Page 2 of 2 FirstFirst 12
Results 11 to 18 of 18

Thread: VLAN Assistance

  1. #11
    Untanglit
    Join Date
    Nov 2016
    Location
    Cincinnati, OH
    Posts
    24

    Default

    I'm still struggling with this! Anyone else have some thoughts or inputs? I have read a few things about Untangle stripping off VLAN tags. I don't exactly comprehend this being as Untangle clearly has the option under networking to add a Tagged VLAN interface.

    One thought I am having is potential for the 1 internal NIC to serve as both a physical and virtual interface. (ie:the physical internal nic directly handles the default VLAN 1 with DHCP and a 192.168.0.1 IP range. Should I be bridging the internal interface to all VLAN interfaces and creating a VLAN 1, 10, and 20? This would make all interfaces essentially virtual or VLANs.

  2. #12
    Master Untangler abailey's Avatar
    Join Date
    Mar 2016
    Posts
    102

    Default

    My setup is almost exactly like yours and your Untangle config looks correct to me. Have you tried to give you laptop a static IP Address in either VLAN 10 or 20 and see if its able to communicate? That would help narrow down what the problem might be.

  3. #13
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,093

    Default

    I would call Netgear, and while you're trying to get through the heavy accents, beat yourself over the head with a large heavy object for even attempting this with one of their switches.

    If you have a laptop or something with an intelligent NIC that can be manually set to the appropriate tags, and plug it into Untangle directly, I can all but guarantee you, the thing will communicate.

    But, if there's one thing I've learned this year, if the switch doesn't have Dell, Intel, Cisco, or HP's name on it, the way VLANs work is utterly screw-balled and backwards of what you'd think. And heaven help you if you actually tried to read the utterly atrocious documentation.

    Oh, and if I'm reading your switch screen shot correctly, you have the specific member ports set as Untagged?

    http://kb.netgear.com/29997/How-to-C...etgear_organic

    U, Untagged, means traffic is not tagged with the VLAN ID on Egress, when it exits the switch, to the next upstream or downstream device.
    You need to set those stupid things to TAGGED, because in Nutgear land, that means traffic entering that port, and then ultimately leaving the switch needs to be tagged. If it isn't tagged, Untangle's virtual nics will ignore the traffic.

    Don't ask me how you'd actually configure the TRUNK port that should be pointed at Untangle, you're going to have to do some serious fiddling to get that straight. Again, I recommend a laptop with static IP configuration and a constant ping.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #14
    Untangle Ninja
    Join Date
    Jan 2011
    Posts
    1,298

    Default

    @dhmoore74 - the problem is that your notebook isn't tagging it's packets. it's sending untagged packets, and you want the switch to take those packets and tag them. the regular 802.1q vlan settings don't do that - neither Tagged nor Untagged takes a packet that has no tag and adds it (these settings pertain to EGRESS only)

    What you want is INGRESS tagging to take all untagged packets coming in on a given port, and tag them with an 802.1q vlan tag.

    On the netgear kinda-smart switches (the E models), you start with the 802.1q setup you already have, in the 802.1q VLAN Advanced settings. Now you want to TAG the port going back to the untangle, and then UNTAG The port going to your notebook (leave the rest blank, they don't participate in the VLAN at all). Then you go to the Port PVID screen option, just below the VLAN Membership entry, and you assign port 5 (or whatever port your laptop is plugged into) to that same VLAN id.

    Now you have all untagged packets entering port 5 being tagged, and then those packets egress port 8 keeping their tags. In return, tagged packets from the untangle enter the switch from port 8, and egress on port 5 with their tags stripped. Tada, your notebook is communicating on a VLAN without even knowing it.

    @sky-knight - no need for Netgear FUD. Their switches work great, and the VLANs are quite easy to understand.

    (edit: well, ok, I re-read the original post more carefully, and see this is what you've already done. color me puzzled that you've not had success then, as that exact config works fine for me.... oh, have you rebooted your untangle recently? that's the big problem I ran into when I first tried to setup VLANs, there had been a kernel change but the box hadn't been rebooted, so when it tried to load the the kernel module for the VLAN it wouldn't load because the running kernel didn't match the module. the tell-tale though was that the "Current Address" field for the VLANs didn't populate, but they're populated for you so it seems that's not likely the issue)

    (edit 2: maybe update the firmware on your Netgear? I suppose you could be running into some bug...)

    (edit 3: I will confess I have this exact configuration on a GS108T sitting at my desk, which is the "actually smart" version, as opposed to the "kinda smart" GS108E, which I do also have here but not in a place where I can readily test it. however I do have the same VLANs configured on another E-series which works just fine, though I don't have any need for the Port PVID function there; that said I don't believe for a moment that the Port PVID function somehow doesn't work on the E-series, so we're back to either a firmware bug or something else in your configuration that is causing the issue)
    Last edited by johnsonx42; 12-09-2016 at 12:59 PM.
    Kyawa likes this.

  5. #15
    Untangle Ninja
    Join Date
    Jan 2011
    Posts
    1,298

    Default

    FWIW just now I had to create a new VLAN for a non-trusted device hanging off a "kinda smart" GS105Ev2, and did the exact config noted above and it worked on the first try. Tagged the port heading up-stream, Untagged the port connected to the device, and then assigned the port to the VLAN on the Port PVID page. Likewise created the same VLAN and Tagged the relevant ports on the GS116Ev2 and GS724Tv3 that were between the Untangle and the device.

    So far my biggest complaint with the "E" model netgear kinda-smart switches is you can't view the MAC address table. It's so nice on the "T" models to be able to see what MACs are visible on each port... with the E's I had to actually go look at the switches to see what was hooked up where.

  6. #16
    Untanglit
    Join Date
    Nov 2016
    Location
    Cincinnati, OH
    Posts
    24

    Default

    ok... so in an effort to help identify my problem. I have decided to reconfigure the vLANS by starting over in both UTFW and my switch config. I have videoed the entire process, in hope that someone on here will be able to identify where I am missing it. Below is a link to the video I recorded of the entire process. I tried to explain as I went. Please excuse the fact that this is the 1st video I have ever made and put on Youtube.


  7. #17
    Untangle Ninja
    Join Date
    Jan 2011
    Posts
    1,298

    Default

    sorry, meant to make some popcorn and watch that last night, but I forgot by the time I got home. Will try to remember tonight...

  8. #18
    Newbie
    Join Date
    Jun 2016
    Posts
    9

    Default

    Try changing the U's on ports 5 and 6 to T's and see what happens

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2