Implemented [Request] Omada - VLAN tagging of Native Network - Ignore untagged packets
Implemented [Request] Omada - VLAN tagging of Native Network - Ignore untagged packets
Add to Omada control the ability to tag the native VLAN.
Add to Omada the option to ignore untagged packets received on a port or unselect native network from the untagged setting.
This is a feature currently available in Jetstream switches when managed in standalone mode, but unavailable in Omada management.
These options in Omada will reduce untagged PVID misconfiguration while trunking VLANs between switches or out to APs. It will also allow Omada APs to have all WLANs tagged, while having different PVIDs from the switches.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @JoeSea and others,
JoeSea wrote
Add to Omada control the ability to tag the native VLAN.
Add to Omada the option to ignore untagged packets received on a port or unselect native network from the untagged setting.
Regarding the native VLAN, it is forced to do this as it is an industry standard. We have no intention to change this. Native VLAN has been explained on the page and it is unequivocally untagged.
About the ignore untagged packets on the port which may cause security concerns, you can still use the CLI template to enable it Acceptable Frame Types. We will consider optimizing this in future firmware updates.
- Copy Link
- Report Inappropriate Content
For anyone wondering, i got this working perfectly with the below CLI template applied to core switch
Now i have multiple uplink ports to my gateway without any faff!
Step 1
- Uplug all links to gateway except a port carrying management vlan ONLY
Step 2
- create and apply switch profiles to the ports you want as uplinks to your gateway
Port 39 is VLAN 1 (management) uplink, set as VLAN 1 native/untagged only using a normal switch profile
Port 41 are tagged only uplink for VLANs 6-7, with an initial switch profile of 1 native, 6,7 tagged, set in GUI
Port 43 are tagged only uplink for VLANs 10-11 with an initial switch profile of 1 native, 10,11 tagged, set in GUI
Port 45 are tagged only uplink for VLANs 100-1000 with an initial switch profile of 1 native, 100,1000 tagged, set in GUI
Port 47 are tagged only uplink for VLANs 1010-1020 with an initial switch profile of 1 native, 1010,1011,1020 tagged, set in GUI
After the switch profiles were applied, i added and activated the following CLI template on my core switch.
Step 3
- CLI Template
The below template removes VLAN 1 (my management vlan which is untagged and native on the gateway ports) for all the uplink ports I want to carry tagged vlans only, and sets them as tagged only ports on the switch.
*****CLI TEMPLEATE*****
#
interface gigabitEthernet 1/0/41
no switchport general allowed vlan 1
switchport acceptable frame all
switchport check ingress
#
interface gigabitEthernet 1/0/43
no switchport general allowed vlan 1
switchport acceptable frame tagged
switchport check ingress
#
interface gigabitEthernet 1/0/45
no switchport general allowed vlan 1
switchport acceptable frame tagged
switchport check ingress
#
interface gigabitEthernet 1/0/47
no switchport general allowed vlan 1
switchport acceptable frame tagged
switchport check ingress
***** END TEMPLATE *****
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
I don't know why does this only have 4 votes.
Please consider adding this feature! Don't just assume we want native vlan to be untagged and enforce that. Let us pick if we want native vlan to be untagged or not.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Yes, I was disappointed not to see this also. I have a number of trunk ports where I would only like to pass tagged VLAN Traffic, and ignore untagged traffic. I have been doing this on my non-Omada TP-Link managed switches, and now I have started to replace some of them with Omada switches the lack of this feature is cause me some trouble!
For now, I have created a 'defunct' VLAN 4090 which I do not use, and have made that the 'Native' network for my trunk profile - this allows me to set that VLAN as untagged on the port, and delete the LAN setting
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Bumping this up again.
This just keeps coming up. What is the problem with support a feature that is already supported in standalone mode ? I do not want silly vlan 1/untagged traffic. I have a management vlan, I want the switch to be in that vlan and I have downstream devices from that switch that also need to be in the management vlan.
is it so difficult to understand why people may need this ?
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Information
Helpful: 21
Views: 3252
Replies: 17