diff --git a/Makefile b/Makefile
index bff2607..aa7d181 100644
--- a/Makefile
+++ b/Makefile
@@ -3,7 +3,7 @@ HOSTNAME=registry.terraform.io
 NAMESPACE=netrisai
 NAME=netris
 BINARY=terraform-provider-${NAME}
-VERSION=3.5.2
+VERSION=3.5.3
 OS_ARCH=darwin_arm64
 WORKDIRECTORY=examples
 
diff --git a/docs/resources/bgp.md b/docs/resources/bgp.md
index 483bd76..16834b2 100644
--- a/docs/resources/bgp.md
+++ b/docs/resources/bgp.md
@@ -68,6 +68,7 @@ resource "netris_bgp" "my-bgp" {
 - **sendbgpcommunity** (List of String) Send BGP Community Unconditionally advertise defined list of BGP communities towards BGP neighbor. Format: AA:NN Community number in AA:NN format (where AA and NN are (0-65535)) or local-AS. Example `["65501:777"]`.
 - **state** (String) Valid value is `enabled` or `disabled`; enabled - initiating and waiting for BGP connections, disabled - disable Layer-2 tunnel and Layer-3 address. Default value is `enabled`.
 - **vlanid** (Number) VLAN ID for tagging BGP neighbor facing ethernet frames. Valid values should be in range 2-4094.
+- **untagged** (Boolean) Untag the ethernet frames on BGP neighbor facing ethernet.
 - **vnetid** (Number) Existing VNet service ID to terminate E-BGP on. Can't be used together `portid`.
 - **weight** (Number) BGP session weight. Default value is `0`.
 - **vpcid** (Number) ID of VPC. If not specified, the BGP will be created in the VPC marked as a default.
diff --git a/examples/bgp_example.tf b/examples/bgp_example.tf
index f3a08f0..93b5a7e 100644
--- a/examples/bgp_example.tf
+++ b/examples/bgp_example.tf
@@ -57,36 +57,38 @@ resource "netris_bgp" "my-bgp-isp1" {
   depends_on = [netris_softgate.my-softgate01, netris_link.sg1_to_sw1]
 }
 
-# resource "netris_bgp" "my-bgp-isp2" {
-#   name        = "my-bgp-isp2"
-#   siteid      = netris_site.santa-clara.id
-#   hardware    = "my-softgate02"
-#   neighboras  = 64600
-#   portid      = data.netris_network_interface.swp14_sw2.id
-#   localip     = "172.19.35.2/30"
-#   remoteip    = "172.19.35.1/30"
-#   description = "My ISP2 BGP"
-#   #  inboundroutemap = netris_routemap.routemap-in.id
-#   #  outboundroutemap = netris_routemap.routemap-out.id
-#   #  state = "enabled"
-#   #  multihop = {
-#   #    neighboraddress = "185.54.21.5"
-#   #    updatesource = "198.51.100.11/32"
-#   #    hops = "5"
-#   #  }
-#   #  bgppassword = "somestrongpass"
-#   #  allowasin = 5
-#   #  defaultoriginate = false
-#   #  prefixinboundmax = 1000
-#   #  localpreference  = 100
-#   #  weight = 0
-#   #  prependinbound = 2
-#   prependoutbound    = 2
-#   prefixlistinbound  = ["deny 127.0.0.0/8 le 32", "permit 0.0.0.0/0 le 24"]
-#   prefixlistoutbound = ["permit 192.0.2.0/24", "permit 198.51.100.0/24 le 25", "permit 203.0.113.0/24 le 26"]
-#   #  sendbgpcommunity = ["65501:777"]
-#   depends_on = [netris_softgate.my-softgate02, netris_link.sg2_to_sw2]
-# }
+resource "netris_bgp" "my-bgp-isp2" {
+  name        = "my-bgp-isp2"
+  siteid      = netris_site.santa-clara.id
+  hardware    = "my-softgate02"
+  neighboras  = 64600
+  portid      = data.netris_network_interface.swp14_sw2.id
+  localip     = "172.19.35.2/30"
+  remoteip    = "172.19.35.1/30"
+  description = "My ISP2 BGP"
+  vlanid      = 3001
+  untagged    = true
+  #  inboundroutemap = netris_routemap.routemap-in.id
+  #  outboundroutemap = netris_routemap.routemap-out.id
+  #  state = "enabled"
+  #  multihop = {
+  #    neighboraddress = "185.54.21.5"
+  #    updatesource = "198.51.100.11/32"
+  #    hops = "5"
+  #  }
+  #  bgppassword = "somestrongpass"
+  #  allowasin = 5
+  #  defaultoriginate = false
+  #  prefixinboundmax = 1000
+  #  localpreference  = 100
+  #  weight = 0
+  #  prependinbound = 2
+  prependoutbound    = 2
+  prefixlistinbound  = ["deny 127.0.0.0/8 le 32", "permit 0.0.0.0/0 le 24"]
+  prefixlistoutbound = ["permit 192.0.2.0/24", "permit 198.51.100.0/24 le 25", "permit 203.0.113.0/24 le 26"]
+  #  sendbgpcommunity = ["65501:777"]
+  depends_on = [netris_softgate.my-softgate02, netris_link.sg2_to_sw2]
+}
 
 
 resource "netris_bgp" "my-bgp-isp1-in-my-vpc" {
@@ -122,34 +124,36 @@ resource "netris_bgp" "my-bgp-isp1-in-my-vpc" {
   depends_on = [netris_softgate.my-softgate01, netris_link.sg1_to_sw1]
 }
 
-# resource "netris_bgp" "my-bgp-isp2-in-my-vpc" {
-#   name        = "my-bgp-isp2-in-my-vpc"
-#   siteid      = netris_site.santa-clara.id
-#   hardware    = "my-softgate02"
-#   neighboras  = 64600
-#   portid      = data.netris_network_interface.swp13_sw2.id
-#   localip     = "172.19.35.2/30"
-#   remoteip    = "172.19.35.1/30"
-#   description = "My ISP2 BGP"
-#   vpcid       = netris_vpc.my-vpc.id
-#   #  inboundroutemap = netris_routemap.routemap-in.id
-#   #  outboundroutemap = netris_routemap.routemap-out.id
-#   #  state = "enabled"
-#   #  multihop = {
-#   #    neighboraddress = "185.54.21.5"
-#   #    updatesource = "198.51.100.11/32"
-#   #    hops = "5"
-#   #  }
-#   #  bgppassword = "somestrongpass"
-#   #  allowasin = 5
-#   #  defaultoriginate = false
-#   #  prefixinboundmax = 1000
-#   #  localpreference  = 100
-#   #  weight = 0
-#   #  prependinbound = 2
-#   prependoutbound    = 2
-#   prefixlistinbound  = ["deny 127.0.0.0/8 le 32", "permit 0.0.0.0/0 le 24"]
-#   prefixlistoutbound = ["permit 192.0.2.0/24", "permit 198.51.100.0/24 le 25", "permit 203.0.113.0/24 le 26"]
-#   #  sendbgpcommunity = ["65501:777"]
-#   depends_on = [netris_softgate.my-softgate02, netris_link.sg2_to_sw2]
-# }
+resource "netris_bgp" "my-bgp-isp2-in-my-vpc" {
+  name        = "my-bgp-isp2-in-my-vpc"
+  siteid      = netris_site.santa-clara.id
+  hardware    = "my-softgate02"
+  neighboras  = 64600
+  portid      = data.netris_network_interface.swp13_sw2.id
+  localip     = "172.19.35.2/30"
+  remoteip    = "172.19.35.1/30"
+  description = "My ISP2 BGP"
+  vlanid      = 3004
+  untagged    = true
+  vpcid       = netris_vpc.my-vpc.id
+  #  inboundroutemap = netris_routemap.routemap-in.id
+  #  outboundroutemap = netris_routemap.routemap-out.id
+  #  state = "enabled"
+  #  multihop = {
+  #    neighboraddress = "185.54.21.5"
+  #    updatesource = "198.51.100.11/32"
+  #    hops = "5"
+  #  }
+  #  bgppassword = "somestrongpass"
+  #  allowasin = 5
+  #  defaultoriginate = false
+  #  prefixinboundmax = 1000
+  #  localpreference  = 100
+  #  weight = 0
+  #  prependinbound = 2
+  prependoutbound    = 2
+  prefixlistinbound  = ["deny 127.0.0.0/8 le 32", "permit 0.0.0.0/0 le 24"]
+  prefixlistoutbound = ["permit 192.0.2.0/24", "permit 198.51.100.0/24 le 25", "permit 203.0.113.0/24 le 26"]
+  #  sendbgpcommunity = ["65501:777"]
+  depends_on = [netris_softgate.my-softgate02, netris_link.sg2_to_sw2]
+}
diff --git a/netris/bgp/bgp.go b/netris/bgp/bgp.go
index 3b329fa..d4f4c28 100644
--- a/netris/bgp/bgp.go
+++ b/netris/bgp/bgp.go
@@ -231,6 +231,11 @@ func Resource() *schema.Resource {
 				Type:        schema.TypeInt,
 				Description: "ID of VPC. If not specified, the BGP will be created in the VPC marked as a default.",
 			},
+			"untagged": {
+				Optional:    true,
+				Type:        schema.TypeBool,
+				Description: "Untag ethernet frames on BGP neighbor facing ethernet.",
+			},
 		},
 		Create: resourceCreate,
 		Read:   resourceRead,
@@ -251,20 +256,21 @@ func resourceCreate(d *schema.ResourceData, m interface{}) error {
 	clientset := m.(*api.Clientset)
 
 	var (
-		vlanID    = -1
 		state     = "enabled"
 		ipVersion = "ipv6"
 		hwID      = 0
 		portID    = 0
 		vnetID    = 0
-		untagged  = false
 	)
 
+	untagged := d.Get("untagged").(bool)
+
 	originate := "disabled"
 	localPreference := 100
 
 	siteID := d.Get("siteid").(int)
 	vpcid := d.Get("vpcid").(int)
+	vlanID := d.Get("vlanid").(int)
 
 	if d.Get("defaultoriginate").(bool) {
 		originate = "enabled"
@@ -283,8 +289,6 @@ func resourceCreate(d *schema.ResourceData, m interface{}) error {
 		}
 	}
 
-	transportVlanID := d.Get("vlanid").(int)
-
 	localPreferenceTmp := d.Get("localpreference").(int)
 	if localPreferenceTmp > 0 {
 		localPreference = localPreferenceTmp
@@ -300,14 +304,6 @@ func resourceCreate(d *schema.ResourceData, m interface{}) error {
 		vnetID = v
 	}
 
-	if transportVlanID >= 1 {
-		vlanID = transportVlanID
-	}
-
-	if vlanID == -1 {
-		untagged = true
-	}
-
 	localIPString := d.Get("localip").(string)
 
 	localIP, cidr, err := net.ParseCIDR(localIPString)
@@ -522,6 +518,11 @@ func resourceRead(d *schema.ResourceData, m interface{}) error {
 		}
 	}
 
+	err = d.Set("untagged", bgp.Untagged)
+	if err != nil {
+		return err
+	}
+
 	err = d.Set("bfd", bgp.Bfd)
 	if err != nil {
 		return err
@@ -656,15 +657,15 @@ func resourceUpdate(d *schema.ResourceData, m interface{}) error {
 	clientset := m.(*api.Clientset)
 
 	var (
-		vlanID    = -1
 		state     = "enabled"
 		ipVersion = "ipv6"
 		hwID      = 0
 		portID    = 0
 		vnetID    = 0
-		untagged  = false
 	)
 
+	untagged := d.Get("untagged").(bool)
+
 	originate := "disabled"
 	localPreference := 100
 
@@ -687,7 +688,7 @@ func resourceUpdate(d *schema.ResourceData, m interface{}) error {
 		}
 	}
 
-	transportVlanID := d.Get("vlanid").(int)
+	vlanID := d.Get("vlanid").(int)
 
 	localPreferenceTmp := d.Get("localpreference").(int)
 	if localPreferenceTmp > 0 {
@@ -704,14 +705,6 @@ func resourceUpdate(d *schema.ResourceData, m interface{}) error {
 		vnetID = v
 	}
 
-	if transportVlanID >= 1 {
-		vlanID = transportVlanID
-	}
-
-	if vlanID == -1 {
-		untagged = true
-	}
-
 	localIPString := d.Get("localip").(string)
 
 	localIP, cidr, err := net.ParseCIDR(localIPString)