NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
GS305E / GS308E VLAN 802.1Q issues
Hi, I'm trying to connect 2 Ethernet Plus switches in series, like this: pfSense <> switch A <> switch B I'm having a real hard time making this work with VLANs and I've been trying for days now. I'...
Hi schumaku, thank you very much for the response. You helped me solve my issue and it turns out I did not select the wrong product for my project, which would have been a shame because I bought a ton of those when the 5-port was only $15 and the 8-port was $28. I think I have over 10 in total, so I would have been bummed out.
The solution is that whichever VLAN is used for management, probably the lowest VLAN ID, in my case I'm using VLAN 1, the PVID of the parent switch of the port that is used to daisy chain them, perhaps called the trunked port or perhaps uplink, it needs to match that VID, so in my case 1, and that's it.
I just tried it by daisy chaining 3 of these switches, each one uses a single ethernet cable between them, and I'm pushing a whole bunch of VLANs all the way through and I'm able to access each of the switches and each of them is getting the IP from the DHCP of VLAN 1, so it is working beautifully, again in large part to what you wrote, so thank you again.
As a tribute to these wonderful switches a picture of my project. Bottom left is my current network which is a rats nest to say the least and at the top right is the new network that I'm building which uses VLANs and will be much better. Once it is done I will start migrating all my things over to the new one.
I can say it's a lot of fun to learn all this stuff and I really enjoy making my own cables too. Makes me feel like I know what I'm doing (even though I'm still a noob) haha.rats nest
I have one last test to report. I continue where I left off except now I'm adding a 2nd 8-port switch at the end, so it looks like this:
pfSense <-> 5-port <-> 8-port-A <-> 8-port-B
I configure the latest 8-port-B switch the same way as the one before, except for the dummy VLANs I'm going with 501, 502, and 503 instead of 401, 402, and 403, otherwise 100% the same config.
As I expected at first I was not able to reach the interface of the new switch. The reason is that it plugs into 8-port-A, port 2, which has PVID 402, which means untagged incoming traffic leads to nowhere and as such the new 8-port switch is not able to get an IP. All I had to do was switch the PVID to 1 (on 8-port-A switch, port 2) and then it started working, where the new switch got an IP from VLAN 1.
As a sanity check to show that the 5-port switch works better with VLANs I added one more switch to the end like this:
pfSense <-> 5-port-A <-> 8-port-A <-> 8-port-B <-> 5-port-B
I configured it almost the same as 5-port-A except I'm making port 2 unused and calling it the end of the line.
Port 1 = 1T, 2T, 8T, 10T, 20T, 601U, PVID 601
Port 2 = 602U, PVID 602
Port 3 = 603U, PVID 603
Port 4 = 604U, PVID 604
Port 5 = 1U, PVID 1
This worked and I'm able to access the switch interface despite the fact that this switch connects to 8-port-B, port 2, which is configured with PVID 502. As expected in this case the 5-port switch must be using VLAN 1 tagged to get the IP.
To summarize countless hours of tinkering:
A) The first switch has to be a 5-port and after that it doesn't matter.
B) Any port that connects to an 8-port switch needs to have the management VLAN as the PVID.
I made 2 more findings to share. What happens when the 5-port switch (GS305E) can reach 2 different DHCP servers?
In this case server A and server B, whereas server A is meant to pass-through for other things but server B is the actual one that is supposed to be used, like for the switch management.
It looks like this:
DHCP - A <---> [port 1, 33U, PVID = 33 ... port 2, 1T, 2T, 8T, 10T, 20T, 33T, PVID=542] <---> DHCP - B
Initially the switch tries to get the IP from B because presumably it is available via the lowest VLAN ID. However what happens if B isn't available. In my case, A is a simply router and B is a PC running pfSense. If there would be a power outage (I have UPS but ignore that or if the outage is longer), DHCP A will probably be online before B. In this case the switch gets the IP from A and sticks with it.
The second thing I noticed, if this happens, it appears I can not access the switch interface from the A-IP. I can only guess that the interface is still looking for VLAN 1 and the IP of the switch is now from VLAN 33. To me this is hardly because of performance of the processor, this just sounds like a firmware bug. I can look past that because I only paid $15 for these switches, just something to keep in mind.
Switch A is a GL-AR750S-Ext with openWRT / luci. I first attempted to block the switch from getting an IP address. This continuously failed or maybe it was already too late to try and block it because it had already received a session, I don't know. I attached a screenshot of my attempts, all of which failed.
This is when I went to plan-B and set a static IP in the switch. I always use static IPs but I like it when they come from the DHCP server, I don't know why, this is why I didn't do that sooner. As expected this worked great.
My last test was like this: Plug in switch, wait 1 minute, plug in to DHCP - A, wait another minute, then plug in to DHCP - B and try to access the switch (from B) and it worked right away.
This finally concludes the skeleton setup of my new network. Everything from here will be straight forward stuff in pfSense and physically connecting stuff up.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
