Implemented [Request] Omada - VLAN tagging of Native Network - Ignore untagged packets
Implemented [Request] Omada - VLAN tagging of Native Network - Ignore untagged packets
Add to Omada control the ability to tag the native VLAN.
Add to Omada the option to ignore untagged packets received on a port or unselect native network from the untagged setting.
This is a feature currently available in Jetstream switches when managed in standalone mode, but unavailable in Omada management.
These options in Omada will reduce untagged PVID misconfiguration while trunking VLANs between switches or out to APs. It will also allow Omada APs to have all WLANs tagged, while having different PVIDs from the switches.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Sounds like this one is hard set to use an Omada controller. I also don't want to leave native VLAN untagged in some cases. Help tip says if receiving untagged frame it inserts the tag and forwards frame to native VLAN. This seems to be the case using a Ubiquiti AP since I cannot tag it without some trouble. Other scenario where I have an ESXi host connected to multiple VLANs, I want to tag the native VLAN also. As a workaround, I've create some VLANs labelled VOID that isn't connecting to anything but would like to remove that altogether.
I am trying out the docker Omada image but probably going to roll this one out and not bother with the controller for now. Any future option to allow some flexibility here?
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Hi @JoeSea and others,
JoeSea wrote
Add to Omada control the ability to tag the native VLAN.
Add to Omada the option to ignore untagged packets received on a port or unselect native network from the untagged setting.
Regarding the native VLAN, it is forced to do this as it is an industry standard. We have no intention to change this. Native VLAN has been explained on the page and it is unequivocally untagged.
About the ignore untagged packets on the port which may cause security concerns, you can still use the CLI template to enable it Acceptable Frame Types. We will consider optimizing this in future firmware updates.
- Copy Link
- Report Inappropriate Content
To configure this, do we just need to add the following commans per ports in the CLI template like this ?
#
interface gigabitEthernet 1/0/41
switchport acceptable frame all
#
interface gigabitEthernet 1/0/43
switchport acceptable frame tagged
#
interface gigabitEthernet 1/0/45
switchport acceptable frame tagged
#
interface gigabitEthernet 1/0/47
switchport acceptable frame tagged
---OR---
Do we have to include all the applicable port parameters like this?
#
interface gigabitEthernet 1/0/41
switchport general allowed vlan 6-7 tagged
switchport acceptable frame all
lldp med-status
loopback-detection config process-mode port-based recovery-mode auto
loopback-detection
#
interface gigabitEthernet 1/0/43
switchport general allowed vlan 10-11 tagged
no switchport general allowed vlan 1
switchport acceptable frame tagged
lldp med-status
loopback-detection config process-mode port-based recovery-mode auto
loopback-detection
#
interface gigabitEthernet 1/0/45
switchport general allowed vlan 100,1000 tagged
no switchport general allowed vlan 1
switchport acceptable frame tagged
lldp med-status
loopback-detection config process-mode port-based recovery-mode auto
loopback-detection
#
interface gigabitEthernet 1/0/47
switchport general allowed vlan 1010-1011 tagged
switchport general allowed vlan 1020 tagged
no switchport general allowed vlan 1
switchport acceptable frame tagged
lldp med-status
loopback-detection config process-mode port-based recovery-mode auto
loopback-detection
- Copy Link
- Report Inappropriate Content
For anyone wondering, i got this working perfectly with the below CLI template applied to core switch
Now i have multiple uplink ports to my gateway without any faff!
Step 1
- Uplug all links to gateway except a port carrying management vlan ONLY
Step 2
- create and apply switch profiles to the ports you want as uplinks to your gateway
Port 39 is VLAN 1 (management) uplink, set as VLAN 1 native/untagged only using a normal switch profile
Port 41 are tagged only uplink for VLANs 6-7, with an initial switch profile of 1 native, 6,7 tagged, set in GUI
Port 43 are tagged only uplink for VLANs 10-11 with an initial switch profile of 1 native, 10,11 tagged, set in GUI
Port 45 are tagged only uplink for VLANs 100-1000 with an initial switch profile of 1 native, 100,1000 tagged, set in GUI
Port 47 are tagged only uplink for VLANs 1010-1020 with an initial switch profile of 1 native, 1010,1011,1020 tagged, set in GUI
After the switch profiles were applied, i added and activated the following CLI template on my core switch.
Step 3
- CLI Template
The below template removes VLAN 1 (my management vlan which is untagged and native on the gateway ports) for all the uplink ports I want to carry tagged vlans only, and sets them as tagged only ports on the switch.
*****CLI TEMPLEATE*****
#
interface gigabitEthernet 1/0/41
no switchport general allowed vlan 1
switchport acceptable frame all
switchport check ingress
#
interface gigabitEthernet 1/0/43
no switchport general allowed vlan 1
switchport acceptable frame tagged
switchport check ingress
#
interface gigabitEthernet 1/0/45
no switchport general allowed vlan 1
switchport acceptable frame tagged
switchport check ingress
#
interface gigabitEthernet 1/0/47
no switchport general allowed vlan 1
switchport acceptable frame tagged
switchport check ingress
***** END TEMPLATE *****
- Copy Link
- Report Inappropriate Content
Information
Helpful: 21
Views: 3175
Replies: 17
Voters 21
