Hi
I have a Netgear GS108E Prosafe switch connected to an MT Hap ac lite. I am trying to understand the world of VLAN’s and have managed to connect 3 ports on the Netgear switch (port 2 is the trunk port & ports 3 & 4 are access ports) to the MT ethernet port 4 (to which VLAN is attached to) using a vlan id 100. Machines connected to Netgear ports 3 & 4 pickup the DHCP range of addresses from the MT VLAN without issues (using a subnet of 192.168.100.0/24).
However, the remaining 5 Netgear ports NOT configured for a specific VLAN (IE left as defaults) are unable to see the rest of the non-VLAN MT network. I was hoping to use the other 5 ports as normal (IE non-VLAN) LAN ports and everything communicates via the VLAN trunk. AM I missing something? Being a newbie with VLAN I am trying to understand why things work or not work.
Thanks
The difference is in whether a vlan is tagged or untagged on a trunk interface.
By default, switches consider vlan 1 to be the “native vlan” - meaning that it is not tagged on the trunk, and conversely, any untagged traffic received on the trunk is considered to be in the native vlan (1 by default).
So - on the Mikrotik, let’s say you’re using a stand-alone trunking interface of ether4 (meaning that it is not running as slave to any other interface in either the hardware switch or on a bridge).
If you want vlan100 to be active on the link, you create a vlan100 interface connected to ether4, and then you put the IP address, DHCP server, firewall rules, etc onto interface vlan100.
For the untagged vlan, you simply put the IP, DHCP, Firewall, etc directly onto ether4 interface (no vlan1 interface)
If you create a vlan1 interface, then the Mikrotik is going to send/receive vlan1 as tagged traffic on the trunk just like any other vlan. The switch may or may not recognize tagged vlan1 on ingress, but most likely, it is sending vlan1 as un-tagged, which the Mikrotik would not receive on the “vlan1” subinterface - which is exclusively looking for frames with the vlan tag present and set to 1.
Hope this makes sense.
Thanks for your explanation - yeah I sort of understand most of what you said. The Netgear switch is set to tag VLAN1 (the default) and VLAN100 on port 2 but that hasn’t made any difference.
I suppose the only way to utilise the remaining Netgear ports is to create another, different vlan (ie VLAN200) and setup that VLAN200 on MT as well.
If the switch is tagging vlan 1 on the trunk, then you need to add a vlan1 subinterface on the Mikrotik end so that the Mikrotik will send/receive tagged traffic for VLAN 1.
Thanks ZeroByte - do I create the sub VLAN1 on the MT to Ether4 (same as the VLAN100 ) or does it go on another ether port?? Do I then need to add the MT VLAN1 to any bridge at all??
In my experimentation, I did add a VLAN1 to ether 4 earlier and lost all connectivity to the MT - had to reset and start again (luckily I am configuring test equipment, and not my main LAN)
Cheers
If you wish to make vlan1 available on other interfaces of the Mikrotik itself, then yes, you’ll need to bridge it to the other interface(s) where you want it.
In your case, you should create a bridge and then add the vlan1 interface to the bridge as a port. Then add whatever other ports where you wish vlan1 to be available.
If your switch is tagging vlans 100 and 1 on the interface connected to the Mikrotik, then your Mikrotik should have vlans 1 and 100 on its end of the link.
Basically in a nutshell, the tagged / un-tagged vlans should match up 1:1 on both ends of the link.
Thanks again ZeroByte, you are a star - worked a treat.