Hi,

I been configuring Vigo 28xx routers with VLANs connected to managed switches for a number of years, never had any issues and everything has worked as expected. I've got my hands on a 2962 and I've gone through the same process as I do with the 28xx and I am getting the following warning:



Followed by this one:



A bit of back ground on the configuration, all the LAN ports are uplinks from L2+ managed switches, the switches are configured with the same VLAN IDs as you can see in the image above. On the DrayTek VLAN0/LAN1 is the untagged LAN, this supports all the network hardware. VLAN1/LAN2 is the local office network and VLAN2/LAN3 is the wireless guest network.

I am confused by the warning as it's suggesting something is sharing the same name but as you can see from the image nothing is, it is possible I've missed a step that needs to be followed for the 29xx series or maybe it's a bogus message? Everything appears to be running correctly, no errors on the switches, performance is not noticeably slow but I don't like odd messages like this so it would be good to get to the bottom of them.

Any thoughts, advice gratefully received.

Cheers
Rob

Firstly I do not run the 2962, so I can offer no solution to your question.

For me the curiosity is not in the error message as that is self explanatory, it is more WHY should mixing tagged/untagged traffic cause a performance problem.

I would also be curious how you are measuring performance as I thought my network performance was fine until I upgraded my router to a 2927, and then it was like the true network performance had suddenly been unleashed.

One final thought, why do you want Vlan0/Lan 1 untagged? Just about all non consumer devices support tagging these days and I don't know of a managed switch where you can not set a vlan id to a port for those older devices that don't support tagging (I have a few).

Thanks for the reply Iain.

Agreed, I would have thought a router that is claimed to support up to 20 VLANs would have sufficient processing power to cope with 20 VLANs. The performance testing has been pretty rudimentary using iPerf to for copying files from the servers to clients. I am getting line speed on these transfers. Reason for the untagged LAN, in the past I've had issues with WAPs and using tagged VLANs to access their management GUI, having all the network devices on an untagged VLAN to be honest just makes my life easier

It is intriguing - I have a 2927ax with VLAN0 untagged and 3 tagged VLANS (same as the 2927ac and 2926ac before it) and I see no dire warnings about performance degradation.

It threw me, hence the post, I've deployed many 28xx devices with same config and never seen any warnings, hence reaching out here.

Fair comment CTLUK.

Although I am interested about how you assess "wires speed" as I find mass data transfers subject to restrictions at both ends of the line as you simply just can't the data off the disk fast enough and can't write it fast enough at the other end. That said I assess my performance based on transferring data using a 2862 and then repeating the same data transfer on the 2927. The 2927 was circa 3 times faster at the data transfer and was the only difference and it was repeatable.

However, that's an aside. We both know there should not be a restriction mixing tagged and untagged traffic.

Finally a thought on untagged traffic, I totally understand where you are coming from here, it is scary to lock your network down to only tagged traffic. I bit the bullet on it about 4/5 years ago from a security point of view. If you want to access my network, you have to know the Vlan ID or the switch and router will simply not acknowledge you. It's not completely secure, but it makes it just that bit harder for someone with a laptop to rock up and plug into your network if they don't know the Vlan Id, the next step would be to use port authorization and x509 (is that the right standard???)

I choose to think of security as an onion. Depending on how secure you want your network you simply keep peeling away until you get to the point where the only have people left are those that REALLY know what they are doing and to be frank, there is virtually no defense from these people, but then they probably won't be enough in it for them to both with you.