Solved

VLAN issue driving me nuts ...

Posted on 2013-06-28
28
413 Views
Last Modified: 2015-08-03
So I have two of these DLINK DAP-2360 Wifi routers where I can configure multiple SSIDs and multiple VLANs. I've configured one and it works (at the place it's now and it also worked in my office where I set it up). I've tried to configure a second one now but I only get an IP address when connecting to the 'internal' SSID but not when I try connecting to the SSID of the 'free internet' SSID ...

I think it has to do with our switch ... could someone please explain to me again how I have to tag or untag ports?

In order to be able to access two different VLANs I need to tag the port on the switch in the two VLANs, right? But I've done that and I only get access to the one VLAN, not both ... !?

As for the WAP I've got (for the 'free' VLAN) the LAN port tagged and one MSSID port untagged (it's not possible to tag it > the option is greyed out).

I've also compared it to the working WAP but I don't get it ... seems I'm confused or my brain froze ...

Any ideas!?

Thanks a lot!
0
Comment
Question by:Xeronimo
  • 16
  • 11
28 Comments
 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 39283861
Are you using the Default VLAN? I think, if I'm picturing it correctly, you should have 1 VLAN untagged (e.g:Default) and the other VLAN tagged, so that it's the same on both devices (WAP and Switch) ...

But, like I said, maybe I'm not getting the picture entirely.
0
 

Author Comment

by:Xeronimo
ID: 39283948
Our setup is a bit weird ... We've got 3 VLANs:

VLAN 1 is the legacy one that we don't actually use anymore but I'm a bit hesitate to remove it in case we've forgotten about something ...
VLAN 20 is the internal LAN.
VLAN 30 is the 'free internet' VLAN.
0
 

Author Comment

by:Xeronimo
ID: 39283953
But VLAN20 is the default, it's the one that's untagged. VLAN1 is mostly 'not member', I'll set all the ports on 'VLAN1: not member' and see what happens ... if everything works fine then it should be ok to remove it, no?
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 39283963
I wouldn't just remove the VLAN1, unless you really know what you're doing, because most of the switches have their management on VLAN1, so if you delete it you can't reach the management web-interface for instance.

You can tell the switch (most switches) that management is on another VLAN, prior to removing VLAN1, so if you want to remove VLAN1 make sure you check that out.

When not using VLAN1, just untag VLAN20 and tag VLAN30. What switch are you using exactly?
0
 

Author Comment

by:Xeronimo
ID: 39283973
The management interfaces can be reached using the IP addresses of VLAN20 so that shouldn't be a problem?

I've checked and the switches have already VLAN20 untagged (and thus it represent the default, right?).

And so the default VLAN is always untagged and only the additional VLANs are tagged?

We've got a whole mix of switches (over the years): 2x3COM, 1x HP ProCurve and 1x ancient Alcatel OmniSwitch (who needs to be replaced).
0
 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 39283984
The management interfaces can be reached using the IP addresses of VLAN20 so that shouldn't be a problem?

Normally not no...


Did you create a trunk for the port and make VLAN20 the default?
0
 

Author Comment

by:Xeronimo
ID: 39283997
> Did you create a trunk for the port and make VLAN20 the default?

We've got a link aggregation and VLAN 20 is untagged on it. Does that answer your question ...?
0
 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 39284006
Ok ... But is the LACP connected to the WAP or is that between switches? I doubt the WAP can do LACP.

To test you could just use another port, set it untagged in VLAN20 and tagged in VLAN30 (without trunk or LACP).
0
 

Author Comment

by:Xeronimo
ID: 39284072
The LACP is between the switches.

And ok, I'll test that.
0
 

Author Comment

by:Xeronimo
ID: 39284110
Ok, I've identified the problem now:

If I set the port untagged VLAN20 then the AP does not get an internal IP address, if I set it tagged it does.

As for VLAN30 it doesn't matter whether or not it's tagged or untagged, I don't get an IP address :/

Yet on the switch that port is untagged VLAN30 and tagged VLAN20, exactly like a second switch (the ProCurve) where the other WAP (which works) is connected too ... So maybe it's the WAP VLAN configuration then?
0
 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 39284140
How does the WAP set the VLAN, is it using PVID or something? maybe it works if you set the port trunked and both VLANs tagged, sort of between switches...

On the ProCurve it's just like that? VLAN20 tagged and untagged in VLAN30... It should work the same on this switch, so it might be a problem on the WAP yes, not familiar with this brand , so I'll try and find a manual.
0
 

Author Comment

by:Xeronimo
ID: 39284189
Here's a screenshot ...

screenshot
0
 

Author Comment

by:Xeronimo
ID: 39284199
0
 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 39284223
I don't know the difference between the ports S-x and W-x ... But I see that the ports are untagged (untag VID)... If you want to mirror the switch setup you should put the VLAN20 in tagged VID I think... Of course, this doesn't solve the issue with VLAN30 not getting an IP.
0
 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 39284226
I spoke too soon .. Seeing the second screenshot only now....
0
 

Author Comment

by:Xeronimo
ID: 39284231
The problem is also that I can't tag MSSID ports at all. They're greyed out? Wouldn't I need to tag the S-7 instead of untagging it?
0
 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 39284258
You say the VLAN30 is untagged on the switch, yet it is tagged in the WAP I see in the last screenshot (Tag for LAN)... I think the MSSID ports just need to be untagged in that VLAN, they act as a client on the switch (I assume).
0
 

Author Comment

by:Xeronimo
ID: 39284268
no, and I'm sorry if I am confusing you but on the switch VLAN20 (the main VLAN) is untagged and the VLAN is tagged.
0
 

Author Comment

by:Xeronimo
ID: 39284278
//
0
 

Author Comment

by:Xeronimo
ID: 39284318
I'll try to summarize it again ...

on the 3COM switch:
var1: VLAN20 untagged & VLAN30 tagged > no IP for V20, no IP for V30
var2: VLAN20 tagged & VLAN30 tagged > IP for V20, no IP for V30
var3: VLAN20 tagged & VLAN30 untagged > IP for V20, no IP for V30
var4: VLAN20 untagged & VLAN30 untagged > no IP for V20, no IP for V30

reminder:
VLAN20 = main VLAN > internal network
VLAN30 = guest VLAN > internet only
0
 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 39284344
Ok, I'm catched up again ... Sorry, was indeed getting confused :)

So, we know one thing, VLAN20 should be tagged, that one works, now somehow need to find out why VLAN30 isn't playing ball ...

I assume VLAN30 has a DHCP server on its network, or how are the IP's sent? I also assume that the DHCP server is tagged on this VLAN30 as well, what happens when you plug in a PC in that VLAN30, on the same port or different one, is that PC getting an IP-address?
0
 

Author Comment

by:Xeronimo
ID: 39284439
Our VLANs are definitely not setup neatly ... ;)

But VLAN20 only needs to be tagged if it's a hybrid port. In all the other cases the ports are VLAN20 untagged and work just fine.

VLAN30 gets its IP addresses from the firewall. That works since that other AP (on that other switch) gets addresses from it on VLAN30.

As for the laptop:

var1: VLAN20 untagged & VLAN30 tagged > IP from VLAN20
var2: VLAN20 tagged & VLAN30 tagged > IP from VLAN20
var3: VLAN20 tagged & VLAN30 untagged > IP from VLAN20
var4: VLAN20 untagged & VLAN30 untagged > IP from VLAN20

I don't even get a VLAN30 IP when I set VLAN20 to not member and VLAN30 to tagged (or untagged). Seems there's a problem with VLAN30 then ...
0
 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 39284494
Or the problem is with the switch, it can't handle both the VLANs or something, do you have the possibility to create a trunk (not LACP) and configure it with the VLANs on this switch?

I seem to vaguely remember some old switches had some strange quirks.
0
 

Author Comment

by:Xeronimo
ID: 39284523
But this had worked at one time briefly ... I don't get it ... and my head is spinning now ... I need a break ;)

Thanks so far
0
 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 39284553
hmmm yes, that is strange ... Ok, time for dinner anyway ;)
0
 
LVL 3

Accepted Solution

by:
Happy_Computing earned 500 total points
ID: 39289560
Hi,
Just reading through this as I had similar problems with vlans, mainly due to me tagging the ports to make then a member or the vlan, when they should be untagged. If I remember right only the port that connects between switches needs to be tagged as this will add and remove the vlan tags from the packets and the ports that are members of the vlan need to be untaggeded, but still assigned the vlan ID.

The other question is where do the clients on each vlan get their IP addresses. DHCP does not normally traverse VLANs so each VLAN needs it own DHCP server.
0
 

Author Comment

by:Xeronimo
ID: 39290271
Ok, so this is the current situation:

I've got VLAN20 untagged and VLAN30 tagged on the switch > VLAN20 gets an IP address, VLAN30 does not ...

VLAN30 is supposed to get its IP address from the DHCP on the firewall.
0
 

Author Comment

by:Xeronimo
ID: 40911017
The problem was not solved. Request the permission to close or delete this thread.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question