This topic has been marked solved and closed to new posts due to inactivity. We hope you'll join the conversation by posting to an open topic or starting a new one.
I am currently configuring some VLAN on a GS750E switch (48 ports, managed).
Firmware version is the last : 1.1.0.4
I tried to setup a single tagged VLAN, but the tags are lost on every ARP reply.
My config is very simple :
All ports are only in the VLAN 20, tagged (with the T in the square)
They are all pvid 20
The VLAN 1,2,3 have no ports, all removed.
I put 2 machines on 2 differents ports, trying to ping each other (and so sending ARP requests and answers)
The first sees :
An ARP request (its own) for the second, broadcasted, with VLAN TAG 20 => OK
An answer, from the second machine, addressed to itself (OK) but NOT TAGGED.
So maybe the second machine didn't tag ? And yet it did :
The second received the ARP request all-right, and send the reply, tagged, as it should be.
I'm sending with this a picture off my wireshark capture on both sides, as well as the switchs configuration screens.
So the question here is : why the ARP answer received by the first machine is not tagged, when :
- It has been tagged when it was sent
- The port is explicitly tagged in the switch configuration, and so should tag all packet in the VLAN
- There is no other untagged VLAN in there (so no untagged VLAN that could lead to any kind of confusion)
- The default VLAN has been disabled
It not the first time I work with VLAN, but ... I have no clue what's happening : it is either an incredible bug in the software (only the broadcasted packets seems to be tagged), or I missed something.
Looks like a bug to me. Afraid, the few GS750E are operating with just a tagged trunk/uplink and untagged ports (to multiple VLAN), no issues that far (and can't change the customer environment for testing) I'm afraid. Please get in touch with the Netgear support via https://my.netgear.com/ - these switches are coming with a limited lifetime warrant and lifetime chat support.
All ports are only in the VLAN 20, tagged (with the T in the square)
They are all pvid 20
Hello Jeremy,
Not a bug, suspect you confused yourself with this configuration. If you are configuring a port VLAN 20 Tagged, the system connected out must be configured to handle the tagging, and be able to handle incoming tagged traffic. This is typically the configuration for one, and more typically for more VLANs handled e.g. for trunk configurations, for wireless access points handling multiple SSIDs, for computers with multiple VLAN sub-interfaces - all on one port. Configuring the PVID - this is the VLAN ID incoming untagged traffic is going to - to the same VLAN ID like the tagged traffic, can cause issues - as one typically does run a different VLAN for "catch all untagged" for whatever purpose.
If you want a port be associated to a VLAN 20 but non-tagged traffic (the attaced system does work untagged but on the VLAN ID 20), the port must be configured VLAN ID 20 [U] as the traffic on the port/patch cable is untagged. the PVID here then must be configured to 20 otherwise the incoming traffic does go to a different VLAN.
I used the PVID and only tagged 1 VLAN to demonstrate the issue, in the simplest configuration possible.
I do intend to use multiple tagged VLAN on some ports, and to untag most of them in a default VLAN.
But right know, I can't make 2 single host communicate on tagged ports ...
Both machines are indeed configured to handle tagged traffic, and as proof of that :
The machine 1 send its ARP requests tagged with VLAN 20.
The machine 2 takes this tagged ARP request, and answers a with tagged VLAN 20 packet.
That prooves that both my machines are OK with tagged VLAN 20 traffic.
My issue with the switch is :
the tagged ARP answer he received from the Machine 2 is transmitted to the Machine 1 (good port) but the tag is removed.
Even when the source port is PVID 20 (so I know the switch either understood the tag, or default it to VLAN 20), and the destination port is VLAN 20 tagged.
I tried to force it to tag all packets, by making sure that all ports are only in VLAN 20, all ports are tagged, and even if incoming packets are not tagged, they are in the correct VLAN (PVID). In this configuration, as all ports are tagged, every single packet emitted by the switch should be tagged, right ?
The tags works with broadcased packets (ARP request) but not with single host one (ARP reply).
That's what I dont understand. Same VLAN, same ports, both incoming packets tagged, and yet different behaviour ?
Looks like a bug to me. Afraid, the few GS750E are operating with just a tagged trunk/uplink and untagged ports (to multiple VLAN), no issues that far (and can't change the customer environment for testing) I'm afraid. Please get in touch with the Netgear support via https://my.netgear.com/ - these switches are coming with a limited lifetime warrant and lifetime chat support.
It seems there are undocumented, unchecked limitation on the switch :
There can be only one tagged port, the others must be untagged and take advantage of the PVID.
I'm gonna contact the support about this, but if this is the case, it should be documented, advertised, and checked by the administration interface ...
