Needing some assistance with how Netgear handles vlan's on the xs7x8t switches. I have Cisco experience, & it is not translating over as well as i thought.
Example:
I want to move away from using single vlan (vlan1) to multiple vlan's segmenting network. Created 3 subinterfaces on ASA, each with own vlan & network. On Netgear connected to ASA, i created the same vlan's, & then added them to the uplink port as tagged. I also changed the ip & mgt vlan of Netgear to one of the new vlan networks. I had good remote connectivity. On two of the other ports that connect to server interfaces, i made those ports a different vlan & set as untagged. When i changed the server ip to the new network, i could not reach the firewall. With Cisco this would be an access port, & the interface connected to ASA would be a dot1q trunk, & define which vlan's are in the trunk. But it doesnt seem this is how Netgear handles it.
Do i need to change the PVID of the switch ports connected to server to the vlan i want it on? Basically i need the packets untagged when going to server, & then tagged when leaving the switch. So far, i havent figured out the correct settings in the vlan membership & port pvid configuration pages to accomplish this.
An access port is a port that is an UNTAGGED member of only one VLAN with its PVID set to that VLAN ID.
A trunk port is a port that is an UNTAG member of the “management” VLAN with its PVID set to that VLAN ID and a TAGGED member of the other VLANs. The “management” VLAN should match your CISCO native VLAN.
You may also consider changing the trunk on the CISCO side to the “General” mode to fully match the NETGEAR side, for example:
switchport mode general
switchport general allowed vlan add 70,80,90 tagged
In this case, there isn't a Cisco switch, I am using the Netgear's instead. It will connect to a Cisco ASA firewall, which has more router characteristics than switch characteristics. I have the sub-interfaces configured, so at this point I think I need to do some trial & error with the PVID settings of the server ports. I thought I could just add them as part of VLAN membership & call it good.
From ASA:
Interface GigabitEthernet1/4.5 "mgt-oob", is up, line protocol is up Hardware is Accelerator rev01, BW 1000 Mbps, DLY 10 usec VLAN identifier 5 Description: xs728t-1_p1
Interface GigabitEthernet1/4.100 "lab-mgt", is up, line protocol is up Hardware is Accelerator rev01, BW 1000 Mbps, DLY 10 usec VLAN identifier 100 Description: xs728t-1_p1
Interface GigabitEthernet1/4.500 "staging-mgt", is up, line protocol is up Hardware is Accelerator rev01, BW 1000 Mbps, DLY 10 usec VLAN identifier 500 Description: xs728t-1_p1
