Add a subnet to SRW2016 with VLAN
I'm using an SRW2016 switch for a small office central LAN switch.
I'm adding a new subnet for VOIP - for a variety of good reasons.
The new subnet will have its own separate internet gateway and ISP - which is one of the good reasons.
This much is all set and working up to a point.
Here is a diagram of the setup:
Gateway<>SRW2016 Port 9 VLAN1 default untagged
RV042 <>SRW2016 Port 16 VLAN100 <<<<<<<<<<<<< ??
LAN <>SRW2016 Port 8 Trunked VLAN1 untagged / VLAN100 Tagged
LAN <>SRW2016 Port 12 Trunked VLAN1 untagged / VLAN100 Tagged
Of course, the idea is that all VLAN100 traffic flow through port 16 and to the internet.
My need for learning is how to set up the ports on the SRW2016 - particularly, it seems, port 16.
In the original configuration, the switch had just a "vanilla" switch configuration: connecting single gateway to all the LAN connections on the untagged default VLAN1.
Setting up for the new subnet, I set up VLAN100 which is tagged (there are other switches cascaded "down" thereafter).
The other switches have the same VLAN100 added and all the VLAN100-related ports are trunked on those switches.
The ports on the SRW2106 connecting to those switches are also trunked.
A new gateway has been configured (an RV042) which will provide gateway and DHCP service on a new subnet intending to use VLAN100. The router LAN is connected to a port on the SRW2016. I intend that the new router be VLAN unaware - just connected to VLAN 100 via an untrunked connection.
What doesn't work is internet access from VLAN100 devices.
I believe this is due to how the port for the new gateway is configured in its switch port.
The choices are General, Access and Trunked / Tagged and Untagged.
Also, I can connect a computer to the LAN side of the added RV042 and can ping internet addresses.
But, when I connect the LAN side of the RV042 to port 16 the switch, that ping traffic stops and I have to disconnect from the switch and reboot the router...?? At that point, the ping traffic resumes.
Probably a lot that I don't know or understand....
I'm adding a new subnet for VOIP - for a variety of good reasons.
The new subnet will have its own separate internet gateway and ISP - which is one of the good reasons.
This much is all set and working up to a point.
Here is a diagram of the setup:
Gateway<>SRW2016 Port 9 VLAN1 default untagged
RV042 <>SRW2016 Port 16 VLAN100 <<<<<<<<<<<<< ??
LAN <>SRW2016 Port 8 Trunked VLAN1 untagged / VLAN100 Tagged
LAN <>SRW2016 Port 12 Trunked VLAN1 untagged / VLAN100 Tagged
Of course, the idea is that all VLAN100 traffic flow through port 16 and to the internet.
My need for learning is how to set up the ports on the SRW2016 - particularly, it seems, port 16.
In the original configuration, the switch had just a "vanilla" switch configuration: connecting single gateway to all the LAN connections on the untagged default VLAN1.
Setting up for the new subnet, I set up VLAN100 which is tagged (there are other switches cascaded "down" thereafter).
The other switches have the same VLAN100 added and all the VLAN100-related ports are trunked on those switches.
The ports on the SRW2106 connecting to those switches are also trunked.
A new gateway has been configured (an RV042) which will provide gateway and DHCP service on a new subnet intending to use VLAN100. The router LAN is connected to a port on the SRW2016. I intend that the new router be VLAN unaware - just connected to VLAN 100 via an untrunked connection.
What doesn't work is internet access from VLAN100 devices.
I believe this is due to how the port for the new gateway is configured in its switch port.
The choices are General, Access and Trunked / Tagged and Untagged.
Also, I can connect a computer to the LAN side of the added RV042 and can ping internet addresses.
But, when I connect the LAN side of the RV042 to port 16 the switch, that ping traffic stops and I have to disconnect from the switch and reboot the router...?? At that point, the ping traffic resumes.
Probably a lot that I don't know or understand....
ASKER
The new router in this case (at least for now) is a pretty simple device. One can separate each of the LAN ports into separate "VLANs" but I don't think that's what we have come to think of as more capable VLANs. No tagging and no selectable labels are available on an RV042; just "VLANS 1-5" which appears to be only useful for internal reference purposes and not affecting what's seen by things connected to it.
If this is necessary then I might look at using an RV340 where it appears that the VLANs can be ID'd 1-4093. Since I've chosen 100 for the switches, it appears this could be matched with setting "100".
It also can have them tagged.
This appears to make sense even though I was hoping that a VLAN could be more readily treated as a LAN - without tagging throughout.
If this is necessary then I might look at using an RV340 where it appears that the VLANs can be ID'd 1-4093. Since I've chosen 100 for the switches, it appears this could be matched with setting "100".
It also can have them tagged.
This appears to make sense even though I was hoping that a VLAN could be more readily treated as a LAN - without tagging throughout.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I could try it but the RV042 VLANs aren't tagged and, thus, I suspect are no different than the default LAN ports to the outside world.
And, unfortunately, all of the switches and VOIP phones have been programmed and the VLAN needs to be tagged.
I notice that at least one of the modern Cisco small bus dual WAN routers says "no voice" but I'm not sure what that really means. Perhaps it means it doesn't have the Cisco voice selections in the settings. I'm not using those anyway - on advice of experts.
I think this means that the SRW2016 or CG300-20/28 port for this router will need to be set to VLAN100/Tagged. Is that right?
The original setting of General didn't work but perhaps that's because the router wasn't providing what's expected??
And, unfortunately, all of the switches and VOIP phones have been programmed and the VLAN needs to be tagged.
I notice that at least one of the modern Cisco small bus dual WAN routers says "no voice" but I'm not sure what that really means. Perhaps it means it doesn't have the Cisco voice selections in the settings. I'm not using those anyway - on advice of experts.
I think this means that the SRW2016 or CG300-20/28 port for this router will need to be set to VLAN100/Tagged. Is that right?
The original setting of General didn't work but perhaps that's because the router wasn't providing what's expected??
Check the link out. It is for the the 340 specifically and address several of the specific items you have raised and some that you may not have thought of yet.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The 042 doesn't support multi-scope DHCP. That is the hinge point at this point.
If separate routers are being kept (which is mentioned at the start of all of this), multiscope DHCP is irrelevant. If the goal is to have one router, then that does come into play and I would agree with the comment of getting a better router.
Valid
ASKER
Hmmm... well, I *think* that I tried that experiment but I did try with the port originally set at General.
"Set to Access / Untagged" I can surely try that.
A new router should arrive tomorrow but I really value knowing how to make things work!!
Multi DHCP isn't needed. Only on this one subnet which is completely separate from any others.
Even if I add a management subnet to the router, it won't need DHCP. And that will be the only multi-subnet requirement.
"Set to Access / Untagged" I can surely try that.
A new router should arrive tomorrow but I really value knowing how to make things work!!
Multi DHCP isn't needed. Only on this one subnet which is completely separate from any others.
Even if I add a management subnet to the router, it won't need DHCP. And that will be the only multi-subnet requirement.
ASKER
OK. Progress..sorta.
I used Masnrock's suggestion and changed the top-level switch port 16 to Access, VLAN100, untagged.
I introduced the RV320 router to connect to this switch port but, for now, had to put it in a very basic mode using default VLAN1 and nothing else. .. so, a vanilla gateway with DHCP service running.
I plugged a phone into a trunk port on the same switch and everything worked: the phone gets an IP via DHCP and was able to call out. So that is indeed progress.
[In the earlier test where no internet connection was available on the phones, we did get DHCP to flow down through the top-level switch and through the next level switch. This bears on the latest test results below].
However, this time, plugging a phone into the next switch level down resulted in no DHCP service where it had been available earlier. The only change is that port 16 setting on the top-level switch. All ports on the downstream switches are trunked.
I'm thinking about setting up an untagged access port on VLAN100 on each switch, similar to Masnrock's recommendation, to see if a laptop plugged in downstream on the VLAN100 subnet can work with DHCP and internet access. Seems like a good idea to have these set up permanently for troubleshooting and testing.
At any rate, this now seems like a switch VLAN problem. All the switches are SG300-xx EXCEPT the top-level switch which is an SRW-2016 (an earlier cousin).
One thought is to replace the SRW-2016 with a later model SG300-20; but that would be just a dumb try.
Here are the SRW-2016 Help notes:
I used Masnrock's suggestion and changed the top-level switch port 16 to Access, VLAN100, untagged.
I introduced the RV320 router to connect to this switch port but, for now, had to put it in a very basic mode using default VLAN1 and nothing else. .. so, a vanilla gateway with DHCP service running.
I plugged a phone into a trunk port on the same switch and everything worked: the phone gets an IP via DHCP and was able to call out. So that is indeed progress.
[In the earlier test where no internet connection was available on the phones, we did get DHCP to flow down through the top-level switch and through the next level switch. This bears on the latest test results below].
However, this time, plugging a phone into the next switch level down resulted in no DHCP service where it had been available earlier. The only change is that port 16 setting on the top-level switch. All ports on the downstream switches are trunked.
I'm thinking about setting up an untagged access port on VLAN100 on each switch, similar to Masnrock's recommendation, to see if a laptop plugged in downstream on the VLAN100 subnet can work with DHCP and internet access. Seems like a good idea to have these set up permanently for troubleshooting and testing.
At any rate, this now seems like a switch VLAN problem. All the switches are SG300-xx EXCEPT the top-level switch which is an SRW-2016 (an earlier cousin).
One thought is to replace the SRW-2016 with a later model SG300-20; but that would be just a dumb try.
Here are the SRW-2016 Help notes:
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
masnrock: Very interesting tidbit! Thanks! That's exactly the situation that I'm in right now: bringing firmware up to date AND getting the switches to do new things.
As it stands right now:
It works with the SRW2016 and the VLAN just fine.
It works trunked down through an SG300-10 to a VLAN100 untagged access port and a laptop gets VLAN100 DHCP just fine.
It does not work trunked down through the SG300-10 to a Trunked port. There the intended VLAN100 device shows its MAC address on VLAN1 and gets no DHCP (VLAN1 has no DHCP service). It's as if VLAN100 has bee stripped off on this Trunked port.
As it stands right now:
It works with the SRW2016 and the VLAN just fine.
It works trunked down through an SG300-10 to a VLAN100 untagged access port and a laptop gets VLAN100 DHCP just fine.
It does not work trunked down through the SG300-10 to a Trunked port. There the intended VLAN100 device shows its MAC address on VLAN1 and gets no DHCP (VLAN1 has no DHCP service). It's as if VLAN100 has bee stripped off on this Trunked port.
I lost a night's sleep at a hotel installing some L3 switches to figure that out. Drove me nuts! And I didn't even get to enjoy my free room! (I had preconfigured the switches before going onsite, and at the end of it all, it turns out my configuration had been 100 percent correct, just that the firmware caused issues)
Document your configuration and try that approach... may very well clear things up!
Document your configuration and try that approach... may very well clear things up!
ASKER
I tried using General ports and nothing changed.
I guess I'll have to re-configure the switches. Fortunately they aren't too large. And, one at a time is a good idea.
I guess I'll have to re-configure the switches. Fortunately they aren't too large. And, one at a time is a good idea.
ASKER
I've been able to dig a little deeper. Looking at the top-level Level2 switch (SRW2016) aka "LAN Switch", there are these connections:
1) a VOIP phone connected to each of 2 lower level switches which are on LAN switch ports 6 and 8 - which are trunked with VLAN1 & VLAN100.
2) the intended VOIP gateway connected to port 16 which is a VLAN100 Access port.
When I look at dynamic addresses on the LAN Switch, it shows only port 16 on VLAN100.
Port 6 connects down to port 7 on the next level switch (SG300-10)
There is a VOIP phone looking for VLAN100 on port 6 of the SG300-10. It gets no DHCP from the VOIP router.
Port 8 connects down to port x on another next level switch (SG300-10)
There is a VOIP phone looking for VLAN100 on a port of this SG300-10. It gets no DHCP from the VOIP router.
Dynamic addresses on the SG300-10 show that the VOIP phone is on VLAN1.
Dynamic addresses on the LAN Switch show only port 16 (the router) on VLAN100 and NOT port 6 or port 8.
I have reset the first SG300-10 to factory defaults and manually entered all the settings.
1) a VOIP phone connected to each of 2 lower level switches which are on LAN switch ports 6 and 8 - which are trunked with VLAN1 & VLAN100.
2) the intended VOIP gateway connected to port 16 which is a VLAN100 Access port.
When I look at dynamic addresses on the LAN Switch, it shows only port 16 on VLAN100.
Port 6 connects down to port 7 on the next level switch (SG300-10)
There is a VOIP phone looking for VLAN100 on port 6 of the SG300-10. It gets no DHCP from the VOIP router.
Port 8 connects down to port x on another next level switch (SG300-10)
There is a VOIP phone looking for VLAN100 on a port of this SG300-10. It gets no DHCP from the VOIP router.
Dynamic addresses on the SG300-10 show that the VOIP phone is on VLAN1.
Dynamic addresses on the LAN Switch show only port 16 (the router) on VLAN100 and NOT port 6 or port 8.
I have reset the first SG300-10 to factory defaults and manually entered all the settings.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
masnrock: Great question.
I've not proven this but there's more below:
Phones work on Access ports Untagged on VLAN100.
Phones don't work on Trunked ports VLAN1UP/VLAN100T (same for General ports).
Phones connected to trunked ports come up on the switch with their MAC attached to VLAN1 .... ?????
Here is what I've been told:
The phones first connect to VLAN1 in order to get an IP address and use that to configure themselves.
Once configured, they switch over to VLAN100.
But, in this case, only VLAN100 has DHCP service.
Using an Access port VLAN100UP, the phone really has no choice to make re VLANs and just works.
Using a Trunked port VLAN1UP/VLAN100T and assuming what I was told is correct, the phone hangs up because there's no DHCP on VLAN1.
So much for "separation" of VLANs.... !!! I'm rather disappointed by this.
I've not proven this but there's more below:
Phones work on Access ports Untagged on VLAN100.
Phones don't work on Trunked ports VLAN1UP/VLAN100T (same for General ports).
Phones connected to trunked ports come up on the switch with their MAC attached to VLAN1 .... ?????
Here is what I've been told:
The phones first connect to VLAN1 in order to get an IP address and use that to configure themselves.
Once configured, they switch over to VLAN100.
But, in this case, only VLAN100 has DHCP service.
Using an Access port VLAN100UP, the phone really has no choice to make re VLANs and just works.
Using a Trunked port VLAN1UP/VLAN100T and assuming what I was told is correct, the phone hangs up because there's no DHCP on VLAN1.
So much for "separation" of VLANs.... !!! I'm rather disappointed by this.
The phones first connect to VLAN1 in order to get an IP address and use that to configure themselves.This would hold true if your switches were configured to detect phones and put them on a particular VLAN (there are multiple ways to do this with your type of switch, including the Voice VLAN feature).
Once configured, they switch over to VLAN100.
But, in this case, only VLAN100 has DHCP service.
Using a Trunked port VLAN1UP/VLAN100T and assuming what I was told is correct, the phone hangs up because there's no DHCP on VLAN1.A trunked port going to the phone? This configuration wouldn't have worked. See section above.
How were the ports configured on downstream switches? I assume that the ports connecting switches to each other were trunk ports, but what about the others?
You mentioned wanting to use VLAN1 for management of the network devices, and VLAN100 for the phones. Where were you intended to connect from to manage those VLAN1 devices?
ASKER
What the phone tech told me was that trunk ports are the appropriate choice.
The phones have a configuration entry that indicates the VLAN ID - I've seen that. It's set to 100.
The big issue seems to be the needed DHCP service on VLAN1 to initialize the phone .. every time it's booted.
The switches aren't set up to detect phones.
As I understand it, the phones have their own "switch" that strips off the tagged VLAN100 packets for its own use and, one supposes, must tag the outgoing packets / frames?
It also "passes through" the untagged VLAN1 to a PC port. i.e. an Ethernet port that puts a PC on the VLAN1 network.
The passthrough works.
The PC shows up on VLAN1 on the Cisco switch with the trunked port(s).
The phone shows up on VLAN1 on the same Cisco switch port. ... and that's all.
The ports are configured like this:
VOIP gateway router (no VLANs)
> Cisco SG300-20 switch Untagged VLAN100 Access port for the gateway router connection.
> Cisco SG300-20 switch Untagged VLAN100 Access port for a phone only - I beleive this is the one phone connection that works.
> Cisco SG300-20 switch VLAN1UP/ VLAN100T Trunked port for a phone and/or phone+computer - at this point I imagine that this phone won't work.
> Cisco SG300-20 switch VLAN1UP/ VLAN100T Trunked port link to next switch downstream
>Cisco SG300-10 next level switch VLAN1UP/ VLAN100T Trunked port link upstream
>Cisco SG300-10 next level switch VLAN1UP/ VLAN100T Trunked ports for phone and/or phone+computer
>Cisco SG300-10 next level switch Untagged VLAN100 Access port for laptop to prove VLAN100 is present with DHCP service.
There is another Cisco SG300-10 at the same level as the one above.
Same arrangement.
There is another Cisco SG300-10 downstream off of one of the two above.
Same arrangement.
So, in all there are 3 switches in cascade at the most.
The phones have a configuration entry that indicates the VLAN ID - I've seen that. It's set to 100.
The big issue seems to be the needed DHCP service on VLAN1 to initialize the phone .. every time it's booted.
The switches aren't set up to detect phones.
As I understand it, the phones have their own "switch" that strips off the tagged VLAN100 packets for its own use and, one supposes, must tag the outgoing packets / frames?
It also "passes through" the untagged VLAN1 to a PC port. i.e. an Ethernet port that puts a PC on the VLAN1 network.
The passthrough works.
The PC shows up on VLAN1 on the Cisco switch with the trunked port(s).
The phone shows up on VLAN1 on the same Cisco switch port. ... and that's all.
The ports are configured like this:
VOIP gateway router (no VLANs)
> Cisco SG300-20 switch Untagged VLAN100 Access port for the gateway router connection.
> Cisco SG300-20 switch Untagged VLAN100 Access port for a phone only - I beleive this is the one phone connection that works.
> Cisco SG300-20 switch VLAN1UP/ VLAN100T Trunked port for a phone and/or phone+computer - at this point I imagine that this phone won't work.
> Cisco SG300-20 switch VLAN1UP/ VLAN100T Trunked port link to next switch downstream
>Cisco SG300-10 next level switch VLAN1UP/ VLAN100T Trunked port link upstream
>Cisco SG300-10 next level switch VLAN1UP/ VLAN100T Trunked ports for phone and/or phone+computer
>Cisco SG300-10 next level switch Untagged VLAN100 Access port for laptop to prove VLAN100 is present with DHCP service.
There is another Cisco SG300-10 at the same level as the one above.
Same arrangement.
There is another Cisco SG300-10 downstream off of one of the two above.
Same arrangement.
So, in all there are 3 switches in cascade at the most.
The phones have a configuration entry that indicates the VLAN ID - I've seen that. It's set to 100.That changes a portion of what I had earlier discussed. Then this SHOULD have worked. Now the question becomes whether things are set up quite as correctly as the phone tech claims.
As I understand it, the phones have their own "switch" that strips off the tagged VLAN100 packets for its own use and, one supposes, must tag the outgoing packets / frames?Correct.
The passthrough works.As in everything working correctly, or that the device connected to the phone gets works correctly? (Everything ends up on VLAN1, but at least connects online)
ASKER
"The passthrough works" as in the device connected to the downstream side of the phone works on VLAN1 (it has a static IP) and can access anything that's normal (network shares, internet, etc.)
The phone (starting out on VLAN1) doesn't connect online because there's no DHCP available on VLAN1.
The phone (starting out on VLAN1) doesn't connect online because there's no DHCP available on VLAN1.
Lets start with a question. Is the port to the new router configured to vlan 100 untagged and set to mode access?