Configuring VLANs on NETGEAR ProSafe switches has never been a very pleasant experience for me. Maybe it’s because I am used to the Cisco way of doing it which, at the end of the day, feels way more intuitive to me even if you have to take some time at the beginning to understand and remember all the CLI commands.
NETGEAR’s GUI, however, is just plain confusing to me, and it took me quite a few tries to get it working. Part of the reason is because I might be stupid, of course, but I also think that NETGEAR’s horrible documentation and “support” should take at least some of the blame.
Also, I really don’t think it’s necessary to have a Basic and an Advanced way of adding VLANs. If you need to configure VLANs, I assume you know what you are doing, so why the hell should there be a Basic option? Just get rid of that crap and leave just one option.
Anyway, rant over, this is a guide on how to configure VLANs on a NETGEAR ProSafe switch. For this tutorial, I have used a ProSafe GS116Ev2 switch, but I assume every other switch in the same line will be very similar if not identical.
Login to the GUI of your switch and navigate to VLAN > 801.1Q > Advanced > VLAN Configuration and click on the Enable button.
After clicking on the button, you will see a confirmation dialog. Click on Ok to confirm the change and begin the VLAN configuration.
Click on VLAN Configuration in the menu on the left to go to the main VLAN screen, which only contains the native VLAN for now.
In the little text field next to VLAN ID, enter the ID of the VLAN you want to create (100 in this example).
Notice that the Add button in the top right corner became available after entering a VLAN ID, so go ahead and click on it to add your VLAN.
Your new VLAN will not appear under the native VLAN.
Click on VLAN Membership in the menu on the left to be taken to a screen where you can see what ports belong to what VLAN. By default, the native VLAN will be shown to you.
As expected, all ports are members of the default VLAN 1. If you click on the dropdown menu at the top, you can choose any other VLAN you have created on this system.
In this tutorial, we are going to add port 16 to VLAN 100. Click on the VLAN ID dropdown menu, select VLAN 100 and make sure your port configuration has port 1 set as a tagged port, and port 16 as an untagged port.
Note: here is the main difference in the naming between NETGEAR and Cisco. Cisco calls port 1 a trunk and port 16 an access port, while NETGEAR calls port 1 a tagged port and port 16 an untagged port. They are, however, the same thing.
Each switch port needs to have a PIVD set in order to work. In this example, we are going to set the PVID to 100 to match the VLAN ID.
To configure a port PVID, select Port PVID from the menu on the left, tick the port you want to update, enter the PVID in the little text box at the top of the list and, finally, click on the Apply button in the top right corner.
Absolutely, this process could be definitely streamlined.
We just need to do some cleanup now. I want port 16 to only belong to VLAN 100, but if I go back to the VLAN Configuration section now, this is what I am going to see:
Basically, port 16 is now a member of both VLAN 100 and the default VLAN 1, while I want it to be only working on VLAN 100. To do this, go back to the VLAN Membership section and select VLAN 1 from the dropdown menu. Click on port 16 until it’s shown as neither tagged (T) or untagged (U):
Apply the change and go back to VLAN Configuration to see the final result.
Let’s test if things are really working. For this final test, I connected a laptop to port 16 of the switch while running Wireshark on port 1.
Note 1: I have configured an interface for VLAN 100 on my router on subnet 192.168.100.0/24 so that the laptop could get an IP address.
Note 2: Wireshark needs to be sniffing on port 1, i.e. the tagged port, in order for you to see the 802.1Q tag. VLAN tags are dropped on untagged (access) ports, so if you run Wireshark on port 16, you will never see the VLAN tag, even if the VLAN is configured correctly.
Open up any web page and inspect the contents of the packet. Look for the section named 802.1Q Virtual LAN and check the ID field. If everything was configured correctly, you should see your VLAN tag 100 here:
This article showed how to configure VLANs on NETGEAR ProSafe switches. Unlike with Cisco switches, all the configuration can be done from the switch’s Web GUI.
Pay attention to the difference in the naming here if you come from a Cisco environment (access ports are named untagged ports here, and trunk ports are named tagged ports) and follow this guide to hopefully get up and running in no time.