Tagged VLAN not working on a GS324T

Question

Hi all,&nbsp;I have a peculiar problem that has made me pull my hair out for quite some time.The setup is easy: A Sophos firewall has 3 VLANs defined next to the default VLAN. We have a trunk from the Sophos firewall to the Netgear GS234T switch (on the latest firmware, 1.0.0.38) with VLAN1 untagged and the other VLAN tagged. Then there is another port with the same VLANs tagged and untagged that connects to the next switch. This switch also has the same tagging and untagging going on to precisely match things.When we connect a device to this last switch, we cannot ping or scan it.&nbsp;When we remove the last switch, replace it by this device and change the port on the Netgear to untagged for the VLAN we are testing with, we can succesfully ping it.&nbsp;So it seems the tested VLAN is present on the Netgear switch, otherwise we could not ping when using this VLAN's untagged port.&nbsp;But as soon as we add another switch and we go from untagged to tagged, things fail. We tried another switch for the last one in the chain, to no avail.We do see the devices MAC in the Mac Address Table, proving to me that there is some sort of connection in between the Netgear switch and the next one.&nbsp;What could be happening here? I know for a fact we need tagging. I'm now in the middle of studying the 365-page manual but I would like your ideas on this,&nbsp;Cheers,&nbsp;BC&nbsp;

DaneA · Answer

bcnx,

&nbsp;

Welcome to the community! :)&nbsp;

&nbsp;

What is the model/brand of the next switch connected to the&nbsp;GS234T?&nbsp; Is it also a&nbsp;GS234T?

&nbsp;

The ports connecting the GS324T and the next switch should be tagged with a PVID of 1.&nbsp;

&nbsp;

Also, be informed that you can daisy chain or cascade&nbsp;a number of&nbsp;switches since there is no limit on it. &nbsp;However, the good practice would be up to 2-3 switches daisy chained. &nbsp;Its because the more switch that you daisy chain will add latency on the network. &nbsp;

&nbsp;

Regards,

&nbsp;

DaneA

NETGEAR Community Team

bcnx · Answer

Hi&nbsp;DaneA&nbsp; ,&nbsp;We've tried an HP Aruba and a TPLink switch.&nbsp;Taqgging with a PVID: we have the problem on the VLANs not tagged by 1. Will tagging with PVID 1 help us in that case? Also, it was my understanding that the default VLAN 1 should never be tagged, correct?&nbsp;We are currently only daisychaining 2 switches so I think we should be alright there,&nbsp;Cheers for your input!&nbsp;BC

schumaku · Answer

bcnx&nbsp;wrote:
Taqgging with a PVID: we have the problem on the VLANs not tagged by 1. Will tagging with PVID 1 help us in that case?

If you want the VLAN 1 untagged, the PVID on these ports must be set to PVID 1, too. This is not about taging the VLAN 1. SImilar of you configure other VLAN access ports (only one of course), the VLAN x and the PVID must be set to x, too.
&nbsp;
The PVID does define the VLAN incoming frames are assigned to.
&nbsp;
If you configure a different PVID thant the [U]ntaged VLAN, you create some kind of asymmetrical VLAN config, the untagged inboud frames will go to the wrong VLAN - obviously, the VLAN 1 [U]ntagged can't work in a transparent way.
&nbsp;
bcnx&nbsp;wrote:
Also, it was my understanding that the default VLAN 1 should never be tagged, correct?

For simplicity, it's a good policy to run the primary VLAN untagged.
&nbsp;
&nbsp;

bcnx · Answer

Hi again,schumaku&nbsp;wrote:bcnx&nbsp;wrote:Taqgging with a PVID: we have the problem on the VLANs not tagged by 1. Will tagging with PVID 1 help us in that case?If you want the VLAN 1 untagged, the PVID on these ports must be set to PVID 1, too. This is not about taging the VLAN 1. SImilar of you configure other VLAN access ports (only one of course), the VLAN x and the PVID must be set to x, too.&nbsp;It was my understanding that the PVID is a setting for tagging frames that enter the switch without tagging ID and that you use it for untagged ports. However, I'm not sure how this will help for the traffic on the other VLAN (60) which we need to work. Even more, PVID equal to 1 is the default setting and things did not work with that setting.&nbsp;&nbsp;&nbsp;The PVID does define the VLAN incoming frames are assigned to.Exactly, but how does this relate to tagged traffic on a trunk port for another VLAN?&nbsp;If you configure a different PVID thant the [U]ntaged VLAN, you create some kind of asymmetrical VLAN config, the untagged inboud frames will go to the wrong VLAN - obviously, the VLAN 1 [U]ntagged can't work in a transparent way.&nbsp;That is how I understand it. Mind you, using the trunk port as an untagged port for the VLAN we like to contact to, did start working when the PVID was set to that particular VLAN. But that was just a test, we need a trunk connection for all VLANs, se we tagged the uplink/trunk port for all VLANs except for the default VLAN which remains untaged.&nbsp;bcnx&nbsp;wrote:Also, it was my understanding that the default VLAN 1 should never be tagged, correct?For simplicity, it's a good policy to run the primary VLAN untagged.&nbsp;Exactly, that is what we do. And PVID has always been set to 1, yet VLAN 60, which is tagged, does not work in combination with another switch. It's still a mystery as to why, both switches have a tagged port for VLAN 60.&nbsp;Thanks for your input!&nbsp;BC&nbsp;

schumaku · Answer

Afraid, have no GS324T switch at hand, so can't test or judge .... based on many Netgear switch VLAN deployments, these features are typically very reliable.&nbsp;

Forum Discussion

Tagged VLAN not working on a GS324T

8 Replies

Related Content

AX1800 VLAN Tagging not working

Switch Netgear GS324T

GS305E Trunking tagged and untagged vlans

GS324T Port Separation

VLAN tagging - 802.1q?

NETGEAR Academy

ProSupport for Business