• February 24, 2018, 01:25:04 AM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: (5520) Disable Routing on VLAN1?  (Read 2705 times)

0 Members and 1 Guest are viewing this topic.

Offline kars85

  • Rookie
  • **
  • Posts: 10
(5520) Disable Routing on VLAN1?
« on: July 06, 2016, 12:26:01 AM »
I'm trying to figure out how to disable routing on my mgmt vlan (VLAN1). It's been a year or two since I first had everything running, and I can't seem to find what's holding me up.

VLAN5 - ESXi host management network
VLAN10 - Isolated from LAN for my Cisco CVO work router
VLAN20 - ISCSI (not routed - no interface defined in pfSense)
VLAN30 - Guest Wireless (isolated from all networks)
VLAN200 - vMotion

Currently, the 5520 sits behind my pfsense router and has the uplink plugged into 1/1. pfSense handles all my Layer 3, so when I used to have it working, I set TagAll on my uplink port on the 5520 , then TagPVIDOnly on the specific ports I want set to a specific VLAN with the remaining ports set to untagall (access).

As it stands, as soon as I set TagAll on port one, I lose ping to my pfSense router. I've attached my show tech output, in hopes that it helps identify what I'm missing here.

Thanks in advance.

« Last Edit: July 06, 2016, 09:41:58 AM by kars85 »


Offline MatzeKS

  • Sr. Member
  • ****
  • Posts: 272
    • matzeks
    • Controlware GmbH - Germany
Re: (5520) Disable Routing on VLAN1?
« Reply #1 on: July 06, 2016, 10:01:26 AM »
Hi kars85, per default "routing" is disabled on all ERS-Series.
Therefore there is nothing to disable, unless you enabled it previously.
Your attached "show tech" ("show running" would be more helpful here) shows an static route, I guess you enabled "ip routing"

If you disable ip routing your missing DefGW comes in place for this.
I'd recommend to set the IP address, netmask, DefGW for your Mgmt-Vlan (in your case #1) manually:

conf t
ip address xx.xx.xx.xx netmask xx.xx.xx.xx default-gateway xx.xx.xx.xx
end

good luck
 
------------------------------------------------------
ACE-Fx #00050

Offline kars85

  • Rookie
  • **
  • Posts: 10
Re: (5520) Disable Routing on VLAN1?
« Reply #2 on: July 06, 2016, 11:17:08 AM »
Hi kars85, per default "routing" is disabled on all ERS-Series.
Therefore there is nothing to disable, unless you enabled it previously.
Your attached "show tech" ("show running" would be more helpful here) shows an static route, I guess you enabled "ip routing"

If you disable ip routing your missing DefGW comes in place for this.
I'd recommend to set the IP address, netmask, DefGW for your Mgmt-Vlan (in your case #1) manually:

conf t
ip address xx.xx.xx.xx netmask xx.xx.xx.xx default-gateway xx.xx.xx.xx
end

good luck

Hi - thank you for the suggestions. You're correct, routing is disabled on a freshly defaulted switch, so somehow my CLI-foo did something wrong in the initial config, so now that's fixed. But, I still lose my pfSense router when I set port 1 on the 5520 as a trunk port. The instant I set it back to an access port, all is well.

For whatever reason now, I'm dead in the water with this setup.

Code: [Select] [nofollow]
cli password read-only readpass

cli password read-write writepass

cli password serial local

cli password telnet local

no ui-button enable

vlan configcontrol autopvid

username admin redacted rw   

username read read ro           

vlan create 5 name VLAN5 type port

vlan members add 5 1,37-40

vlan port 37-40 pvid 5

vlan port 37-40 tagging tagpvidOnly

vlan create 10 name VLAN10 type port

vlan members add 10 1,47

vlan port 47 pvid 10

vlan port 47 tagging tagpvidOnly

vlan create 20 name VLAN20 type port

vlan members add 20 1,41-46

vlan port 41-46 pvid 20

vlan port 41-46 tagging tagpvidOnly

vlan create 200 name VLAN200 type port

vlan members add 200 1,33-36

vlan port 33-36 pvid 200

vlan port 33-36 tagging tagpvidOnly

vlan ports 1 tagging enable

vlan members remove 1 33-48

logging volatile overwrite

logging enable


clock time-zone CST -6

clock summer-time recurring 2 sunday march 00:00 1 sunday november 00:00 60

sntp server primary address 192.168.1.1

sntp enable

ip address switch 192.168.1.32 netmask 255.255.255.0 default-gateway 192.168.1.1

Offline MatzeKS

  • Sr. Member
  • ****
  • Posts: 272
    • matzeks
    • Controlware GmbH - Germany
Re: (5520) Disable Routing on VLAN1?
« Reply #3 on: July 07, 2016, 06:27:50 AM »
Hi kars85,

you set your uplink port (port 1) direction pfsense to "tagall" and assigned vlan 5,10,20,200 to this port.

That means all your vlan.interfaces on your pfsense must also set to "tagging" or tagged interface.

You also removed vlan 1 from all ports, which is normally assigned as Management-Vlan.

The missing part in your provided config is decision which of your vlans hast to be declared as "mgmt-vlan", if there is no value set per default vlan 1 comes in place, which is assigned to none of your physical ports.

conf t
mgmt vlan xxx
end


your configured ip/mask/defgw will be "mapped" to this particular "mgmt" vlan-interface.

good luck
« Last Edit: July 07, 2016, 06:30:13 AM by MatzeKS »
------------------------------------------------------
ACE-Fx #00050

Offline kars85

  • Rookie
  • **
  • Posts: 10
Re: (5520) Disable Routing on VLAN1?
« Reply #4 on: July 07, 2016, 08:56:55 AM »
Thanks for your help MatzeKS. The underlying cause after getting my config sorted was that it didn't like passing traffic that wasn't assigned a VLAN out that trunk port. Once I assigned my LAN interface to a VLAN (100)in pfSense, assigned all ports that normally were on VLAN1 to VLAN100 and changed the switches management VLAN to that, things magically started working.


Offline MatzeKS

  • Sr. Member
  • ****
  • Posts: 272
    • matzeks
    • Controlware GmbH - Germany
Re: (5520) Disable Routing on VLAN1?
« Reply #5 on: July 07, 2016, 09:02:17 AM »
yes, vlan(s) which has no ports assigned and/or has no active ports are completely inactive in L2/L3.
------------------------------------------------------
ACE-Fx #00050