Airport Extreme firmware 7.6 breaks VLAN bridging

Alas, that it worked before was a fluke -- Apple Airport should never have been bridging 802.1Q tagged VLAN packets. By definition an Ethernet bridge only bridges untagged packets unless it is explicitly configured to transport tagged packets to another 802.1q-capable device, and then it should only pass those packets to across an interface if the receiving device is programmed to expect and accept tagged packets..

Ref: http://en.wikipedia.org/wiki/Virtual_LAN

"By definition, switches may not bridge IP traffic between VLANs as it would violate the integrity of the VLAN broadcast domain."

So Apple was just fixing a bug, and you have a network that depended upon that bug. The correct fix in your case is to add a router to your LAN that can route traffic between your native LAN VLAN and this VLAN 100. That will requires creating two separate IP subnets and attaching them to the router device. Fortunately, the cost of layer-3 switches that support both VLANs and inter-vlan routing has come down quite a bit, to aabout $2300 (e.g., the Cisco SG 300-10). You'll have to learn the techology, but it's pretty straightforward and the Internet is chock full of tutorials.

Not all switches will pass tagged packets. Because the tag adds four bytes to the packet length, large packets can exceed the MTU of the switch, resuiting in dropped packets and very strange behavior (only when large packets occur).

From one VLAN info source (http://www.javvin.com/protocolVLAN.html):

"However, it is important to ensure ports with non-802.1Q-compliant devices attached are configured to transmit untagged frames. Many NICs for PCs and printers are not 802.1Q-compliant. If they receive a tagged frame, they will not understand the VLAN tag and will drop the frame. Also, the maximum legal Ethernet frame size for tagged frames was increased in 802.1Q (and its companion, 802.3ac) from 1,518 to 1,522 bytes. This could cause network interface cards and older switches to drop tagged frames as "oversized.""

In any event, it's not cricket to have tagged packets bouncing around on your LAN -- that definitely violates the broadcast domain sanctity of a VLAN. The Airport was wrong to transport tagged packets, and now they've fixed that bug. You have to implement a properly VLANed network to accomplish what you want.

Hello

I'm in france too, II have the same problem with the 7.6 it break immediately the ethernet output port from the airport extreme. When I go back to the older firmare, everything works fine.

So I can't upgrade to 7.6.

for the record I have a freebox V6 router for free provider.

If 7.6 completely disables the Ethernet port, something else is wrong. Have you checked the configuration to make sure bridge mode hasn't been turned off?

Yes I check twice. I started the extreme confid from start, but nothing works. At the end I backgraded to 7.5.2, and magicly it works immediately??!!

I tryed to tweak here and there, restart but everything failed.