Better understanding of VLANs?

I've been trying to wrap my head around 802.1q VLANs for a bit now, and I"m stuck on a problem in my understanding of VLANs I'm sure.

My network starts at the modem coming into an OpenWRT router (23.05 rc2) that has 4 VLANs setup.

I have finally figured out, than in reality even the default LAN is really just a VLAN that's defaulted to subnet 192.168.1.x. So, I setup

VLAN 10 - LAN
VLAN 20 - Media
VLAN 30 - Work
VLAN 40 - Geusts

I have all of this working, and even passing traffic through my network to 3 wireless APs where they set those VLANs to various wireless networks.

My issue is as follows.

The router goes to an unmanaged switch that then splits traffic out throughout my home.

One cable goes from that switch to a wall plate port, to a second unmanaged switch in my attic. The 2nd switch feeds POE power to my security cameras, as well as POE power to my office AP. Sending the Tagged traffic through both unmanaged switches to the office AP is working fine. I get all networks on the wifi output, as well as wired ether net from one of the ports on the AP with untagged traffic on VLAN 10.

The issue is my POE cameras. They are not getting any IPs because they don't know how to read the tagged traffic. I have tried to setup a managed switch (not OpenWRT capable) with 802.1q VLANs, and using a testing router setup the same as my main router, I get the untagged traffic on each VLAN as expected.

TestRouter -> managed switch -> computer (move ports on managed switch and computer gets IPs from the various VLANs as expected).

I'm trying to setup port 1 as my trunk on the managed switch, with port 2 also having tagged traffic on 3 VLANs and untagged on 1 VLAN.

VLAN 10 - U
VLAN 20 - T
VLAN 30 - T
VLAN 40 - T

My hope was the untagged VLAN 10 would assign IPs to the cameras, and also feed forward the tagged VLANs and untagged VLAN 10 to my AP. There is obviously a flaw in my plan, as when I connect the managed switch into my main network, I get no IP on one of the machines in my office.

MainRouter -> unmanagedSwitch -> Wall port (keystone) -> unmanagedSwitch2 -> Poe AP -> computer All good!

MainRouter -> unmanagedSwitch -> ManagedSwitch -> Wall port (keystone) -> unmanagedSwitch2 -> PoE AP -> computer No Good.

After all that my question is:
Can I send untagged and tagged VLAN traffic through a single port like this, of do I simply need another unmanaged switch in the mix to get the traffic to both the cameras and my office AP?

Quite the contrary. The behavior of unmanaged switches with tagged VLAN traffic is undefined. While some switches might work fine, other will simply not work. I strongly recommend that you use only untagged traffic on your unmanaged switches (and your PoE cameras). Do not mix tagged and untagged traffic, although it could work. This might imply replacing some unmanaged switches by managed ones.

Be aware that there are really cheap "smart" managed switches (like the TP-Link TL-SG108E) which can also cause a lot of pain. One level up (like the Netgear GS308T that can even run OpenWrt) you will find plenty of decent "simple" managed switches.

4 Likes

Ok, that helps. I do want to move to more openwrt (everything ideally int he end) swithces, just trying to work with the equipment I have for now. I appreciate the insight.

The thing I've had a hard time with is finding a POE smart switch that will run openwrt. So if you have any suggestions on that, it's appreciated. I don't see anything showing the 308T being PoE capable.

GS1900-8HP e.g.

Nope, it's not. The GS108Tv3 can be PoE-powered, but it does not provide PoE. There are some of various sizes, personally I use or have used:

  • ZyXEL GS1900-24HPv2 (24 Port PoE)
  • D-Link DGS-1210-28MP (24 Port PoE)
  • ZyXEL GS1900-8HP (8 Port PoE)
  • ZyXEL GS1900-10HP (8 Port PoE)
  • TP-Link T1600G-52PS (48 Port PoE)
2 Likes

Awesome! Thank you! and thank you @Borromini

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.