22
Votes

[Request] Omada - VLAN tagging of Native Network - Ignore untagged packets

 
22
Votes

[Request] Omada - VLAN tagging of Native Network - Ignore untagged packets

[Request] Omada - VLAN tagging of Native Network - Ignore untagged packets
[Request] Omada - VLAN tagging of Native Network - Ignore untagged packets
2022-10-16 03:52:06 - last edited 2024-10-15 02:16:43
Tags: #VLAN

Add to Omada control the ability to tag the native VLAN.

Add to Omada the option to ignore untagged packets received on a port or unselect native network from the untagged setting.

 

This is a feature currently available in Jetstream switches when managed in standalone mode, but unavailable in Omada management.

 

These options in Omada will reduce untagged PVID misconfiguration while trunking VLANs between switches or out to APs.  It will also allow Omada APs to have all WLANs tagged, while having different PVIDs from the switches.

#1
Options
2 Accepted Solutions
Re:[Request] Omada - VLAN tagging of Native Network - Ignore untagged packets-Solution
2024-10-14 08:56:46 - last edited 2024-10-21 01:54:19

Hi @JoeSea and others,

JoeSea wrote

Add to Omada control the ability to tag the native VLAN.

Add to Omada the option to ignore untagged packets received on a port or unselect native network from the untagged setting.

Regarding the native VLAN, it is forced to do this as it is an industry standard. We have no intention to change this. Native VLAN has been explained on the page and it is unequivocally untagged.

 

About the ignore untagged packets on the port which may cause security concerns, you can still use the CLI template to enable it Acceptable Frame Types. We will consider optimizing this in future firmware updates.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
#16
Options
Re:[Request] Omada - VLAN tagging of Native Network - Ignore untagged packets-Solution
2024-10-20 11:27:38 - last edited 2024-10-21 01:53:01

For anyone wondering, i got this working perfectly with the below CLI template applied to core switch

 

Now i have multiple uplink ports to my gateway without any faff!

 

Step 1

- Uplug all links to gateway except a port carrying management vlan ONLY

 

Step 2

 - create and apply switch profiles to the ports you want as uplinks to your gateway

 

Port 39 is VLAN 1 (management) uplink, set as VLAN 1 native/untagged only using a normal switch profile

Port 41 are tagged only uplink for VLANs 6-7, with an initial switch profile of 1 native, 6,7 tagged, set in GUI

Port 43 are tagged only uplink for VLANs 10-11 with an initial switch profile of 1 native, 10,11 tagged, set in GUI

Port 45 are tagged only uplink for VLANs 100-1000 with an initial switch profile of 1 native, 100,1000 tagged, set in GUI

Port 47 are tagged only uplink for VLANs 1010-1020 with an initial switch profile of 1 native, 1010,1011,1020 tagged, set in GUI

 

After the switch profiles were applied, i added and activated the following CLI template on my core switch.

 

Step 3

- CLI Template

 

The below template removes VLAN 1 (my management vlan which is untagged and native on the gateway ports) for all the uplink ports I want to carry tagged vlans only, and sets them as tagged only ports on the switch.


*****CLI TEMPLEATE*****

 

#
interface gigabitEthernet 1/0/41
  no switchport general allowed vlan 1
  switchport acceptable frame all
  switchport check ingress

#
interface gigabitEthernet 1/0/43
  no switchport general allowed vlan 1
  switchport acceptable frame tagged
  switchport check ingress

#
interface gigabitEthernet 1/0/45
  no switchport general allowed vlan 1
  switchport acceptable frame tagged
  switchport check ingress

#
interface gigabitEthernet 1/0/47
  no switchport general allowed vlan 1
  switchport acceptable frame tagged
  switchport check ingress

 

***** END TEMPLATE *****

 

Recommended Solution
#18
Options
17 Reply
RE:[Request] Omada - VLAN tagging of Native Network - Ignore untagged packets
2023-01-23 22:36:31
Improved traffic control AND improved security.
#2
Options
RE:[Request] Omada - VLAN tagging of Native Network - Ignore untagged packets
2023-02-13 05:54:29
If you're using managment vlan particularly there's no need for anything to respond on the pvid
#3
Options
RE:[Request] Omada - VLAN tagging of Native Network - Ignore untagged packets
2023-08-03 06:38:38
please add this
#4
Options
Re:[Request] Omada - VLAN tagging of Native Network - Ignore untagged packets
2023-08-03 06:39:34

I don't know why does this only have 4 votes.

 

 

Please consider adding this feature! Don't just assume we want native vlan to be untagged and enforce that. Let us pick if we want native vlan to be untagged or not.

#5
Options
RE:[Request] Omada - VLAN tagging of Native Network - Ignore untagged packets
2023-08-24 21:48:03
For a trunk port there is no need to have a native VLAN. Please implement the ability to set up a profile with all VLANs tagged. All your competition has this feature (including Omada switches in standalone mode). Thank you!
#6
Options
Re:[Request] Omada - VLAN tagging of Native Network - Ignore untagged packets
2023-09-03 22:02:51 - last edited 2023-09-03 22:06:58

Yes, I was disappointed not to see this also. I have a number of trunk ports where I would only like to pass tagged VLAN Traffic, and ignore untagged traffic. I have been doing this on my non-Omada TP-Link managed switches, and now I have started to replace some of them with Omada switches the lack of this feature is cause me some trouble!

 

For now, I have created a 'defunct' VLAN 4090 which I do not use, and have made that the 'Native' network for my trunk profile - this allows me to set that VLAN as untagged on the port, and delete the LAN setting 

#7
Options
RE:[Request] Omada - VLAN tagging of Native Network - Ignore untagged packets
2023-10-31 15:32:41
Also it's a security issue if I always have to choose a VLAN as native which is not beeing used in the tagged list. Even if I don't need it at this port.
#8
Options
Re:[Request] Omada - VLAN tagging of Native Network - Ignore untagged packets
2023-12-21 16:13:04

Bumping this up again.

 

This just keeps coming up. What is the problem with support a feature that is already supported in standalone mode ? I do not want silly vlan 1/untagged traffic. I have a management vlan, I want the switch to be in that vlan and I have downstream devices from that switch that also need to be in the management vlan.

 

is it so difficult to understand why people may need this ?

#9
Options
RE:[Request] Omada - VLAN tagging of Native Network - Ignore untagged packets
2024-01-01 09:12:19
This is a hard requirement to be able to migrate to Omada. At this moment it is not possible to recreate the same setting as we had without the controller.
#10
Options
RE:[Request] Omada - VLAN tagging of Native Network - Ignore untagged packets
2024-02-29 15:13:25
Would be a massive benefit
#11
Options