NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

Jeremy__'s avatar
Jeremy__
Aspirant
Oct 17, 2019
Solved

VLAN tagging not working on GS750E

Hi,   I am currently configuring some VLAN on a GS750E switch (48 ports, managed). Firmware version is the last : 1.1.0.4   I tried to setup a single tagged VLAN, but the tags are lost on every ...
  • schumaku's avatar
    schumaku
    Oct 18, 2019

    Looks like a bug to me. Afraid, the few GS750E are operating with just a tagged trunk/uplink and untagged ports (to multiple VLAN), no issues that far (and can't change the customer environment for testing) I'm afraid. Please get in touch with the Netgear support via https://my.netgear.com/ - these switches are coming with a limited lifetime warrant and lifetime chat support. 

schumaku's avatar
schumaku
Guru - Experienced User
Oct 18, 2019
Jeremy__ wrote:

All ports are only in the VLAN 20, tagged (with the T in the square)

They are all pvid 20

Hello Jeremy,

 

Not a bug, suspect you confused yourself with this configuration. If you are configuring a port VLAN 20 Tagged, the system connected out must be configured to handle the tagging, and be able to handle incoming tagged traffic. This is typically the configuration for one, and more typically for more VLANs handled e.g. for trunk configurations, for wireless access points handling multiple SSIDs, for computers with multiple VLAN sub-interfaces - all on one port. Configuring the PVID - this is the VLAN ID incoming untagged traffic is going to - to the same VLAN ID like the tagged traffic, can cause issues - as one typically does run a different VLAN for "catch all untagged" for whatever purpose.

 

If you want a port be associated to a VLAN 20 but non-tagged traffic (the attaced system does work untagged but on the VLAN  ID 20), the port must be configured VLAN ID 20 [U] as the traffic on the port/patch cable is untagged. the PVID here then must be configured to 20 otherwise the incoming traffic does go to a different VLAN.

 

Good luck!

 

Regards,

-Kurt  

Jeremy__'s avatar
Jeremy__
Aspirant
Oct 18, 2019

Hi,

First ,thank you very much for your answer.

I used the PVID and only tagged 1 VLAN to demonstrate the issue, in the simplest configuration possible.

I do intend to use multiple tagged VLAN on some ports, and to untag most of them in a default VLAN.

But right know, I can't make 2 single host communicate on tagged ports ...

 

Both machines are indeed configured to handle tagged traffic, and as proof of that :

The machine 1 send its ARP requests tagged with VLAN 20.

The machine 2 takes this tagged ARP request, and answers a with tagged VLAN 20 packet.

That prooves that both my machines are OK with tagged VLAN 20 traffic.

 

My issue with the switch is :

the tagged ARP answer he received from the Machine 2 is transmitted to the Machine 1 (good port) but the tag is removed.

Even when the source port is PVID 20 (so I know the switch either understood the tag, or default it to VLAN 20), and the destination port is VLAN 20 tagged.

I tried to force it to tag all packets, by making sure that all ports are only in VLAN 20, all ports are tagged, and even if incoming packets are not tagged, they are in the correct VLAN (PVID). In this configuration, as all ports are tagged, every single packet emitted by the switch should be tagged, right ?

 

The tags works with broadcased packets (ARP request) but not with single host one (ARP reply).

That's what I dont understand. Same VLAN, same ports, both incoming packets tagged, and yet different behaviour ?

 

Best regards, Jeremy

  • schumaku's avatar
    schumaku
    Guru - Experienced User
    Oct 18, 2019

    Looks like a bug to me. Afraid, the few GS750E are operating with just a tagged trunk/uplink and untagged ports (to multiple VLAN), no issues that far (and can't change the customer environment for testing) I'm afraid. Please get in touch with the Netgear support via https://my.netgear.com/ - these switches are coming with a limited lifetime warrant and lifetime chat support. 

    • Jeremy__'s avatar
      Jeremy__
      Aspirant
      Oct 18, 2019

      So I did a few more tests with scapy.

      It seems there are undocumented, unchecked limitation on the switch :

      There can be only one tagged port, the others must be untagged and take advantage of the PVID.

       

      I'm gonna contact the support about this, but if this is the case, it should be documented, advertised, and checked by the administration interface ...

       

      Thank you again for your time and your answers !

       

      Best regards

      • schumaku's avatar
        schumaku
        Guru - Experienced User
        Oct 18, 2019
        Jeremy__ wrote:

        It seems there are undocumented, unchecked limitation on the switch :

        There can be only one tagged port, the others must be untagged and take advantage of the PVID.

        We operate multiple tagged ports in a daisy chain trunk config, that far it isn't limited.

        Ok, looking what support will come to ... don't forget to add a link to this thread, this should allow the short cut to L2.

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More