NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

oheli1's avatar
oheli1
Aspirant
Mar 23, 2021

Tagging/Untagging of Ports connected to ESXi-Host and APs (WAC720)

Hello together,

Currently we have some really bad issues: the network is not stable an some clients got the wrong IP-Adresses from a different VLAN. To eliminate setting-failures I couldn't find any clear answer in the manuals and now I hope you can help me :-)

 

1) How do the stack-ports have to be configured?

  • We have 6 switches (M5300 POE and non-POE) in stacking mode (closed ring)
  • 12 stacking-ports are configured as stack (link-status: UP)
  • management VLAN-Id: 100

-> we untagged "U" all used VLAN-IDs on this specific stackports (mostly port 51/52 or 27/28)

-> and set PVID to VLAN-ID_1 (it is interesting, that some of these stack-ports still marked with "current PVID=0"

 

Question: Are these settings correct?

 

2) Switch-ports which are connected to a ESXi-Host (10GB-ethernet ports)

  • we have several VLAN which should all be available to the VMs in the ESXi-Host
  • mangement VLAN is ID-100
  • it is clear that all used VLANs have to be "tagged"

Question: 

-> do these ports have to be untagged "U" with management VLAN (ID:100)?

-> or with VLAN-ID: 1 (default), or disabled (empty)

 

3) We have about 50 WAC720 controlled by a WC7600v2

  • as mentioned before: management-VLAN: 100
  • switch-port which is connected to controller has ID-100 untagged "U"
  • switch-ports which are connected to a APs are tagged "T" with all used VLANs to be available in WiFi-networks
  • the management-settings for the APs are: VLAN: 100
  • "Untagged Vlan" is disabled 

Question:

-> which PVID configuration is the right one for this AP-ports?

-> do the management-VLAN 100 has to be untagged "U" for these ports

or with VLAN-ID: 1 or empty?

-> or has the management setting "untagged Vlan" to be set to ID 100 and PVID also to 100 (as I understand the manual, this is only used for initializing new APs (and has to be changed after APs are initialized -> set to tagged "T")

 

Thanks for you help in advance 

Eli

3 Replies

  • schumaku's avatar
    schumaku
    Guru - Experienced User
    Mar 23, 2021

    Eli,

     

    Here some simple guidelines and check points:

     

    1. Where a single adapter/computer should be connected a defined VLAN eg. 1234, only the VLAN 1234 is [U]ntagged on this port, and logically also the PVID must be 1234 (defining the VLAN ID untagged frames flowing to the switch will be assigned to) - that makes up an access port. No other VLAN must be be associated to this port or LAG, neither untagged nor tagged.

     

    2. Everywhere where you have multiple VLANs over a connection or a LAG (switch stack, switch interconnection, ESXi hosts, wireless access points, ....) -  a trunk - all VLAN must be [T]agged. Only _one_ VLAN can be run untagged and again the PVID must be set to the same VLAN ID.

     

    Time to review everything, and clean out the mess which is (sorry - obvious) in place there. All VLAN untagged on a switch interconnection is definitively wrong! You will end with wild interconnection of what re supposed to be independent networks. It's difficult to provide a general standard which VLAN should be run untagged. Sometimes, you can have devices with special requirements or limitations. Write down _exactly_ what you want to achieve, and how the switch stack, and other trunk connections are supposed to be configured. 

     

    Have fun troubleshooting and clean-out the spaghetti network!

     

    -Kurt

     

     

    • oheli1's avatar
      oheli1
      Aspirant
      Mar 23, 2021

      Hello Kurt,

       

      thanks for your reply.

       

      This was exactly what I've done. I made an excel-sheet and copied all seetings of every single port from our 6 swiches in that sheet.

      (At netgear GUI this is quite tedious and cumbersome)
      How to configure a access-port is clear. How to configure a trunkport is also basically clear.
      But my questions are still not clear to me.

       

      1) WC7600

      Here are my settings for the controller and one AP

      I tagged all my needed VLans (20, 110, 150)

      What are the correct settings in this scenario for PVID and (U)ntagged membership?
      a) PVID-ID_100 & (U)tagged membership_100
      b) PVID-ID_1 & (U)ntagged membership_1

      c) both possible

      As I understood you correctly, both would be possible, right?

       

      2) Stacking ports: Here are screenshoots of two VLAN-IDs and the PVID settings

      Same here, what would be the right settings?

      a) Membership: VLAN_20 (and all used VLANs) set to (T)agged & VLAN_1 also set to (T) & VLAN_100 stay (U)ntagged & PVID & changing to ID_100

      b) Membership: VLAN_20 (and all used VLANs) set to (T)agged & VLAN_100 also set to (T) & VLAN_1 stay (U)ntagged & PVID & changing to ID_1

      c) both is working

      Additional question: Is the wrong setting the reason why the "current PVID" is set to "0"?

      I hope I'm not annoying :smileyfrustrated:

    • oheli1's avatar
      oheli1
      Aspirant
      Mar 25, 2021

      Hello Kurt,

       

      could you please have I look at my topic.

      I posted some additionally screenshot form my current settings with specific questions.

       

      Best regards

      Eli

       

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More