Business Community > Switches > Possible UI Bug: Multiple Untagged Networks Selectable in Omada SDN Controller
< Switches

Possible UI Bug: Multiple Untagged Networks Selectable in Omada SDN Controller

Possible UI Bug: Multiple Untagged Networks Selectable in Omada SDN Controller

Possible UI Bug: Multiple Untagged Networks Selectable in Omada SDN Controller
Possible UI Bug: Multiple Untagged Networks Selectable in Omada SDN Controller
3 weeks ago

I have noticed a possible issue in the Omada SDN Controller Web UI regarding VLAN configuration on switch ports. When setting up a port profile, the native (untagged) network is always preselected (grayed out and cannot be changed), which is expected behavior. However, the UI allows selecting additional VLANs in the Untagged Network section, even though technically, a port can only have one untagged VLAN at a time.

From a VLAN perspective:

  • The native (untagged) VLAN is automatically assigned to all untagged traffic on that port.
  • Additional tagged VLANs should be selectable for trunking, but multiple untagged VLANs on a single port should not be possible.
  • If multiple VLANs are selected under “Untagged Network,” it appears to make no actual difference in functionality, as only the primary untagged VLAN is applied.

Issue Summary:

  • The UI allows selecting multiple VLANs under "Untagged Network," even though this should not be possible.
  • The switch behavior suggests that only the first untagged VLAN is applied, making the additional selections redundant.
  • This may confuse users into thinking they can assign multiple untagged VLANs to a single port, which is not valid according to VLAN standards.

Expected Behavior:

  • The UI should only allow selecting one VLAN under "Untagged Network."
  • If the system needs to allow multiple VLANs for some specific reason, an explanation tooltip should clarify what the setting actually does.
  • If selecting multiple VLANs has no functional impact, this should be fixed or removed from the UI to prevent misconfigurations.

Question for the Community:

  • Has anyone else noticed this behavior?
  • Are we misunderstanding how this setting is supposed to work, or is this an actual UI bug?
  • If this is unintended behavior, would TP-Link consider updating the UI to prevent misleading configurations?

Looking forward to feedback from others!

 

 

  0      
 
  0      
 
#1
Options
4 Reply
Re:Possible UI Bug: Multiple Untagged Networks Selectable in Omada SDN Controller
3 weeks ago

Hi @mwfis,

 

I've noticed that you can assign mutiple untagged vlans on ports, but it seems like this is the norm.  The controller lets you do it, last time I used the TP-Link web UI I could do it and other manufacturer's products I've used also let me do it.  I beleive the native network (PVID) must be one of the untagged vlans on the port, but that's the only validation I recall.  There seems to be some uncommon use cases for having multiple untagged vlans on the same port so I doubt a validation to limiting a port to a single untagged vlan will happen.

  1  
  1  
#2
Options
Re:Possible UI Bug: Multiple Untagged Networks Selectable in Omada SDN Controller
3 weeks ago

Hi @mwfis 

Thanks for posting in our business forum.

Of course, you can have multiple tag/untag on a port. But you only have one PVID which speaks for the untagged VLAN.

 
 
It is a matter of understanding the egress and ingress.
Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#3
Options
Re:Possible UI Bug: Multiple Untagged Networks Selectable in Omada SDN Controller
3 weeks ago - last edited 3 weeks ago

We've been discussing the way Omada switches handle VLAN assignments on ports, especially with Layer 3 functionality enabled. Our assumption was that:

  1. If we assign multiple VLANs (as untagged) to a port, devices connected to that port might be able to communicate across VLANs without external firewall rules affecting the traffic.
  2. If the VLAN interfaces are enabled on the switch, it might route traffic internally between those VLANs (instead of sending it to a firewall or router).
  3. This could create a "port-based zone jump", where VLANs assigned to a single port can communicate independently of any firewall rules that normally govern inter-VLAN traffic.

Our Questions:

  • Is this assumption correct, or are we misunderstanding how VLAN interfaces and inter-VLAN routing function on Omada switches?
  • If VLAN interfaces are enabled, does the switch handle inter-VLAN routing automatically, or is explicit routing required?
  • Can selecting multiple untagged VLANs on a port actually allow VLANs to talk to each other without routing?
  • Should VLAN interfaces be disabled on a Layer 3 switch if we want inter-VLAN traffic to be strictly controlled by an external firewall?

We want to ensure that we are configuring this correctly and not allowing VLANs to communicate in ways we didn't intend.

Thanks for your insights!

  0  
  0  
#4
Options
Re:Possible UI Bug: Multiple Untagged Networks Selectable in Omada SDN Controller
3 weeks ago

Hi @mwfis 

Thanks for posting in our business forum.

mwfis wrote

We've been discussing the way Omada switches handle VLAN assignments on ports, especially with Layer 3 functionality enabled. Our assumption was that:

  1. If we assign multiple VLANs (as untagged) to a port, devices connected to that port might be able to communicate across VLANs without external firewall rules affecting the traffic.
  2. If the VLAN interfaces are enabled on the switch, it might route traffic internally between those VLANs (instead of sending it to a firewall or router).
  3. This could create a "port-based zone jump", where VLANs assigned to a single port can communicate independently of any firewall rules that normally govern inter-VLAN traffic.

Our Questions:

  • Is this assumption correct, or are we misunderstanding how VLAN interfaces and inter-VLAN routing function on Omada switches?
  • If VLAN interfaces are enabled, does the switch handle inter-VLAN routing automatically, or is explicit routing required?
  • Can selecting multiple untagged VLANs on a port actually allow VLANs to talk to each other without routing?
  • Should VLAN interfaces be disabled on a Layer 3 switch if we want inter-VLAN traffic to be strictly controlled by an external firewall?

We want to ensure that we are configuring this correctly and not allowing VLANs to communicate in ways we didn't intend.

Thanks for your insights!

Is this AI-generated content?

Looks like generated by GPT by points... Because I use GPT sometimes.

 

To what you have discussed: only when you put it with a PVID. Or it does not work to communicate to the proper VLAN. Back to the ingress and egress of the VLAN.

 

The questions are answered in the KBs I have provided. I think you need to read the docs over and over again to digest it.

How to Configure VLAN on TP-Link Switch

How to Set Up VLAN Interface on the Omada Router

 

Briefly answering them:

2. Yes and no.

3. No. But creating VLAN interfaces allows inter-VLAN comm.

4. You don't have the option to create VLAN interfaces on a layer 3 switch. The VLAN interface is on the router.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#6
Options

Information

Helpful: 0

Views: 145

Replies: 4

Related Articles
IPV6 Possible bug?
766 0
Is this a UI bug or is something wrong?
309 0
Why is possible set more VLANS to one port as Untagged?
3312 0
WireGuard Bug Report: Multiple Subnet Configuration not possible in Standalone Mode
354 0
 CPE710 Web UI bug
148 0
Multiple Wireguard Site-To-Site / Is it possible?
812 0
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.