• September 22, 2020, 05:00:56 PM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: Basic VLAN Tagging Help  (Read 4070 times)

0 Members and 1 Guest are viewing this topic.

Offline kars85

  • Rookie
  • **
  • Posts: 10
Basic VLAN Tagging Help
« on: August 28, 2015, 12:58:50 PM »
Hopefully someone can chime in, as it's one of the last pieces of the puzzle before I do the flip.

I currently have 2 VLANs setup on my pfSense router & Netgear GS724v3 switch. pfSense does all the tagging/routing. All fine and dandy and rock solid for over a year since I first set it up. In the Netgear web interface, I have the uplink port of my pfSense router as a tagged port on each of those VLANs, with the respective ports I want on the VLAN untagged.

My problem is finding the similar options/verbage within the more fully featured Nortel's web interface. I don't want to do any Layer 3 functions in the Nortel, just basic layer 2 with pfSense handling my routing & VLAN tagging.

I've tried the following screenshot, but no luck. VLAN member can't get DHCP, I can't ping the VLAN gateway in pfSense...nada.



Hopefully someone can chime in, since I think the Baystack's are pretty popular among the home networking crowd. Thanks!


Offline kars85

  • Rookie
  • **
  • Posts: 10
Re: Basic VLAN Tagging Help
« Reply #1 on: August 28, 2015, 01:12:27 PM »
Here is what currently works, but cannot replicate in my "new to me" Nortel :(


VLAN in pfSense configuration:






How the Netgear Smartswitch is setup (and working):
VLAN1


VLAN20 (disregard VLAN10 in the pic, it's been changed to 20 long ago)

Offline Telair

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 965
Re: Basic VLAN Tagging Help
« Reply #2 on: August 28, 2015, 01:29:20 PM »
OK, if your router is connecting to port #1 on the Nortel and is sending VLAN's 1 and 20 tagged.  Then Port #1 should be set to tagged which it looks like you have correctly done.  However I only see VLAN 1 on port #1.  You need to add VLAN 20 to port #1 as well.  Then the switch will correctly receive VLAN's 1 and 20 from your router.

To do that on the side menu, go Configure -> VLAN -> VLANs.  Then see the port members for VLAN 20.  Add port #1 to that list and apply it.  That should work.

Offline kars85

  • Rookie
  • **
  • Posts: 10
Re: Basic VLAN Tagging Help
« Reply #3 on: August 28, 2015, 01:53:28 PM »
Thanks for the tip on getting to it in the GUI!  That fixed the VLAN20 problem, clients are able to traverse the LAN and hit the WAN fine as port 1 being part of that VLAN.

However, all VLAN/default 1 members go dark with port one set to tagAll(trunk).  Do you know what would cause that?




Offline kars85

  • Rookie
  • **
  • Posts: 10
Re: Basic VLAN Tagging Help
« Reply #4 on: August 28, 2015, 03:21:22 PM »
One thing I thought of is what tagging VLAN1 in the switch is doing in pfSense.  I don't have a VLAN1 in there, just WAN/LAN/VLAN10/VLAN20.  Is that somehow messing me up?

Netgear used VLAN1 internally, but is Nortel explicitly using that and tagging it to pfSense?

Offline Telair

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 965
Re: Basic VLAN Tagging Help
« Reply #5 on: August 28, 2015, 05:33:59 PM »
OK, I though you were using VLAN 1 and VLAN 20 on your router.  But you have VLAN 10 and 20 and there is no VLAN 1?

The Nortel switches by default put every port in VLAN 1 just so if you didn't configure anything you could plug everything in and it would work.  But it is not a requirement to have VLAN 1 if you don't need it.  It can be removed.  Tagging a VLAN to another device that doesn't support that VLAN will just cause the device to drop the unsupported VLAN packet.

Offline kars85

  • Rookie
  • **
  • Posts: 10
Re: Basic VLAN Tagging Help
« Reply #6 on: August 28, 2015, 05:42:10 PM »
OK, I though you were using VLAN 1 and VLAN 20 on your router.  But you have VLAN 10 and 20 and there is no VLAN 1?

The Nortel switches by default put every port in VLAN 1 just so if you didn't configure anything you could plug everything in and it would work.  But it is not a requirement to have VLAN 1 if you don't need it.  It can be removed.  Tagging a VLAN to another device that doesn't support that VLAN will just cause the device to drop the unsupported VLAN packet.

This is ultimately what I needed to get everything up and running:

Port 1 (VLAN1,10,20; default VLAN ID 1) - untagPvidOnly
Ports 2-24 (VLAN1) - untagAll(access)
Ports 25-30 (VLAN20) - untagAll(access)
Ports 31-36 (VLAN10) - untagAll(access)
« Last Edit: August 29, 2015, 12:54:23 AM by kars85 »

Offline kars85

  • Rookie
  • **
  • Posts: 10
Re: Basic VLAN Tagging Help
« Reply #7 on: August 29, 2015, 12:41:56 AM »
Using the settings I outlined above, I just migrated 17 of my 25 devices, and something still isn't right with VLAN1. 

If I remove port 1 from VLAN1, change the default to VLAN20, then VLAN20 works (gets DHCP from VLAN20 DHCP Server, can browse web, etc..).  The minute I associate VLAN1 with the port 1 going to pfSense EVERYTHING dies.

Pretty disappointed in myself that I can't get this to work.
« Last Edit: August 29, 2015, 12:45:01 AM by kars85 »

Offline kars85

  • Rookie
  • **
  • Posts: 10
Re: Basic VLAN Tagging Help
« Reply #8 on: August 31, 2015, 09:10:15 AM »
Full disclosure.  What I ended up doing is pulling every patch cable off and one by one placing them back on the Nortel until I figured out what device was screwing me up.

Ended up being two ports connected to an unmanaged PoE switch.

Remember kids: label your cables!