. It could be also used untagged for VLAN 1 with the PVID set to 1. 
      2. Untagged as access ports → 2, 4, 6, 7, 8 with PVID set to 1
      3. Exclude → Ports 3, 5
    2. VLAN ID 20: IoT
      1. Tagged → Ports 1 ... this will be your uplink carrying the trunk of VLAN 1 and VLAN 20?
      2. Untagged → Ports 3, 5 with PVID set to 20 ... 
      3. Exclude → Ports 1, 2, 4, 6, 7, 8

    In general, I tent to suggest some "logical" port organization. Port 1 VLAN Trunk uplink, port 2...6 access ports for standard LAN 1, port 7, 8 access ports for IoT.

     

    sentur wrote:

    What’s the difference between Untagged and Excluded?

    Excluded means the port is not participating in that VLAN.

    Untagged means the frames leaving the switch on this post are untagged -and- the PVID defines the VLAN incoming untagged frames are assigned to.

schumaku's avatar
schumaku
Guru - Experienced User
Oct 18, 2023

Dear Julius,

 

What is the intention having port 3 and 5 untagged to VLAN 20?

 

1. What is handling the IoT VLAN, how is this VLAN 20 data and IP subnet? The uneducated reader does guess it's your UDM. However, it appears the uplink to the UTM is excluded for the VLAN 20 ... where I would expect it's provided tagged. Otherwise your VLAN 20 and it's 192.168.20.0/24 subnet does never come to your FireTV (or the other TV).

 

2. If untagged frames coming in on port 3 and 5 needs to go the IoT VLAN 20, so don't forget to define the PVID for these two ports for the VLAN ID 20.

 

3. Why are port 3 and 5 also configured to Untagged and VLAN 1? A mess is predictable my friend. This is where your 192.168.0.0/24 DHCP is leaking in. Set these two ports where you intend to connect your IoT devices access ports to not participating neither the VLAN 1 nor any other (except of the IoT VLAN 20) port.

 

VLANing is as simple as 1-2-3 - however, there are many traps and errors easily possible, I guess overwhelmed by the complexity of UTM, missing some basics. Not an issue specific to the Netgear GS908E.

 

Regards,

-Kurt

  • sentur's avatar
    sentur
    Tutor
    Oct 18, 2023

    Thanks Kurt.

    1. UDM is managing the IoT VLAN and all other VLANs for that matter.
      1. It’s doing Gateway / Router / VLAN tag and network management and DHCP for all VLANs.
      2. UDM (LAN Port 2) is connected to Negear switch (LAN Port 1)

    What’s the difference between Untagged and Excluded?

    I think this is correct?

    1. VLAN ID 1:
      1. Tagged → Ports 1, 2, 4, 6, 7, 8
      2. Exclude → Ports 3, 5
    2. VLAN ID 20: IoT
      1. Tagged → Ports 3, 5
      2. Exclude → Ports 1, 2, 4, 6, 7, 8

    • schumaku's avatar
      schumaku
      Guru - Experienced User
      Oct 18, 2023
      sentur wrote:
      1. UDM is managing the IoT VLAN and all other VLANs for that matter.
        1. It’s doing Gateway / Router / VLAN tag and network management and DHCP for all VLANs.
        2. UDM (LAN Port 2) is connected to Negear switch (LAN Port 1)
      1.  

      You must understand and know how your UDM is is configured providing the VLAN 1 and 20 on what becomes the trunk port for the GS908E. If you can connect a computer to this port, and you get DHCP from what is serving the VLAN 1, it's most likely not tagged. .

       

      sentur wrote:

      I think this is correct?

      1. VLAN ID 1:
        1. Tagged → Ports 1, 2, 4, 6, 7, 8
        2. Exclude → Ports 3, 5
      2. VLAN ID 20: IoT
        1. Tagged → Ports 3, 5
        2. Exclude → Ports 1, 2, 4, 6, 7, 8

      Why oh why you changed all 1..8 to be tagged? It's only the trunk where you carry multiple VLANs which is all tagged (or one VLAN runs untagged). 

       

      1. VLAN ID 1:
        1. Tagged → Ports 1 .. under the assumption the VLAN 1 is delivered as tagged. This is the de-facto standard for trunk links carrying multiple VLANs. It could be also used untagged for VLAN 1 with the PVID set to 1. 
        2. Untagged as access ports → 2, 4, 6, 7, 8 with PVID set to 1
        3. Exclude → Ports 3, 5
      2. VLAN ID 20: IoT
        1. Tagged → Ports 1 ... this will be your uplink carrying the trunk of VLAN 1 and VLAN 20?
        2. Untagged → Ports 3, 5 with PVID set to 20 ... 
        3. Exclude → Ports 1, 2, 4, 6, 7, 8

      In general, I tent to suggest some "logical" port organization. Port 1 VLAN Trunk uplink, port 2...6 access ports for standard LAN 1, port 7, 8 access ports for IoT.

       

      sentur wrote:

      What’s the difference between Untagged and Excluded?

      Excluded means the port is not participating in that VLAN.

      Untagged means the frames leaving the switch on this post are untagged -and- the PVID defines the VLAN incoming untagged frames are assigned to.

      • sentur's avatar
        sentur
        Tutor
        Oct 18, 2023
        1. VLAN ID 1:
          1. Tagged → Ports 1 .. under the assumption the VLAN 1 is delivered as tagged. This is the de-facto standard for trunk links carrying multiple VLANs. It could be also used untagged for VLAN 1 with the PVID set to 1. 
          2. Untagged as access ports → 2, 4, 6, 7, 8 with PVID set to 1
          3. Exclude → Ports 3, 5
        2. VLAN ID 20: IoT
          1. Tagged → Ports 1 ... this will be your uplink carrying the trunk of VLAN 1 and VLAN 20?
          2. Untagged → Ports 3, 5 with PVID set to 20 ... 
          3. Exclude → Ports 1, 2, 4, 6, 7, 8

        Thank you. This makes a lot more sense to me now. As to what needs to be tagged and untagged in each of the VLANs.

        Thank you for taking the time to explain it schumaku 

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More