0

I need to capture packets to see if they are VLAN tagged correctly. I tried on Windows but didn't see it and found some resources saying that Windows strips those tags so it has to be captured on a linux OS. So I tried that, Wireshark on Zorin (Ubuntu derivative) but I'm still not seeing those tags. For testing, I have a small 5-port managed Netgear switch with ports 1 and 2 configured as VLAN tagged and port 5 mirroring both of those and connected to the Wireshark capture tap. Communication between 1 and 2 works fine and I can see that communication on the tap port 5 but I'm not seeing any VLAN tags. My concern at this point is that even though ports 1 and 2 are configured as "tagged", the tag is not added to packets as they traverse the switch, it just means it wouldn't be stripped if it was already there. The endpoints on ports 1 and 2 are not VLAN aware. I thought the switch itself would add those tags. Is that not the case?

UPDATE
screenshots of the config:
enter image description here
enter image description here
enter image description here
enter image description here

Wizard
  • 33
  • 6
prl77
  • 252
  • Configured as "VLAN tagged" but for which VLANs? How many VLANs are those ports members of? Which VLAN is their "native" VLAN (or PVID)? Can you show screenshots of the configuration? – u1686_grawity Apr 29 '22 at 17:28
  • PVID 1; Tagged 30 on Port 1 and 2, no other VLANs – prl77 Apr 29 '22 at 21:10
  • @user1686 screenshots added to post – prl77 Apr 29 '22 at 21:18
  • Right, but in this configuration, how do packets get into VLAN 30? I suspect the packets that you're looking at are still belonging to VLAN 1. (And also, if neither of the endpoints is VLAN-aware, what do you expect them to do with tagged packets? They won't understand the VLAN tags, that's what it means to be not-VLAN-aware.) – u1686_grawity Apr 30 '22 at 05:47
  • @user1686, I understand that the end points won't understand VLAN tags. This setup is for testing only with the goal of capturing packets that are tagged just so I can see them. Since ports 1 & 2 are configured as "tagged", I would expect the switch to tag packets as they leave those ports. I need to see those tags because in production I have three such switches daisy chained to reach a far off location in the back of a warehouse. This is not working so perhaps this is why. Does a managed switch not tag packets leaving ports configured as "tagged" VLAN? Are they not "uplink" ports? – prl77 May 02 '22 at 16:47
  • Well, as I said, tagging is configured per VLAN, not just per port. You have VLAN 30 as tagged on these ports, so the switch will indeed add the "VLAN 30" tag...but only to packets that were assigned to VLAN 30 when entering the switch. How do they get assigned to VLAN 30 on input? In your config, this only happens if the incoming packet already had a tag. If the switch receives packets without a tag, they get assigned to VLAN 1 in your case...and the egress port also has VLAN 1 untagged. – u1686_grawity May 02 '22 at 18:04
  • So to really experiment with this, you'll need a port where VLAN 30 is untagged. (More precisely, has VLAN 30 as its "PVID" or "native vlan", as sometimes that's how the setting works.) Once packets from the device enter this port, then they internally get handled as VLAN 30 within the switch, and when they exit through a port that has the same VLAN 30 tagged, then you will indeed see the tag in Wireshark. – u1686_grawity May 02 '22 at 18:08
  • That's the reason I picked up on the endpoints being "not VLAN aware". It's not just that they won't understand tagged packets, but also that they won't create tagged packets that the switch expects to receive on such a port – so all packets from the unaware device belong to VLAN 1. – u1686_grawity May 02 '22 at 18:14

0 Answers0