VLAN trunking between GS1910-24 switches for a guest network...

SnakeByte
SnakeByte Posts: 2  Freshman Member
First Comment
edited August 2022 in Switch
This should be a relatively easy setup, but my attempts at getting this to work have failed.

I've got three GS1910-24 switches (v2 firmware).   What I'm attempting to do is create a guest VLAN network across the switches using VLAN ID 20.

[SwitchA - Port 3]<------->[ Port 24 - SwitchB - Port ??]<-------->[ Port ?? - SwitchC]

(Switch C isn't part of this now, but might be in the future)

One of the switches (A) will have computers connected that will not be VLAN aware. I believe that means I can keep the default "Ingress Acceptance" of "Tagged and Untagged".  It's not clear to me if I need to alter the default setting for Egress Tagging -- some of the documentation I've read suggests that these switches manage this automatically.  "Allowed VLANs" for these ports were set to "20":
Switch A, Port 22: Port VLAN=20, Ingress Filtering=On, Ingress Acceptance=Tagged and Untagged, Egress Tagging=Untag Port VLAN, AllowedVLANs=20

The ports that link the switches have "Allowed VLANs" set to "1,20", and all other settings set to default:
Switch A, Port 3: Port VLAN=1, Ingress Filtering=On, Ingress Acceptance=Tagged and Untagged, Egress Tagging=Untag Port VLAN, Allowed VLANS=1,20
Switch B, Port 24: Port VLAN=1, Ingress Filtering=On, Ingress Acceptance=Tagged and Untagged, Egress Tagging=Untag Port VLAN, Allowed VLANS=1,20

On the other switch (B), I've got my gateway device on port 20.  That gateway interface can be configured to tag VLAN if I want, or I could attempt to set it up similar to the computers on switch A and have the switch manage that, but trying either didn't work.  This is the current setting:
Switch B, Port 20: Port VLAN=20, IngressFiltering=On, Ingress Acceptance=Tagged and Untagged, Egress Tagging=Untag Port VLAN, Allowed VLANS=20

No matter what combination I've tried, I cannot get any traffic to pass between the switches.  I'm using tcpdump on the gateway and test computer.  Either can see their own broadcast traffic plus their own switches STP and LLDP broadcast traffic.

What am I doing wrong?

All Replies

  • SnakeByte
    SnakeByte Posts: 2  Freshman Member
    First Comment
    SnakeByte said:
    No matter what combination I've tried, I cannot get any traffic to pass between the switches.  
    * For VLAN ID 20 traffic, VLAN ID 1 traffic passes across the switches without issue,.
  • Sakura_T
    Sakura_T Posts: 101  Ally Member
    5 Answers First Comment Friend Collector Second Anniversary
    How about change the egress tagging to always tag for the trunk ports? in my opinion there's no need to use untagged traffic between switches.

    Btw, you can examine the MAC table on switches to check the VLAN of MAC entries.
  • TiggerLAS
    TiggerLAS Posts: 64  Ally Member
    First Answer First Comment Third Anniversary

    I typically don't mess with ingress / egress settings.

    I also tend to set my general-purpose ports with
    a PVID that matches my primary VLAN, and then
    set those ports for untagged access to that VLAN,
    with all other VLANS set to "Forbidden".

    That way, anything that is plugged into them,
    whether it is VLAN-aware or not, will get dumped
    onto my primary VLAN.

    Then, I set my more "tailored" ports up afterwards.


    I'll use my office setup as an example, paring it down a bit for clarity -

    We have multiple VLANs on our network, and a few managed switches.

    VLAN10      Printers, dedicated PCs, other in-house network gear
    VLAN20      IP phones with built-in ethernet port to support PCs
    VLAN30      Public / Guest internet access


    Port settings for printers and dedicated PCs -
           Untagged access to VLAN10
           All other VLANs set to "Forbidden" for these ports
           PVID 10

           This essentially defines it as an "access port".
           Only VLAN10 is allowed on that port, and anything plugged into it
           that isn't VLAN-aware will assumed to be (tagged as) VLAN10 traffic.


    Port settings for IP phones (with attached PCs) can be done two different ways -
           VLAN10 set to UNTAGGED
           PVID 10
           VLAN20 set to TAGGED
           All other VLANs set to "Fobidden" for these ports

           - or -

           VLAN10 set to UNTAGGED
           PVID 10
           VLAN20 set to "EXCLUDED"
           All other VLANs set to "Fobidden" for these ports
           Auto-voice VLAN configured for these ports.

           These are essentially "General" ports, which can have one or more
           VLANs assigned to them either manually or dynamically.

           Either of these will allow every-day PC/Printer access on these ports,
           but, if there is an IP phone present, it can communicate on VLAN20.


    Ports that are used to link one or more VLAN-aware switches,
    ports that are used for wireless access points that support multiple SSID's,
    and ports that are connected to your router are all set up essentially the same -

           VLAN10 set to UNTAGGED
           PVID 10
           All other VLANS set to TAGGED

           These are generally referred to as "Trunk" ports.

           Note that if you are connecting two switches together, then you must configure
           the inter-link port(s) that you are using on each switch exactly the same.
           If they are set differently, then you'll probably start running into trouble.


    Let me know if you need clarification on anything,
    or if I made any glaring mistakes in my explanation.   ;-)


  • TiggerLAS
    TiggerLAS Posts: 64  Ally Member
    First Answer First Comment Third Anniversary
    edited October 2020
    I typically don't mess with ingress / egress settings.

    I usually set up the majority of my ports as "access" ports.
    i.e., each port is set to VLAN10, PVID10, Untagged,
    with all other VLANS set to forbidden.

    Then, I go back in, and tailor other ports for my specific needs.

    I'll use my office setup as an example, paring it down a bit for clarity -

    We have multiple VLANs on our network, and a few managed switches.

    VLAN10      PC's and printers
    VLAN20      IP phones with attached PCs
    VLAN30      Public internet access


    Port settings for printers and dedicated PCs -
           Untagged access to VLAN10
           All other VLANs set to "Forbidden" for these ports
           PVID 10

           That essentially defines it as an "access port".
           Only VLAN10 is allowed on that port, and anything plugged into it
           that isn't VLAN-aware will move as tagged VLAN10 traffic.


    Port settings for IP phones can be done two different ways -
           VLAN10 set to UNTAGGED
           PVID 10
           VLAN20 set to TAGGED
           All other VLANs set to "Fobidden" for these ports

           - or -

           VLAN10 set to UNTAGGED
           PVID 10
           VLAN20 set to "EXCLUDED"
           All other VLANs set to "Fobidden" for these ports
           Auto-voice VLAN configured for these ports.

           These are essentially "General" ports, which can have one or more
           VLANs assigned to them either manually or automatically.

           Either of these will allow every-day PC/Printer access on these ports,
           but, if there is an IP phone present, it can communicate on VLAN20.


    Linking two switches together,
    or, connecting an access point that supports multiple SSID's / VLANs,
    or, connecting the switch to your router -

           VLAN10 set to UNTAGGED
           PVID 10
           VLAN20 set to TAGGED
           VLAN30 set to TAGGED

           This is generally referred to as a "trunk" port.

           When connecting two switches, the port(s) that you
           are using to connect the switches together MUST be set identically.
           Otherwise, you may start running into trouble.


    Let me know if I can clarify anything further,
    or if you noticed any glaring mistakes.  ;-)