Mr.X
asked on
How to get 2 untagged vlan work
Hi guys,
I got a Meraki mx64 router - has 3 vlans-1,2,5
Vlan 1,2 - server is dhcp
Vlan5- meraki is dhcp
Meraki connecting to dlink dgs1510 switch1(vlan1 -untag,vlan 2-tag, vlan5-tag) , and Sameway switch1 connecting to switch2 in trunk(vlan1-untag,vlan 2-yah, vlan5-tag)
In switch1- all ports are vlan1 untag and vlan2 tag, as it’s going to phones and computers. Vlan5 not a member
In switch2- all ports connecting to computers which needs to be in different subnet from rest, so vlan5 untag In all ports. Vlan1&2 not members
If I do this setup - vlan 5untag in switch 2 not working. It’s not communicating to router to get dhcp. In trunk between switches vlan5 is tagged, but all ports in switch 2 , is untag. So am little confused.
Am I doing anything wrong ? I have also attached a diagram to make it easier
[embed=file 1411870]
049e366f-93ad-46b5-b5e1-b4b84d8eadd1.JPG
I got a Meraki mx64 router - has 3 vlans-1,2,5
Vlan 1,2 - server is dhcp
Vlan5- meraki is dhcp
Meraki connecting to dlink dgs1510 switch1(vlan1 -untag,vlan 2-tag, vlan5-tag) , and Sameway switch1 connecting to switch2 in trunk(vlan1-untag,vlan 2-yah, vlan5-tag)
In switch1- all ports are vlan1 untag and vlan2 tag, as it’s going to phones and computers. Vlan5 not a member
In switch2- all ports connecting to computers which needs to be in different subnet from rest, so vlan5 untag In all ports. Vlan1&2 not members
If I do this setup - vlan 5untag in switch 2 not working. It’s not communicating to router to get dhcp. In trunk between switches vlan5 is tagged, but all ports in switch 2 , is untag. So am little confused.
Am I doing anything wrong ? I have also attached a diagram to make it easier
[embed=file 1411870]
049e366f-93ad-46b5-b5e1-b4b84d8eadd1.JPG
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You will need a Router to communicate between the VLAN's.
Just add another VLAN on your router.
(A VLAN can be put on multiple interfaces).
Just add another VLAN on your router.
(A VLAN can be put on multiple interfaces).
ASKER
Hi,
Ya I got a meraki router. I created new vlan as 5.
But how it gonna work in switch 2 with untag vlan5
When switch 1 already has untag vlan1 ???
Ya I got a meraki router. I created new vlan as 5.
But how it gonna work in switch 2 with untag vlan5
When switch 1 already has untag vlan1 ???
Create one port with untagged VLAN 5 on switch 1 (just the port you connect switch 2 on).
OR make the connection between switch 1 & 2 use a tagged VLAN 5.
OR make the connection between switch 1 & 2 use a tagged VLAN 5.
Here is the most simple explanation of vlan tags I have heard.
untagged vlans stay inside the switch they are created on, even if you have untagged in other switches
tagged packets can traverse to other switches as long as you have a trunk path. IE... A tagged vlan the same on both ports that are connected to each other.
To get any packets to cross vlans requires a router.
untagged vlans stay inside the switch they are created on, even if you have untagged in other switches
tagged packets can traverse to other switches as long as you have a trunk path. IE... A tagged vlan the same on both ports that are connected to each other.
To get any packets to cross vlans requires a router.
@Scott,
The purpose of tagging is specifically for a switch to determine with vlan the packets goes to. Additionally, untagged packets to not stay in switches. You can connect as many switches together with the same untagged vlan and they would talk. This was what old school simply called switch uplinks vs. trunks. Uplinks were untagged and trunks tagged.
untagged vlans stay inside the switch they are created on
The purpose of tagging is specifically for a switch to determine with vlan the packets goes to. Additionally, untagged packets to not stay in switches. You can connect as many switches together with the same untagged vlan and they would talk. This was what old school simply called switch uplinks vs. trunks. Uplinks were untagged and trunks tagged.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Nspear,
Ok leave my setup.
I just need general idea.
Think currently company has 2 vlan. Vlan1 for data and vlan 2 for voice
Now they acquire a new building across. So both building connected through switches and trunk flows to take vlan1 and vlan2
In new building, they wanted a new subnet(new vlan 5 for their computers) . How can I achieve this ???
In router I created vlan 5. But will vlan5 work as untag in switch 2. (It doesn't work when I tried)
Ok leave my setup.
I just need general idea.
Think currently company has 2 vlan. Vlan1 for data and vlan 2 for voice
Now they acquire a new building across. So both building connected through switches and trunk flows to take vlan1 and vlan2
In new building, they wanted a new subnet(new vlan 5 for their computers) . How can I achieve this ???
In router I created vlan 5. But will vlan5 work as untag in switch 2. (It doesn't work when I tried)
The only place vlan 5 will be tagged is the switch trunk and trunk to meraki router. All computers on vlan 5 will have untagged switchports. When you say you created vlan 5 on router. I assume you created a interface tagging vlan 5 that has an ip address as the default gateway for vlan 5 right?
ASKER
Hi, can you please look at my diagram in my original question
It will be easy to discuss
Right now, I just got a scenario and asking how to implement it .
It will be easy to discuss
Right now, I just got a scenario and asking how to implement it .
I looked at your diagram already. It doesn't go into specifics of your vlan 5 configuration of the Meraki.
ASKER
Ok.
Sorry am not sure whether am not explaining question properly, or you can't get me.
From beginning.
I got a company which has 2 vlans currently. Vlan 1 for data and vlan2 for voice .
Got a meraki router. Got vlan1 as untag and vlan2 as tag and port 1 from meraki goes into port 1 of switch1. Both sides(valn1 untag, vlan2 tag) - all works good . No issues
Now that company wants to put in new switch2 and wanted new subnet for computers connecting to switch2 alone. How do I achieve this ???
If possible/ if you don't mind could you make a diagram for me
Sorry am not sure whether am not explaining question properly, or you can't get me.
From beginning.
I got a company which has 2 vlans currently. Vlan 1 for data and vlan2 for voice .
Got a meraki router. Got vlan1 as untag and vlan2 as tag and port 1 from meraki goes into port 1 of switch1. Both sides(valn1 untag, vlan2 tag) - all works good . No issues
Now that company wants to put in new switch2 and wanted new subnet for computers connecting to switch2 alone. How do I achieve this ???
If possible/ if you don't mind could you make a diagram for me
Your diagram is already correct regarding the tagging. My question is regarding the Meraki configuration cause you state dhcp isnt' working.
ASKER
It's not just dhcp.
Even if I set static ip for computers in switch 2 for vlan5, it doesn't work. I can't ping gateway (meraki router)
I wonder untag vlan5 in switch2 not reaching switch 1 or router .
Is it because - vlan5 is untag In switch 2 . And trunk between switch 1 and switch2 has vlan5 as tag. Is that the issue ???
Even if I set static ip for computers in switch 2 for vlan5, it doesn't work. I can't ping gateway (meraki router)
I wonder untag vlan5 in switch2 not reaching switch 1 or router .
Is it because - vlan5 is untag In switch 2 . And trunk between switch 1 and switch2 has vlan5 as tag. Is that the issue ???
ASKER
There is no issues on router side.
Because if I create access port on switch 1 for vlan5 , both dhcp and static ip works good. Can reach internet or can ping router
It's just the switch 2 config . Access port for vlan5 from switch 2 not reaching router/ swirch1 .
Am I doing anything wrong in vlan/trunk from switch 2 to switch1 ? Or how can I make it work or it's not possible to do this setup ?
Because if I create access port on switch 1 for vlan5 , both dhcp and static ip works good. Can reach internet or can ping router
It's just the switch 2 config . Access port for vlan5 from switch 2 not reaching router/ swirch1 .
Am I doing anything wrong in vlan/trunk from switch 2 to switch1 ? Or how can I make it work or it's not possible to do this setup ?
If you are tagging vlan 5 between all switches and the firewall, it should work. Untagged for vlan 5 for all ports connected to vlan 5 computers. At this point, could you share the switch configs.?
ASKER
Right now I got no access to switches.
But this is the config below. Nothing fancy.
Router - port1 : trunk (vlan1 untag, vlan2 tag, vlan5 tag)
Switch 1- port 1 connecting to router port1 :trunk (vlan1 untag, vlan2 tag, vlan5 tag)
switch1 ports are (vlan1 untag, vlan2 tag) - because got iPphones and connted to computer through phones
Switch1 port24: trunk(vlan1 untag, vlan2 tag, vlan5 tag) connecting to switch2 on port1( vlan1 untag, vlan2 tag, vlan5tag)
Vlan1 and vlan2 works fine. It's just vlan5 in switch2 I got issues
Switch2 needs only computers which should be in vlan5 and obviously it should be untag/access as computers can't read tag. - and this part isn't working for me.
But this is the config below. Nothing fancy.
Router - port1 : trunk (vlan1 untag, vlan2 tag, vlan5 tag)
Switch 1- port 1 connecting to router port1 :trunk (vlan1 untag, vlan2 tag, vlan5 tag)
switch1 ports are (vlan1 untag, vlan2 tag) - because got iPphones and connted to computer through phones
Switch1 port24: trunk(vlan1 untag, vlan2 tag, vlan5 tag) connecting to switch2 on port1( vlan1 untag, vlan2 tag, vlan5tag)
Vlan1 and vlan2 works fine. It's just vlan5 in switch2 I got issues
Switch2 needs only computers which should be in vlan5 and obviously it should be untag/access as computers can't read tag. - and this part isn't working for me.
Ok, and vlan 5 is created on all switches? Not just tagged?
ASKER
Yes it's created inall swirches
Vlan5 also works in switch1, if I make any port as access/untag for vlan5 it works.
It's just not working in switch2. Got no idea why.
Vlan5 also works in switch1, if I make any port as access/untag for vlan5 it works.
It's just not working in switch2. Got no idea why.
When you get access to the switches again. Can you look at the status of the trunk link between switch 1 and 2? Another thing to try is putting a pc on switch 1 and switch 2 for vlan 5 and see if they can ping each other. If not, layer 2 for vlan 5 on that trunk link isn't working. Also try pinging between pc's on the switch 2 for vlan 5.
ASKER
I will try that for sure tomorrow
But I think trunk works good between 2 switches.
Because if I have access port as vlan1 computers working . Phones working on vlan2 as tag.
What am thinking is ?? - if I have a port as vlan5 as untag in switch2. When it goes through trunk( trunk has vlan5 as tag and vlan 1 as untag) is this a mismatch or a problem ???
But I think trunk works good between 2 switches.
Because if I have access port as vlan1 computers working . Phones working on vlan2 as tag.
What am thinking is ?? - if I have a port as vlan5 as untag in switch2. When it goes through trunk( trunk has vlan5 as tag and vlan 1 as untag) is this a mismatch or a problem ???
No that wouldn't be the cause. That is supposed to be set like that. What is the vendor and model of the switch 2 ?
ASKER
Both switches are same. Hpe1910
On the trunk VLAN 5 needs to be tagged anyway.
ASKER
Ok. Just a general question
- in switch2 : when vlan5 is untagged. Frame goes untag and when it enters switch trunk, how it will go through vlan5 which is tagged in trunk ?
- in switch2 : when vlan5 is untagged. Frame goes untag and when it enters switch trunk, how it will go through vlan5 which is tagged in trunk ?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Excellent explanation Noci!
ASKER
Just trying to understand
When a frame comes from computer in switch port which is access port for vlan 10 - then while frame entering switch it adds a tag as vlan10 to frame. Am I correct ?
When a frame goes out of switch port, which is access port for vlan10- switch strips the vlan tag and sends the frame out without tag info .
If it's trunk or tagged port- both ingress and egress has tagged info . Am I correct with all 3 situations.?
When a frame comes from computer in switch port which is access port for vlan 10 - then while frame entering switch it adds a tag as vlan10 to frame. Am I correct ?
When a frame goes out of switch port, which is access port for vlan10- switch strips the vlan tag and sends the frame out without tag info .
If it's trunk or tagged port- both ingress and egress has tagged info . Am I correct with all 3 situations.?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.
I have recommended this question be closed as follows:
Split:
-- 'skullnobrains' (https:#a42795409)
-- 'noci' (https:#a42795383)
-- 'noci' (https:#a42795263)
-- 'Soulja' (https:#a42795256)
-- 'Soulja' (https:#a42795141)
-- 'noci' (https:#a42794981)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
seth2740
Experts-Exchange Cleanup Volunteer
I have recommended this question be closed as follows:
Split:
-- 'skullnobrains' (https:#a42795409)
-- 'noci' (https:#a42795383)
-- 'noci' (https:#a42795263)
-- 'Soulja' (https:#a42795256)
-- 'Soulja' (https:#a42795141)
-- 'noci' (https:#a42794981)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
seth2740
Experts-Exchange Cleanup Volunteer
ASKER
Normally I just got 2 vlans. Default 1 for data and 2 for voice
Now they got a new building near by which is connected through fibre cable from main building. So both switches connected as trunk.
And they want a new vlan 5 for computers in new building. Can this be achieved ???