Why can't I select a VLAN as native and tagged at the same time?
Hello,
I'm sadly facing more and more issues with the TP-Link Hardware.
At the moment I'm trying to configure a port, but it seems not to be possible.
I would like to set a native network and also have the same as tagged VLAN on the port.
I's something I configure very often for port where a management PC is use:
- You can connect PC without special configuration and will be in the LAN network for example
- but you can also connect a PC with VLAN tagging and also use the LAN as tagged and in addition for example the management VLAN.
Also it's a security issue if I always have to choose a VLAN as native which is not beeing used in the tagged list. Even if I don't need it at this port.
But it seems that this is not possible.
Is this an error? Please correct or change here!
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
For EAP ports for example:
If I would like to have 3 SSIDs, I would put 3 VLANs on this port. Should be enough. Why do I need to configure a 4th one as native?
Native is simply the trunking vlan.. in your case vlan 10 (Heimnetz), the traffic needs to be on this vlan to allow the trunking of the packets from AP to Switch to Router etc. You have to have a trunking vlan, and since its a trunk its untagged, therefore you cant set a tag on it.
So when you plug in your AP and configure the SSIDs Kinder, IoT and Gastnetz set their vlan tags accordingly.. These tags will be ignored when the packet hits the switchport (trunk). Basically what you are saying is on the Heimnetz 10 trunking vlan, accept traffic from 20, 30 and 50. it will obviously already accept its own vlan 10 traffic so you dont need to "tag it"
Or for a management PC:
3 VLAN on the port (e.g. management, LAN, Camera) and LAN as native.
I can configure my PC to use TAGs and enter all VLANs, or I connect without tagging and I'm ending up in the default LAN.
Yeah totally.. as its native its trunk, therefore if you dont tag it will be Heimnetz, otherwise its what you tag it as (provided you have permitted it).
What will happen if I configure a native VLAN (e.g. 10) and then sending a tagged (10) frame to this port?
Never tried it to be honest and why would you? Adding tags adds overhead, why would you want to tag traffic for a network its already on? It seems pointless and just adds latency.
Hypothetically, if a packet arrived at the port tagged for 10, i cant see why it wouldnt work however as its on the allowed list.
Its just occurred to me that you may be wanting to use Heimnetz as a client VLAN to handle clients? Am i correct? If so rename Heimnetz to Trunking or LAN and create a new vlan for Heimnetz say id 60..
The only thing on your "trunking vlan" should be your network hardware, not clients.
- Copy Link
- Report Inappropriate Content
What I don't really get is the trunking thing you are mentioning. Is it needed because of the SDN service? A separate non tagged VLAN over all ports?
A trunk for me is a link between two network devices with multiple VLANs on it.
All switches have a trunk by default and its usually VLAN1 and yes its used to link different network devices together as you say. In TP Link world this is called LAN and its also vlan1 if i remember right, but you have remove or renamed that to Heimnetz and basically made that your trunk on VLAN10. The id is irrelevent really, native is just the term for trunking.
When you apply a VLAN to a port the ONLY traffic that can go down that port is that specific VLAN, unless its a trunk port. As mentioned by default this is called LAN
If you look at the screenie below this is my port profile for the switchports connected to my APs. I have 3x vlans (iot guest and home) trunked over that port on the native LAN
This is basically what you need to setup. If i changed that native to say IOT vlan, then the AP itself couldnt talk to the switch as they are both on the LAN, it would lock out the port.
Yes SDN based networks are different from traditional vlans and switching,
- Copy Link
- Report Inappropriate Content
Why would you want to set the same tag as native?
Native is just the network that it trunks over, therefore you dont need to tag it as its already on that network. You would literally be tagging traffic with the network tag for the network it is already on, it would accomplish nothing.
Other vendors do this also, its not specifically a TP Link thing..
- Copy Link
- Report Inappropriate Content
For EAP ports for example:
If I would like to have 3 SSIDs, I would put 3 VLANs on this port. Should be enough. Why do I need to configure a 4th one as native?
Or for a management PC:
3 VLAN on the port (e.g. management, LAN, Camera) and LAN as native.
I can configure my PC to use TAGs and enter all VLANs, or I connect without tagging and I'm ending up in the default LAN.
What will happen if I configure a native VLAN (e.g. 10) and then sending a tagged (10) frame to this port?
- Copy Link
- Report Inappropriate Content
For EAP ports for example:
If I would like to have 3 SSIDs, I would put 3 VLANs on this port. Should be enough. Why do I need to configure a 4th one as native?
Native is simply the trunking vlan.. in your case vlan 10 (Heimnetz), the traffic needs to be on this vlan to allow the trunking of the packets from AP to Switch to Router etc. You have to have a trunking vlan, and since its a trunk its untagged, therefore you cant set a tag on it.
So when you plug in your AP and configure the SSIDs Kinder, IoT and Gastnetz set their vlan tags accordingly.. These tags will be ignored when the packet hits the switchport (trunk). Basically what you are saying is on the Heimnetz 10 trunking vlan, accept traffic from 20, 30 and 50. it will obviously already accept its own vlan 10 traffic so you dont need to "tag it"
Or for a management PC:
3 VLAN on the port (e.g. management, LAN, Camera) and LAN as native.
I can configure my PC to use TAGs and enter all VLANs, or I connect without tagging and I'm ending up in the default LAN.
Yeah totally.. as its native its trunk, therefore if you dont tag it will be Heimnetz, otherwise its what you tag it as (provided you have permitted it).
What will happen if I configure a native VLAN (e.g. 10) and then sending a tagged (10) frame to this port?
Never tried it to be honest and why would you? Adding tags adds overhead, why would you want to tag traffic for a network its already on? It seems pointless and just adds latency.
Hypothetically, if a packet arrived at the port tagged for 10, i cant see why it wouldnt work however as its on the allowed list.
Its just occurred to me that you may be wanting to use Heimnetz as a client VLAN to handle clients? Am i correct? If so rename Heimnetz to Trunking or LAN and create a new vlan for Heimnetz say id 60..
The only thing on your "trunking vlan" should be your network hardware, not clients.
- Copy Link
- Report Inappropriate Content
Philbert wrote
Its just occurred to me that you may be wanting to use Heimnetz as a client VLAN to handle clients? Am i correct? If so rename Heimnetz to Trunking or LAN and create a new vlan for Heimnetz say id 60..
The only thing on your "trunking vlan" should be your network hardware, not clients.
Yes, that's what it is.
And slowly I begin to understand the logic here. The naming seems to be different between suppliers, which doesn't makes it easier.
What I don't really get is the trunking thing you are mentioning. Is it needed because of the SDN service? A separate non tagged VLAN over all ports?
A trunk for me is a link between two network devices with multiple VLANs on it.
- Copy Link
- Report Inappropriate Content
What I don't really get is the trunking thing you are mentioning. Is it needed because of the SDN service? A separate non tagged VLAN over all ports?
A trunk for me is a link between two network devices with multiple VLANs on it.
All switches have a trunk by default and its usually VLAN1 and yes its used to link different network devices together as you say. In TP Link world this is called LAN and its also vlan1 if i remember right, but you have remove or renamed that to Heimnetz and basically made that your trunk on VLAN10. The id is irrelevent really, native is just the term for trunking.
When you apply a VLAN to a port the ONLY traffic that can go down that port is that specific VLAN, unless its a trunk port. As mentioned by default this is called LAN
If you look at the screenie below this is my port profile for the switchports connected to my APs. I have 3x vlans (iot guest and home) trunked over that port on the native LAN
This is basically what you need to setup. If i changed that native to say IOT vlan, then the AP itself couldnt talk to the switch as they are both on the LAN, it would lock out the port.
Yes SDN based networks are different from traditional vlans and switching,
- Copy Link
- Report Inappropriate Content
Thank you for your help.
I made it running successfully and also changed the management VLAN to a separate VLAN like in the description.
One additional question:
Do I still need VLAN 1 for the devices, even if I changed everything to a separate management VLAN?
Thank you.
BW
Sebastian
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1024
Replies: 6
Voters 0
No one has voted for it yet.