NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Multiple port tagging
Hello,
I have a complicated question so please bare with me for a moment.
I have an ESXi 6.5 host that is running a virtual Sophos UTM 9.4 appliance. I also have a Netgear GS108Ev3 managed switch. I also have some other virtual and physical devices that they don't matter at this moment.
I created a virtual network on ESXi and tagged it with VLAN2.
I created two virtual networks on UTM, both connected to the aforementioned virtual network. One has tag VLAN2, the other does not.
I have enabled VLAN 802.1Q on the GS108Ev3. ESXi gets Untagged, the other physical devices they get Tagged.
The virtual machines attached to the virtual network, are able to communicate with each other no problem.
I left PVID on 1
Problem 1:
I cannot get the physical devices that are on VLAN2 tagged on the switch to communicate with the firewall, but they can communicate with each other
Problem 2 (more or less expected):
From the virtual network that has VLAN2 tagged and also tagged on UTM, i cannot communicate with anything.
I am pretty sure i am doing something wrong but i cannot grasp to what. I was wondering if you guys can think how to fix it.
Since you have confirmed that the PC where the ESXi 6.5 host which runs a virtual Sophos UTM 9.4 appliance is a VLAN-aware device, have you checked if tagging is enabled on the physical LAN adapter of the PC? Kindly check this link as a guide on how to check it on your PC.
Also, kindly post images of your actual network setup that especially shows the PC where the ESXi 6.5 host which runs a virtual Sophos UTM 9.4 appliance is connected to the GS108Ev3.
Regards,
DaneA
NETGEAR Community Team
11 Replies
Hi vasileiosg,
Kindly answer the questions below:
a. Is the PC where the ESXi 6.5 host which runs a virtual Sophos UTM 9.4 appliance a VLAN-aware device?
b. Is the virtual Sophos UTM 9.4 appliance the DHCP server of VLAN 2 on the virtual VLAN 2 network as well as with the physical VLAN 2 network? Or, is there another DHCP server for the physical VLAN 2 network?
c. Since the physical devices on VLAN 2 communicate with each other, I believe that the PVID of VLAN 2 port members is set to 2. How about on the virtual VLAN 2, is the PVID also set to 2?
Regards,
DaneA
NETGEAR Community TeamHi,
thanks for your quick reply!
a) The system is an E6540 laptop with ESXi. I haven't assigned a VLAN on the management port. I don't exactly know what you mean about VLAN aware device.
b) Yes the UTM is the DHCP server for VLAN 2. By the way you gave the question, you make me wonder if i have done something wrong though. I have assigned the VLAN 2 on a virtual machine type instead of a vmkernel. I have a feeling that this is my mistake. Let me look into it and come back to you in a couple of days...
Alright, so i decided to make my life a bit simpler so it is easier.
I connected two physical devices A and B on port 1 and 2 on the switch.
A got 192.168.0.1 (static)
B got 192.168.0.2 (static)
then i went to the switch and did the following:
VLAN > 802.1Q > Advanced > Port PVID
And i changed ports 1 and 2 to PVID 2.
Then i went to VLAN > 802.1Q > Advanced > VLAN Membership and removed any VLAN on those ports except tagging VLAN2.
I then tried to ping the two devices and i could not.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
