Help setting VLANs on Netgear GS908E switch? Not receive an IP in the correct VLAN tagged IP range

sentur · ‎2023-10-18

I'm trying to set up VLAN tags on a Netgear GS908E switch. But I'm either not understanding or getting something very wrong.

Here's a network diagram. VLAN tags are set on my gateway Unifi UDR. There's a VLAN tag 20 for IoT. Devices connected to the UDR via WiFI work correctly with VLAN tagging. But the ethernet ones don't.

Here's how the VLANs are set on the Netgear switch.

What am I doing wrong? The IP of the FireTV always defaults to the 192.168.0.0/24 range and not 192.168.20.0/24 range (IoT VLAN).

schumaku · ‎2023-10-18

@sentur wrote:

UDM is managing the IoT VLAN and all other VLANs for that matter.

It’s doing Gateway / Router / VLAN tag and network management and DHCP for all VLANs.

UDM (LAN Port 2) is connected to Negear switch (LAN Port 1)

You must understand and know how your UDM is is configured providing the VLAN 1 and 20 on what becomes the trunk port for the GS908E. If you can connect a computer to this port, and you get DHCP from what is serving the VLAN 1, it's most likely not tagged. .

@sentur wrote:

I think this is correct?

VLAN ID 1:

Tagged → Ports 1, 2, 4, 6, 7, 8

Exclude → Ports 3, 5

VLAN ID 20: IoT

Tagged → Ports 3, 5

Exclude → Ports 1, 2, 4, 6, 7, 8

Why oh why you changed all 1..8 to be tagged? It's only the trunk where you carry multiple VLANs which is all tagged (or one VLAN runs untagged).

VLAN ID 1:
1. Tagged → Ports 1 .. under the assumption the VLAN 1 is delivered as tagged. This is the de-facto standard for trunk links carrying multiple VLANs. It could be also used untagged for VLAN 1 with the PVID set to 1.
2. Untagged as access ports → 2, 4, 6, 7, 8 with PVID set to 1
3. Exclude → Ports 3, 5
VLAN ID 20: IoT
1. Tagged → Ports 1 ... this will be your uplink carrying the trunk of VLAN 1 and VLAN 20?
2. Untagged → Ports 3, 5 with PVID set to 20 ...
3. Exclude → Ports 1, 2, 4, 6, 7, 8

In general, I tent to suggest some "logical" port organization. Port 1 VLAN Trunk uplink, port 2...6 access ports for standard LAN 1, port 7, 8 access ports for IoT.

@sentur wrote:

What’s the difference between Untagged and Excluded?

Excluded means the port is not participating in that VLAN.

Untagged means the frames leaving the switch on this post are untagged -and- the PVID defines the VLAN incoming untagged frames are assigned to.

View solution in original post

schumaku · ‎2023-10-18

Dear Julius,

What is the intention having port 3 and 5 untagged to VLAN 20?

1. What is handling the IoT VLAN, how is this VLAN 20 data and IP subnet? The uneducated reader does guess it's your UDM. However, it appears the uplink to the UTM is excluded for the VLAN 20 ... where I would expect it's provided tagged. Otherwise your VLAN 20 and it's 192.168.20.0/24 subnet does never come to your FireTV (or the other TV).

2. If untagged frames coming in on port 3 and 5 needs to go the IoT VLAN 20, so don't forget to define the PVID for these two ports for the VLAN ID 20.

3. Why are port 3 and 5 also configured to Untagged and VLAN 1? A mess is predictable my friend. This is where your 192.168.0.0/24 DHCP is leaking in. Set these two ports where you intend to connect your IoT devices access ports to not participating neither the VLAN 1 nor any other (except of the IoT VLAN 20) port.

VLANing is as simple as 1-2-3 - however, there are many traps and errors easily possible, I guess overwhelmed by the complexity of UTM, missing some basics. Not an issue specific to the Netgear GS908E.

Regards,

-Kurt

sentur · ‎2023-10-18

Thanks Kurt.

UDM is managing the IoT VLAN and all other VLANs for that matter.
1. It’s doing Gateway / Router / VLAN tag and network management and DHCP for all VLANs.
2. UDM (LAN Port 2) is connected to Negear switch (LAN Port 1)

What’s the difference between Untagged and Excluded?

I think this is correct?

VLAN ID 1:
1. Tagged → Ports 1, 2, 4, 6, 7, 8
2. Exclude → Ports 3, 5
VLAN ID 20: IoT
1. Tagged → Ports 3, 5
2. Exclude → Ports 1, 2, 4, 6, 7, 8

schumaku · ‎2023-10-18

@sentur wrote:

UDM is managing the IoT VLAN and all other VLANs for that matter.

It’s doing Gateway / Router / VLAN tag and network management and DHCP for all VLANs.

UDM (LAN Port 2) is connected to Negear switch (LAN Port 1)

You must understand and know how your UDM is is configured providing the VLAN 1 and 20 on what becomes the trunk port for the GS908E. If you can connect a computer to this port, and you get DHCP from what is serving the VLAN 1, it's most likely not tagged. .

@sentur wrote:

I think this is correct?

VLAN ID 1:

Tagged → Ports 1, 2, 4, 6, 7, 8

Exclude → Ports 3, 5

VLAN ID 20: IoT

Tagged → Ports 3, 5

Exclude → Ports 1, 2, 4, 6, 7, 8

Why oh why you changed all 1..8 to be tagged? It's only the trunk where you carry multiple VLANs which is all tagged (or one VLAN runs untagged).

VLAN ID 1:
1. Tagged → Ports 1 .. under the assumption the VLAN 1 is delivered as tagged. This is the de-facto standard for trunk links carrying multiple VLANs. It could be also used untagged for VLAN 1 with the PVID set to 1.
2. Untagged as access ports → 2, 4, 6, 7, 8 with PVID set to 1
3. Exclude → Ports 3, 5
VLAN ID 20: IoT
1. Tagged → Ports 1 ... this will be your uplink carrying the trunk of VLAN 1 and VLAN 20?
2. Untagged → Ports 3, 5 with PVID set to 20 ...
3. Exclude → Ports 1, 2, 4, 6, 7, 8

In general, I tent to suggest some "logical" port organization. Port 1 VLAN Trunk uplink, port 2...6 access ports for standard LAN 1, port 7, 8 access ports for IoT.

@sentur wrote:

What’s the difference between Untagged and Excluded?

Excluded means the port is not participating in that VLAN.

Untagged means the frames leaving the switch on this post are untagged -and- the PVID defines the VLAN incoming untagged frames are assigned to.

sentur · ‎2023-10-18

VLAN ID 1:
Tagged → Ports 1 .. under the assumption the VLAN 1 is delivered as tagged. This is the de-facto standard for trunk links carrying multiple VLANs. It could be also used untagged for VLAN 1 with the PVID set to 1.
Untagged as access ports → 2, 4, 6, 7, 8 with PVID set to 1
Exclude → Ports 3, 5
VLAN ID 20: IoT
Tagged → Ports 1 ... this will be your uplink carrying the trunk of VLAN 1 and VLAN 20?
Untagged → Ports 3, 5 with PVID set to 20 ...
Exclude → Ports 1, 2, 4, 6, 7, 8

Thank you. This makes a lot more sense to me now. As to what needs to be tagged and untagged in each of the VLANs.

Thank you for taking the time to explain it @schumaku

Help setting VLANs on Netgear GS908E switch? Not receive an IP in the correct VLAN tagged IP range

Help setting VLANs on Netgear GS908E switch? Not receive an IP in the correct VLAN tagged IP range

Re: Help setting VLANs on Netgear GS908E switch? Not receive an IP in the correct VLAN tagged IP ran

Re: Help setting VLANs on Netgear GS908E switch? Not receive an IP in the correct VLAN tagged IP ran

Re: Help setting VLANs on Netgear GS908E switch? Not receive an IP in the correct VLAN tagged IP ran

Re: Help setting VLANs on Netgear GS908E switch? Not receive an IP in the correct VLAN tagged IP ran

Re: Help setting VLANs on Netgear GS908E switch? Not receive an IP in the correct VLAN tagged IP ran