ER605 Vlan issues - Monitoring (ingress and egress)

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

ER605 Vlan issues - Monitoring (ingress and egress)

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
ER605 Vlan issues - Monitoring (ingress and egress)
ER605 Vlan issues - Monitoring (ingress and egress)
2022-03-02 12:28:05 - last edited 2022-03-03 14:04:47
Model: ER605 (TL-R605)  
Hardware Version: V1
Firmware Version: 1.2.0

Good morning,

 

After trying to figure out why the ACL seems to block all vlan traffic as soon as I put any rule with the router in stand-alone mode, I decided to check to make sure that the 802.1Q tags were properly being added to packets.

 

The router is connected to a trunk port in an old Cisco 2960S and from a different Cisco trunk port to another managed switch which also tags vlans (checked via monitoring).

 

Is there a reason that the traffic coming from the Cisco switch has no vlan tags when monitoring on the router?

I checked both ingress and egress, there's no tags at all. Is it perhaps that the monitoring doesn't take into account encapsulation?

 

Let me know if I can provide any extra information!

 

Thanks in advance,

  0      
  0      
#1
Options
2 Reply
Re:ER605 Vlan issues - Monitoring (ingress and egress)
2022-03-03 07:18:30

garbinc wrote

Good morning,

 

After trying to figure out why the ACL seems to block all vlan traffic as soon as I put any rule with the router in stand-alone mode. I decided to check to make sure that the 802.1Q tags were properly being added to packets.

 

The router is connected to a trunk port in an old Cisco 2960S and from a different Cisco trunk port to another managed switch which also tags vlans (checked via monitoring).

 

Is there a reason that the traffic coming from the Cisco switch has no vlan tags when monitoring on the router?

I checked both ingress and egress, there's no tags at all. It's it perhaps that the monitoring doesn't take into account encapsulation?

 

Let me know if I can provide any extra information!

 

Thanks in advance,

Hi  @garbinc ,

 

Have you checked the Router VLAN settings? If the port is not tagged, then the port will drop tagged data.

 

Here is an example how to use the router VLAN to work with a switch:

https://www.tp-link.com/us/support/faq/2246/

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#2
Options
Re:ER605 Vlan issues - Monitoring (ingress and egress)
2022-03-03 13:00:22 - last edited 2022-03-03 14:12:04

  @Hank21 thanks for your reply :)

Yes, they are tagged I have vlan 5 and 30 tagged on port 5 and have native vlan 1 untagged on port 5 as well.

 

The traffic works and I'm receiving correct IP addresses from dhcp. When monitoring port 5 in ingress and egress with wireshark on port 4, they are no 802.1q tags in the packets.

 

If this is the case, it could explain why ACL's aren't working as well however, it's weird because the router seems to see them (see images)

 

traffic stats:

 

vlan router configuration:

 

 

  0  
  0  
#3
Options