Reply

GS108Ev3 Multi Port Based VLAN technical details

chopin70
Virtuoso

GS108Ev3 Multi Port Based VLAN technical details

Hi,

In Zyxel/Cisco port based LAN, we can create basic port based VLAN (not 802.1Q) with non VLAN-aware Router, using MAC adressing on traffic.

 

My 2 questions are:
- how exactly is the Netgear Port based VLAN setup working on the GS108Ev3 ?
- how is the Netgear MULTI Port based VLAN setup working on the GS108Ev3 ? Mainly, is it tagging traffic like in 802.1Q ?

 

My basic setup I would like to achieve:

               Cable Modem
                         |
                         |
               R7000 WAN port
                         |---------------------------------|
               R7000 LAN 1                   R7000 LAN 2
                         |                                        |
                         |                                Admin PC
               GS108E Port 1
                         +
                         + Ports 2-5 <---> PC, NAS, laptop, personal
                         + Ports 6-8 <---> Guest Wifi AP, guest PC, Smart TV

 

Basic port based VLAN setup in GS108E GUI:
- Port 1: all (I understand it Trunk in Netgear terminology ?)
- Ports 2 to 5: group 1
- Ports 6 to 8: group 2

 

In this setup, if Netgear is following strict port based VLAN specs:
- both 1 and 2 groups/VLANs will be on the same subnet
- traffic will be filtered based on clients MAC adresses
- both VLANs will have internet access through port 1
- both VLANs cannot communicate together
- !!! Admin PC can communicate with both VLANs clients !!!
- any client connected to other ports of the router will be shared with both VLANs
- no Loop traffic on any port

 

Advanced Multi Port based VLAN setup in GS108E GUI:
VLAN ID              Port Members
1                          1 2 3 4 5 6 7 8
2                          1 2 3 4 5
3                          1 5 6 7 8
4                          1 5

 

Can I assume that:
- this setup is same as the basic port, adding port 5 as shared between the 3 VLANs
- if I connect a printer / IP camera... to port 5, it will be shared
- no Loop traffic on any port
- no tagging of traffic on ports 1 and 5 for my router and clients

 

The Advanced Multi port based VLAN is rather confusing as I doubt it will work with a non VLAN router unless the GS108E is rellay making MAC filtering even in this setup

 

If any Netgear tech can confirm the functioning of the Basic/Advanced Port based VLAN it will be really usefull to make use of this switch.

 

Best regards

Model: GS108Ev3|ProSafe 8 ports Gigabit Plus switch, R7000|AC1900 Smart WIFI Router
Message 1 of 10
chopin70
Virtuoso

Re: GS108Ev3 Multi Port Based VLAN technical details

Another article proposing the setup I expect with port based VLAN:

http://www.enterprisenetworkingplanet.com/netsysm/article.php/3724316/Do-More-With-Less-PortBased-VL...

 

It uses a GS108T, but comments are discouraging.

 

I really need a tech advice on how Netgear recommends using its port based and advanced port based implementation of VLAN across a gateway without VLAN support

Message 2 of 10
DaneA
NETGEAR Moderator

Re: GS108Ev3 Multi Port Based VLAN technical details

@chopin70,

 

With Port-based VLAN, each physical port is connected to one VLAN.  At ingress, switch adds extra tags to each packet on input.  Packets routed using VLAN tags.  At egress, switch removes the tags from packets on output.  

 

Regarding the network setup you want to achieve, since the R7000 router is not a VLAN-aware router and it can only provide 1 subnet, it would be advisable to configure Asymmetric VLAN on the GS108Ev3. 

 

With Asymmetric VLAN, a port can have multiple untagged membership but single PVID.  A Layer 3 device is not required which means that communication between VLANs is defined by multiple untagged participation.  Lastly, traffic control is defined by participation of ports. 

 

Based on the setup you want to achieve, on the GS108Ev3, kindly configure Asymmetric VLAN as shown below: 

 

for chopin70_Asymmetric VLAN.jpg

 

If ever your concern has been addressed or resolved, I encourage you to mark the appropriate reply as the “Accepted Solution” so others can be confident in benefiting from the solution. The NETGEAR Community looks forward to hearing from you and being a helpful resource in the future!

 

 

Regards, 

 

DaneA

NETGEAR Community Team

Message 3 of 10
chopin70
Virtuoso

Re: GS108Ev3 Multi Port Based VLAN technical details

@DaneA 

Thank you for the input, however, the 802.1Q setup of the GS108Ev3 doesn't seem to support this kind of advertised asymetric VLAN.

For this to work properly we only have 2 options:

- we tag the traffic for each port being member of more than one VLAN: not possible without VLAN aware hardware

- the switch really does MAC traffic adressing

 

- I tested your 802.1Q setup before: it ends up with a huge load on the switch and a traffic crawl due to loops

- The advanced port setup seems to work if I put "all" on port 1 (internet) and even "all" on port 5 (shared printer). I didn't detect any loop traffic. However, I really must know the technical details of Netgear implementation to handle this: security, proper isolation, stability/loop

Message 4 of 10
chopin70
Virtuoso

Re: GS108Ev3 Multi Port Based VLAN technical details

to add to my test results above, see this official Netgear FAQ:

https://kb.netgear.com/000048453/What-do-I-need-to-know-about-setting-up-VLANs

 

Each port can only be an untagged member of a single VLAN. If a port is already an untagged member of a VLAN,
you cannot add it as an untagged member of any other VLANs
Message 5 of 10
chopin70
Virtuoso

Re: GS108Ev3 Multi Port Based VLAN technical details

D-Link, Zyxel, Cisco... provide technical details to activate asymmetric vlan:
https://eu.dlink.com/uk/en/support/faq/switches/layer-2-gigabit/dgs-series/uk_how_to_configure_vlan_...

The issue is that there is no technical info from Netgear about their Advanced Port Based vlan and the Basic/Advanced 802.1Q neither any reference to MAC adressing nor to asymmetric vlan.

Can you provide please these technical info as currently, untagging a port on multiple vlans yields to the loop traffic we expect in classic vlan
Message 6 of 10
chopin70
Virtuoso

Re: GS108Ev3 Multi Port Based VLAN technical details

Another example with shared printer/nas...
https://eu.dlink.com/uk/en/support/faq/switches/layer-2-gigabit/dgs-series/es_dgs_1510_asymmetric_vl...

Many examples for Zyxel/Cisco...

Hope you can bring the clarifications for each of the 4 vlan modes proposed.
Message 7 of 10
DaneA
NETGEAR Moderator

Re: GS108Ev3 Multi Port Based VLAN technical details

@chopin70,

 

I'm afraid that there is no official documentation about Asymmetric VLAN.  I just want to share that Asymmetric VLAN might help and how it should be configured on the switch since the router is not VLAN-aware. 

 

 

Regards,

 

DaneA

NETGEAR Community Team

Message 8 of 10
chopin70
Virtuoso

Re: GS108Ev3 Multi Port Based VLAN technical details

The problem is that it doesn't work, causing loop traffic as expected because of an untagged port member of multiple VLANs

So definately Netgear Smart Switches shoudn't be advertised to support it

Message 9 of 10
schumaku
Guru

Re: GS108Ev3 Multi Port Based VLAN technical details

Last time I had posted similar Asymmetric VLAN config information (sourced from a Netgear server @DaneA !) and hitting similar issues, we concluded the Netgear switches currently don't support configuring asymmetric VLANs.

Message 10 of 10
Top Contributors
Discussion stats
  • 9 replies
  • 1714 views
  • 0 kudos
  • 3 in conversation
Announcements