Monday, November 25, 2019

Confused by prosumer gear: What really is PVID and why is it not the same as an untagged interface?

I had an issue at a call last week: SonicWall not talking to some devices on a new vlan.

Switching was Prosafe, the managed switches offering from Netgear.

The setup: A dedicated port on the SonicWall (HA stack), X2, was connected to the prosafe, 5/g11 & 5/g12. Vlan 3 was untagged, all other vlans were not participating. Sonicwall setup with the 10.1.3.1/24 address, providing DHCP, etc.

Symptoms: SOME devices on 10.1.3.0/24 were working PERFECTLY fine. Others just weren't. All devices were statically addressed (DHCP was just there for convenience), IPs and masks were correct. No problems with MAC addresses. I mean the problem "felt" like there was a half-down etherchannel somewhere.
Through troubleshooting, I found that DHCP was leaking into vlan 1.

Solution: On the switch, I changed the PVID of the ports (that were correctly set to Untagged-vlan-3) from 1 to 3. That's it.

...why?

I feel like an idiot asking: I'm not new to networking by any means; I've got nearly two decades working with Cisco/HP[E]/Aruba/Juniper/etc. I'll admit to having only passing familiarity with prosumer switching.

What the hell is a PVID and why didn't it work to set vlan 3 to untagged on that port? It should have been doing nothing but talking vlan3, as no other vlans were configured on that port.
Why was a PVID setting causing DHCP to leak?
Why were some devices on vlan 3 working without issue, and others not?

Google so far as lead me to forum threads in which people who don't know what a vlan tag is disagree with each other, confuse each other, and fizzle out when the OP does something random that ends up fixing their issue.

So what, technically, is PVID, why is it separate, and how does it work with tagging?



No comments:

Post a Comment