CRS305-1G-4S+IN: SwOS Management Interface Not Responding to Tagged VLAN 1 Traffic

SwOS
1

Hi,

Hardware/Versions: CRS305-1G-4S+IN r2, SwOS 2.17

I’m setting up a management network (10.0.0.0/24) on VLAN 1 but can’t access the SwOS management interface with tagged packets. Untagged packets work fine.

Configuration:

  1. System:
  • Static IP: 10.0.0.10
  • Allow From VLAN: 1
  • Allow From Ports: All enabled
  • Independent VLAN Lookup: Enabled
    VLANs:
  • All intended VLANs are set up, including VLAN ID 1
  • All ports are members of each VLAN
  • For all VLANs: Port Isolation enabled, Learning enabled, Mirror disabled, IGMP Snooping disabled
    VLAN (for all ports):
  • VLAN Mode: Strict
  • VLAN Receive: Any
  • Default VLAN ID: 1
  • Force VLAN ID: Disabled

When connecting to the MGMT port with a laptop (IP: 10.0.0.10):

  • Untagged packets: Management interface accessible
  • Tagged VLAN 1 packets: Management interface not accessible

Expected behavior: Both tagged and untagged packets should work.

What am I missing in my configuration to allow tagged VLAN 1 access to the management interface?

Thanks!
Ben

2

You can’t communicate both using tagged and untagged frames (where PVID / default VID for untagged is same as the tagged). Frames can egress either tagged or untagged, not both. And switch has no idea whether the other direction uses tagged or untagged for some particular session.
So if you insist on using VLAN 1 tagged (I strongly advice against it, VID 1 is used by many vendors as “untagged”), then you have to use a different PVID for untagged.