This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Vlan passing problem

Hello guys!

Just a small disclaimer: My problem is actually not related to the UTM at all (other than the fact that I am creating a vlan in the UTM). However posting here in hope someone can help since this forum has a lot knowledgeable and nice people Slight smile

First let me attach a basic network diagram of what I have:

So I have created a vlan (vlan10) on the utm. Added a new DHCP server for this vlan etc

The UTM is connected to  a dumb unmanaged linksys switch. On the same switch I have a unifi Access Point. On the AP I created a secondary guest wifi network that uses vlan 10.

When I connect to that ssid all is good, I get an IP address from the DHCP server of Vlan10 and all. So the dumb switch actually passes through the vlan to the AP without any issues.

This unmanaged switch is connected to a TP-Link homeplug and this gives network to the other side of the house, in my bedroom,  where I also have my tiny home office.

There is another homeplug in the bedroom that is connected to a managed switch (HP procurve) on port 2. On the HP switch, I have various systems connected, including a secondary Unifi AP

If I try to connect directly to the secondary AP, that is in my bedroom, but connect to the guest SSID (vlan10), I never get an IP address from the DHCP server of vlan10.

So the vlan seems not being passed to the bedroom side of the house

On the managed HP switch I have created vlan10 and assigned port 23 to that vlan. Connecting my laptop to the port result in no ip address for the laptop. Assigning a static IP on the vlan10 subnet on the laptop results to nothing ( I cannot ping vlan10 gateway IP)

Additionally tagging port 2 on the HP switch to carry both vlans (the default and vlan10) breaks all connectivity to the UTM side of the house

My best guess is that I need to replace the linksys switch with a managed one and tag the port that goes to the living room homeplug with both vlans (??)

That was my intention from the start (ie to have managed switches on both sides in order to use vlans), but then I realized that the AP which is connected to the dumb switch gets the vlan information without issue, so the dumb switch seems to pass the vlan information just fine... In this regard, I thought that tagging the uplink port on the HP switch (creating a port trunk in Cisco language) would do the trick, but as I mentioned, this breaks all connectivity to the "left" side of the network.

Any insights welcome..

Thanks a lot!



This thread was automatically locked due to age.
  • Pull out the unmanaged dumb switch and buy a second one (HP) managed switch. Best experience with same brands, especially with vlan, trunk, etc.

    I am 99,99% sure that the dumb switch is the reason and I also wonder how the vlan10 is reaching the unifi ap - because this should not work properly and not be able to handle any vlan tag. and if needed for you...try to read something about vlan tagging, trunks, etc generally and also especially for HP.

    //edit: also my suggestion to you -> deactivate all "security features" like storm control, flood protection, etc. on the HP switches. I had some strange problems with ubiquiti cameras and sophos wlan etc few years ago (HP 1810-24G).

    Good luck and regards,

    Andy.

  • Hello, Andy

    Thanks for the suggestions

    I actually have the same HP switch hehe..

    I already have another managed switch (not a procurve though, I have a Netgear prosafe one)

    I will have to find it and replace the dumb switch, then. 

    Thanks again!

     
    Sophos XG Home Licence.

    Machine: Checkpoint 3100 appliance (Intel Atom C2558 CPU, 6GB Ram, 250GB sata SSD)

  • but remember and think of it: try to use allways identically switches. A (used) HP 1810-24G you can buy for about 40-50 EUR on ebay.

    one year ago I had in my house one unmanaged cisco 8port switch, and I wondered about strange interruptions - like buffering -  while watching videos over my local network from a NAS.

    PC/Beamer <-> Cisco 8Port <-> HP 1810-24G <-> HP 1810-24G <-> NAS

    Replacing that cisco device with a unmanaged zyxel solved that problem directly; now I have everywhere HP inhouse... ;)

  • if you created a vlan, that port should be trunk and tagged.

    If you are already giving vlan as access port(untagged) from the switch (in your case i think its), you dont need a vlan configuration just write ip address under the interface and it should work. As i think your dummy switch is working on access ports because its configured as untagged (access) from the managed switch.

  • correct, but this will not work proper if you have more vlans (tagged) on the same port also for the hp switch which need a tagged, untagged or excluded configuration on any port.

  • OK guys an update..

    For starters, that dumb switch, for some reason, did pass the vlan information correctly to the UnifiAP, however it seems that it was not able to communicate the data correctly to the secondary managed switch. I will have to take some time to troubleshoot a bit more regarding this statement, though, because it may be possible I made a mistake the first time I tried doing the job without a second managed switch. Anyway..

    I do know that having identical switches gets rid of weird quirks, but since I already had the Netgear Prosafe switch, I really could not justify purchasing another procurve before even trying to make things work with what I already have in hand. (BTW the netgear sw is an 8port switch and it is better suited than the HP for my use case because it is on the TV stand on my living room and the 24 port one was a no go. So if needed I could buy the equivalent 8port HP - 1810-8g)

    Anyway, I ditched the dumb switch. Replaced it with the GS110TP that I already had. Fortunately setting things up on the Netgear was about the same as setting things up on the HP. Et voila... everything started working as it should...

    Both APs now can pass both VLANs, the VLAN only port I set on the HP is working just fine.. Created another port on the Netgear to use only with vlan10, this is working as it should also..

    So thank you guys for the assistance! As I mentioned, that was my initial intention (to use 2 managed switches), but the fact that the AP was getting the vlan information was what lead my to try without a managed second switch first. There are also the Homeplugs in the equation, which may have been the problem (not being able to pass the traffic correctly due to the dumb switch)

    So the whole thing will need to be examined thoroughly another day (perhaps using a 20m cable to connect the dumb switch directly with the HP one)

    But for the time being, all is good and things are working as they should (and using the "proper" way)

    Thanks again!   

     
    Sophos XG Home Licence.

    Machine: Checkpoint 3100 appliance (Intel Atom C2558 CPU, 6GB Ram, 250GB sata SSD)