VLAN help (tagging / untagging)

Soogs · 28 Oct 2021 at 10:03

Hi all, need some help setting up my first vlan/s.

I've added VLANs 20 and 30 to my edgerouterX, my TP-link switch (switch1) and my Zyxel switch (witch2). Also have set up DHCP servers on the edgerouterX.
192.168.1.0/24
192.168.20.0/24
192.168.30.0/24

DNS for all is 192.168.1.5 and 192.168.1.4 (pihole's)

I've enabled VLAN aware on the edgerouter switch.

I've also created VLANs 30 on both the managed switches.

here is where i run into a brick wall...

I'm not sure what I'm meant to tag and untag.

ERX: eth3 has vlan id 30 (and native)

Managed Switch 1: ports 6 and 8 belong to native and vlan 30 (have tried tagging both ports and just one port)

Managed Switch 2: ports 1 and 5 are on vlan30 (have removed port 5 from the native vlan) (have tried tagging one or both ports)

not sure where I am going wrong.

any help is really appreciated!

ERX eth 3 links to managed switch 1
managed switch 1 (port 6) links to managed switch 2 (port 1)

the work PC I want to put on vlan 30 is on managed switch 2 (port 5)

Hope this all makes sense.

the-evaluator · 28 Oct 2021 at 10:18

If a port is untagged on a VLAN then anything plugged into that port will be in that VLAN. Untagged = native.

if a port is tagged on a VLAN then the client plugged into that port will need to do the untagging to access that VLAN.

Let's say you have VLAN 20 untagged and VLAN 30 tagged on a given port. Plug a client into that port and it'll be in VLAN 20. That client could access VLAN 30 if you tell the client to untag the VLAN itself. On a Windows box that's generally done by opening the network card in device manager and setting the VLAN ID there. This is one of the NICs on my machine:

At present there's no VLAN ID set so the machine would be in VLAN 20. If I set that VLAN ID to 30 then the machine would be in VLAN 30.

In your example you would want port 5 on managed switch port 2 to be untagged in VLAN 30. No need to tag VLAN 1 or 20 there.

However, you need to make sure that the VLANS are actually present on the additional switches. Check that all the VLANs are presented on the ports that link the switches together.

Soogs · 28 Oct 2021 at 10:35

ok im starting to make more sense of this. but still not haveing any joy.

ERX ---> managed switch 1 (port 8) || managed switch 1 (port 6) ---> managed switch 2 || managed switch 2 port 5 ---> work pc
am I meant to tag port 6 on switch 1 and port 1 on switch 2? and then leave port 5 on switch 2 untagged?

Ive tried both tagged on both switched, both untagged and combinations all possible combinations of either switch being tagged on or off

the work PC is locked down tight so cant get into any settings to tag it

the-evaluator · 28 Oct 2021 at 10:41

Can you draw a quick diagram that includes port numbers and switch models. It'll be a lot easier to follow.

If you have your port settings right (VLAN 30 untagged) then you won't need to make any changes on the work PC, I uploaded the screenshot as an example of what can be done rather than what you need to do.

Soogs · 28 Oct 2021 at 10:50

Soogs · 28 Oct 2021 at 10:51

the-evaluator · 28 Oct 2021 at 11:10

Holy large images, Batman!

Which screenshot belongs to which switch?

Soogs · 28 Oct 2021 at 11:17

1 ERX
2 Zyxel
3 TPlink

Soogs · 28 Oct 2021 at 12:07

I've cut out the middle switch from the equation and still no joy

there is one very odd thing in all of this... the DHCP has assigned an IP address on vlan 30 but its to my PC which is on port 3 and not on the 30 vlan
the actual pc itself is still on the native vlan and has the correct ip address

ChrisD. · 28 Oct 2021 at 12:43

Just allow all VLANs on all switch to switch ports and tag client ports where you want a client on a particular VLAN.

Soogs · 28 Oct 2021 at 12:55

I have.
VLAN 30 on the ERX eth4
VLAN 30 on ZyXel ports 1 and 5
tried all 4 combinations of tagged/untagged and still nothing
1 tagged 5 untagged
1 tagged 5 tagged
1 untagged 5 tagged
1 untagged 5 untagged
nothing is working

the only thing I'm doing right (I think) is removing port 5 from the native vlan

$anch3z · 28 Oct 2021 at 19:18

You will need to set the ERX with all the vlan's you are using in your network on one interface, so each vlan has a sub-interface - take a look at this https://www.youtube.com/watch?v=nustDJWm9DU

Soogs · 29 Oct 2021 at 18:26

OK so with the help of that video and many other hours of reading on ui
I've finally cracked it... though it doesn't make much sense...
i had to create vlan 1, tag it along side vlan 30. then on the switch I had to put the port PVID to 30 and I finally got an IP address on the 30 network!
man that was exhausting but oddly satisfying
thanks for all the help as always

ChrisD. · 30 Oct 2021 at 12:30

Which is what I said wasn't it, regarding tagging the switch port with the VLAN you want the client on?

Soogs · 1 Nov 2021 at 06:46

ChrisD. said:
Which is what I said wasn't it, regarding tagging the switch port with the VLAN you want the client on?

native vlan = 1 by default right?
i was tagging 1 with no joy.
its only after creating vlan1 and assigning 1 to it where it worked.
not sure if that's what you meant from the start. all the videos I watched just tagged it. not actually created vlan1 which is there from the beginning?

$anch3z · 1 Nov 2021 at 08:48

Native vlan can be anything you want, just most switches and respective OS's will assign vlan 1 as the native by default - any untagged traffic will use the native vlan

ecksmen · 1 Nov 2021 at 21:23

0,1 & 4095 are typically reserved depending on vender.