need help with vlan on managed switches

[Town Tech]

Anyone know anything about how to setup vlan or vlan forwarding on managed switches?
Its a TEG-082WS smart switch, https://www.newegg.com/trendnet-teg-082ws-8-x-rj45-2-x-sfp/p/N82E16833156486

 

[mattsnoddy]

Never worked with that model, but there's a user guide online:

8-Port Gigabit Web Smart Switch – Managed Switch | TRENDnet - TRENDnet TEG-082WS

www.trendnet.com

 

[YeOldeStonecat]

Pretty well versed in VLANs...yes. What's the network setup you need to do? Most switches treat it the same. In quick summary, for vlans, your ports are either tagged, untagged, or excluded.

 

[Town Tech]

Switches are connected by fiber and I am not using ethernet ports except for the poe wifi access point. Vlans work fine with an unmanaged switch, but once I plug in the managed switch, doesn't work.

 

[mattsnoddy]

Sounds like you need to set your uplink ports to Tagged.

Per the manual:

Tagged/Untagged/Not Member VLAN Ports On a port, the tag information within a frame is examined when it is received to determine if the frame is qualified as a member of a specific tagged VLAN. If it is, it is eligible to be switched to other member ports of the same VLAN. If it is determined that the frame’s tag does not conform to the tagged VLAN, the frame is discarded. Since these VLAN ports are VLAN aware and able to read VLAN VID tagged information on a frame and forward to the appropriate VLAN, typically tagged VLAN ports are used for uplink and downlink to other switches to carry and forward traffic for multiple VLANs across multiple switches. Tagged VLAN ports can be included as members for multiple VLANs. Computers and other edge devices are not typically connected to tagged VLAN ports unless the network interface on these device can be enabled to be VLAN aware. Select the tagged VLAN ports to add to the new VLAN.

 

[YeOldeStonecat]

Oddly enough, sometimes vlans will pass through unmanaged switches unmolested...as long as they don't have to "exit" a specific port on that switch. If they're just all passing through, on most unmanaged switches they'll pass through as if all tagged. Notice I said "most" unmanaged switches, but you should never rely on that...any VLANs involved...insist on all switches being "managed".

The managed switch...you'll have to go manage those ports.
For example...here's a quick setup of what I did yesterday for a new setup at a small office.

I created 2x VLANs...so there are 3x VLANs total, as the default vlan is always on all ports by default.
Default VLAN...Production network/office computers
I created:
VLAN2...for the VoIP system (allworx PBX on-prem)
VLAN6...for guest wifi.

24 port switch.
Port 1 uplinked to the gateway/firewall....so all 3x vlans are untagged on that port...meaning they are members of that port.
Ports 2-22...will have either/or-both/computers that VoIP phones plugged in. I call it "Converged Data and Voice". So default VLAN, as well as VLAN2, are members here..VLAN2 is also tagged.
Port 23 went to the access point. So I have default VLAN as a member, as well as tagging VLAN6..so it's a member.
Port 24 is offloaded to the AllworxPBX box. Nothing but VoIP traffic will go there...so I UN-tag VLAN2 here....and EXCLUDE default data VLAN, as well as VLAN6...they have no business going here.

Tagged means...the VLANs tagged for that port will pass through that port to keep looking for more ports on the other side that are tagged for it.
UN-tagged..means ...the traffic for that VLAN will exit via that port...stripping its tagging. Usually used for traffic to exit the switches to its final destination.
Excluded means...stop, turn around, you're not welcome to go to this port.

 

[Sky-Knight]

Throw it away, and get a Unifi stack. Seriously... you'll save all the cost in labor alone in the first year.

I used to use TrendNET everything, and the way they handle VLAN is backwards of everything else that isn't China junk.

Uplink ports are set to "trunc". Those ports get all packets for all VLANs they're in.

untagged vlan member ports accept untagged traffic off the interface into the VLAN.
tagged vlan member ports accept tagged traffic.
trunc ports in a single VLAN emit tagged packets for that VLAN.

It's such a bloody mess. Knock yourself out, but as far as I'm concerned life is too short to mess with this crap when we have Unifi, Aruba, Omada devices that do all this for you.

@YeOldeStonecat Beware, TrendNET uses shared firmware on their devices, which is to say the unmanaged switches have the same firmware as the managed ones... they simply lack the manage interface. So they will NEVER FORWARD tagged packets. Because they aren't configured to do so. TrendNET's answer is to buy a managed switch.

 

[YeOldeStonecat]

@YeOldeStonecat Beware, TrendNET uses shared firmware on their devices,

Interesting point. I "only" support switches/etc that we install. If we take on a client, part of the onboarding is..quoting and installing our equipment. If they have stuff we are familiar with and will tolerate....it can stay there for a little bit. DStink, Nutgear, Stinksys, TPStink, TrendlessNet....are not on the supported list, they're on the "to the circular file pronto" list.

 

[Sky-Knight]

@YeOldeStonecat Yep... I tried to do the all supporting thing... and all that goes out the window when VLANs enter the fray.

That's when I quote a Unifi stack.

I don't have enough lifespan left to argue with stupid VLANs manually anymore. Hit Unifi Admin and configure port profiles and DONE.