How can untagged traffic end up on a VLAN?
-
If what I understand about VLANs is correct, if described simply, there are just adding a tag to a packet. Why then, if I set a port to be untagged traffic on my switch, and send it to pfSense over a trunk, will it be accepted in the default VLAN from that switch? Why does pfSense know that untagged traffic will be on VLAN 1, or whatever VLAN is the default was on the switch? Shouldn't the traffic not be accepted on any VLAN because its untagged?
For example, I have a tp-link switch which I have set two ports to be access ports (UNTAGGED) and on the default VLAN. When I set the interface they are being accepted on in pfSense to igb1, I won't get traffic from those two switch ports. If I set them to VLAN 1 on igb1, I will get traffic from those two ports. Shouldn't they be accepted on igb1?
Maybe I am misunderstanding how a default VLAN works, is traffic on the default VLAN untagged? If so why does a VLAN accepted it at all on pfSense?
-
-
I have a tp-link switch
That's the problem right there. TP-Link doesn't understand VLANs and, as a result, sells equipment that doesn't handle VLANs properly. If you want to run VLANs, stay away from TP-Link. I have a TP-Link access point and have a similar problem, where native LAN traffic is winding up on the VLAN.
Once again, for VLANs, stay away from TP-Link.
-
Which can be extrapolated to stay away from tp link as a brand entirely since pretty much all networking gear of any substance whatsoever must understand dot1q.
Just get a d-link. Same price point and it generally works.
-
I have a tp-link switch
That's the problem right there. TP-Link doesn't understand VLANs and, as a result, sells equipment that doesn't handle VLANs properly. If you want to run VLANs, stay away from TP-Link. I have a TP-Link access point and have a similar problem, where native LAN traffic is winding up on the VLAN.
Once again, for VLANs, stay away from TP-Link.
That links to a smart switch, mine is a managed TL-SG3424, do you think the same stands for it?
-
I have a tp-link switch
That's the problem right there. TP-Link doesn't understand VLANs and, as a result, sells equipment that doesn't handle VLANs properly. If you want to run VLANs, stay away from TP-Link. I have a TP-Link access point and have a similar problem, where native LAN traffic is winding up on the VLAN.
Once again, for VLANs, stay away from TP-Link.
That links to a smart switch, mine is a managed TL-SG3424, do you think the same stands for it?
I don't know, but given TP-Link's track record, I wouldn't be surprised.
-
Yeah for the longest time they were saying it was designed that way without the ability to remove vlan 1 on purpose and that there was nothing wrong with it.. They just recently posted that it would be corrected and that there should be a new beta software to fix the problem in next week or so.
Taking that they clearly do not seem to understand how vlans are suppose to function, until their recent post. Which we still have not seen the fixed firmware. I am with jknott here, I wouldn't assume any of their other switches got it right either ;) All I can tell you is that the cheaper tp-link 105e and 108e switches do not correctly isolate vlans since every port has vlan 1 which can not be removed.
You would have to do some testing on their higher end models to validate that they do not bleed vlan traffic. Or just get a switch you know gets it right, etc.
-
I wouldn't assume any of their other switches got it right either
Nor their access points. As mentioned in other threads, I have a WA901N AP, which has the same problem. Even though their 2nd level support recongnized the problem a few years ago, there has been no fix so far. I may replace the software with DD-WRT. I expect that will work better.
-
I have several TL-SG3210 (trying to be a cheaper SG300-10 derivate) and 1x TL-SG5428 as well as 1x TL-SG5412F.
Those are fully managed L2 "JetStream" switches and do not exhibit the behaviour of the entry-level smart switches. This is at home only. Since we use Cisco in the office and at client's site's extensively I probably would buy those for my home now as well.