+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 24
Wired Networks Thread, PVID 4204vl in Technical; Hi all, Starting to pull my hair out here! We have a 4204vl switch, and I cannot for the life ...
  1. #1

    Join Date
    Sep 2011
    Location
    Cambridgeshire
    Posts
    176
    Thank Post
    2
    Thanked 14 Times in 13 Posts
    Rep Power
    13

    PVID 4204vl

    Hi all,

    Starting to pull my hair out here!

    We have a 4204vl switch, and I cannot for the life of me work out how to set PVID on a port. We have a Sonicwall NSA3600 and 1 port with a normal and a vlan 8 assignment. This will provide staff wireless on the non-vlan side and student on the vlan side.

    This works at our other site on an NSA2400 and Cisco switch with PVID set to 47 and VLAN access to 8, so it tags the normal traffic on the port with 47, so it can traverse the switches to its final destination.

    The procurve only lets me tag, untag, forbid or auto. No PVID option!! I was under the impression that 'normally' if a port is untagged it cant be tagged, so how does PVID work on these things? I tried just untagging the port, but nothing passed

    Any help would be appreciated,

    Thanks

    James

  2. #2

    Join Date
    Sep 2011
    Location
    Cambridgeshire
    Posts
    176
    Thank Post
    2
    Thanked 14 Times in 13 Posts
    Rep Power
    13
    Ok here are some details, if someone could sanity check, it would be appreciated.

    Sonicwall NSA3600, X9 - WLAN for provisioning, X9:V8 - StudentWLAN(custom WLAN zone), X9:V10 - StaffWLAN(custom WLAN zone)

    Wire goes from X9 port to a 4204vl Procurve:

    VLANS sets as 1 - Default, 8 - StudentWLAN, 10 - StaffWLAN, 47 - SONICPOINT

    X9 connected to D23, D23 set as 47 Untagged, 10 Tagged, 8 Tagged, 1 No

    The data then leaves the switch via a GBIC port, B24 to the next switch, which is a Catalyst 3750-48PS, set as 47 Tagged, 10 Tagged, 8 Tagged and 1 Tagged.

    The data arrives at the 3750-48PS on Gi1/0/1:

    interface GigabitEthernet1/0/1
    switchport trunk encapsulation dot1q
    switchport mode trunk

    The 2 test SonicPoints are then connected to FastEthernet1/0/6 and FastEthernet1/0/7, both with:

    switchport trunk encapsulation dot1q
    switchport trunk native vlan 47
    switchport trunk allowed vlan 8,10
    switchport mode trunk
    spanning-tree portfast trunk

    As far as I can work out, this should work, but it doesnt! Untagged on the procurve should forward untagged traffic tagged and native vlan on the cisco should forward tagged to untagged, therefore satisfying the SDP gods.

    Anyone see any glaring errors?

    Thanks

    James

  3. #3
    Cache's Avatar
    Join Date
    Apr 2008
    Location
    Cumbria
    Posts
    1,207
    Thank Post
    451
    Thanked 174 Times in 171 Posts
    Blog Entries
    3
    Rep Power
    64
    I can't get it straight in my head exactly what your trying to achieve, however this might help.

    We have a Guest Wireless Network which runs on VLAN 60.

    The ports which have the ap's on are currently set up to be untagged on VLAN 1 (The default VLAN) and Tagged on VLAN 60. The configuration is then replicated across the network so that on all the uplinks, the ports remain untagged on VLAN 1 and are tagged on VLAN 60. This is by no means the best way to do it, however it works so, our proxy server which manages DHCP/DNS/Proxy has 2 NIC's in it, the one serving DHCP is plugged in to a port which is Untagged on VLAN 60 and is not tagged on any other VLANs, the other NIC is plugged into a port which is Untragged on VLAN 1.

    If I've got in my head right, you want all your uplinks to be Untagged on whatever your default VLAN is, however they need to be tagged with every other VLAN which you need to traverse across the uplinks. If you have your Uplinks trunked, then you will need to apply the Tagging to the trunks as well.

    Does that help?

    It might be a complete load of nonsense because my knowledge of this is very basic.
    Last edited by Cache; 14th June 2014 at 08:26 PM.

  4. #4
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,432
    Thank Post
    10
    Thanked 488 Times in 428 Posts
    Rep Power
    111
    As you've discovered the Procurves have no pvid options. That would be "untagged". You may use untagged and multiple tagged on the same port, traffic without vlan tags will go via the untagged vlan, while tagged packets will work if they meet a tagged vlan id.

  5. #5

    Join Date
    Sep 2011
    Location
    Cambridgeshire
    Posts
    176
    Thank Post
    2
    Thanked 14 Times in 13 Posts
    Rep Power
    13
    Hmm, that is exactly how I have it setup, X9 with the main interface plus 2 vlans into Port D23, 47U, 8T, 5T. Then port B24 to the Cisco 3750, 47T, 8T, 5T.

    Ge1/0/1 is set as:

    interface GigabitEthernet1/0/1
    switchport trunk encapsulation dot1q
    switchport mode trunk

    The sonic points are connected to various ports set as:
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 47
    switchport trunk allowed vlan 8,10
    switchport mode trunk
    spanning-tree portfast

    As far as I can work out, it should work!!

    Oh well, I will plug a laptop into the sonic point ports on the Cisco in the morning and see if I get an IP, try and rule out what does work and what doesn't.

    Thanks for the replies so far.

    James

  6. #6
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,432
    Thank Post
    10
    Thanked 488 Times in 428 Posts
    Rep Power
    111
    Edit: Re-reading posts to try and work out traffic flow
    Last edited by DMcCoy; 15th June 2014 at 10:38 PM.

  7. #7

    Join Date
    Sep 2011
    Location
    Cambridgeshire
    Posts
    176
    Thank Post
    2
    Thanked 14 Times in 13 Posts
    Rep Power
    13
    D23 is the port that the SW connects to the Procurve and B24 is the way out to the Cisco.

    D23 is indeed untagged and B24 is tagged, I want all untagged packets coming from the SW to be tagged out to the other VLAN47 ports, in the same way a PVID works on other switches, or at least does on our Small Business 200 at out other site! I am sure I read in the admin manual for Procurve, that is does perform this function.

    Thanks

    James

  8. #8
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,432
    Thank Post
    10
    Thanked 488 Times in 428 Posts
    Rep Power
    111
    You are correct, traffic untagged on 47 should be seen by tagged ports, it's difficult to work out with just reading the vlans

    if you connect another device in vlan 47 on the procurve, can the NSA see it? I assume all the relevant routes are in place too (on whatever is doing the routing).

  9. #9

    Join Date
    Sep 2011
    Location
    Cambridgeshire
    Posts
    176
    Thank Post
    2
    Thanked 14 Times in 13 Posts
    Rep Power
    13
    I suppose I could create an untagged connection between the switches, as they are only a couple of metres away from each other. Untag another port for 47 on the ProCurve and then native vlan for 47 a port on the Cisco. Although that won't help when I need to add some more Sonicpoints to another 3750, connected by a Gbic fibre, downstairs! Although, saying that, I have a Small Business 300 in the same rack as the ProCurve, with the same PVID function as the 200 at the other site, so I could connect the SW to that and see if I can get the 47 flowing from untagged to tagged into that switch and then back to the ProCurve, and then on to the 3750's, as the packets will be tagged by that point entering the Cisco 3750 switches and then the native VLAN 47 will untag them into the SonicPoints. Gotta love brainstorming on a sunday night, so much to try in the morning!

    I hope everyone understands what I am trying to do by tagging packets leaving an untagged port, so they can traverse switches. SonicPoints needing an untagged connection to provision and all. as X9 has the untagged WLAN for provisioning and then 2 VLAN sub interfaces for extra SSIDS, everything needs to be done on the same port. Secure but an absolute ars* to setup!

    Thanks

    James

  10. #10

    Join Date
    Sep 2011
    Location
    Cambridgeshire
    Posts
    176
    Thank Post
    2
    Thanked 14 Times in 13 Posts
    Rep Power
    13
    Routing is being done on the SW. I haven't had to add any routes for the current VLAN8 and 10 traffic (which is flowing, as we use it for our current wifi solution) All our switches are in L2 mode.

    I am off site at the moment, but hardware testing will start in the morning, using my laptop in various ports to check connectivity on VLAN 47. Hopefully I will work away from the SW and find the device causing the blockage, but the above solution may sort it using a switch with the abilities I need.

    I will also check the routing on the SW, just in case a route is missing for whatever reason, but as the current 8 and 10 are working, i think its ok.

    James

  11. #11
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,432
    Thank Post
    10
    Thanked 488 Times in 428 Posts
    Rep Power
    111
    Code:
    NSA						Procurve							Cisco
    			OUT		IN 						OUT		IN	
    	Status		Port		Port	Status		Procurve	Status	Port		Port	Status	Cisco
    VLAN1	?		X9	-/-	D23	No		VLAN1		Tagged	B24	///	1/0/1	trunk	VLAN1
    VLAN8 	Tagged		X9:V8	---	D23	Tagged		VLAN8		Tagged	B24	---	1/0/1	trunk	VLAN8
    VLAN10 	Tagged		X9:V10	---	D23	Tagged		VLAN10		Tagged	B24	---	1/0/1	trunk	VLAN10
    VLAN47	Untagged	X9:V47	---	D23	Untagged	VLAN47		Tagged	B24	---	1/0/1	trunk	VLAN47
    Is this the current situation? (using in/out ports to work out where everthing is going).

    There will be no traffic passed with VLAN ID of 1, but everything else should be working.
    Last edited by DMcCoy; 15th June 2014 at 11:22 PM. Reason: formatting

  12. #12
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,432
    Thank Post
    10
    Thanked 488 Times in 428 Posts
    Rep Power
    111
    Oh, one thing, how does vlan 47 get in/out of the NSA? I don't see anything specific

    Edit: ah it was still cisco config, what's the CLI output for the NSA config for the ports?
    Last edited by DMcCoy; 15th June 2014 at 11:39 PM.

  13. #13

    Join Date
    Sep 2011
    Location
    Cambridgeshire
    Posts
    176
    Thank Post
    2
    Thanked 14 Times in 13 Posts
    Rep Power
    13
    X9 doesn't have a VLAN47 associated with it, it is just the native port, you can't untag on a SW device, just set VLAN subinterfaces on main interfaces. If I send it out tagged as 47, then D23 will strip the tag anyway and apply the tag of the vlan that is untagged on the port(Which is 47 anyway!), and the SW needs untagged on the port for provisioning. Trying to keep the SP's away from VLAN 1, as it is our normal LAN and already has DHCP on it, hence the VLAN47 provisioning VLAN.

    X9 is set as below:

    X9 WLAN
    X9:V8 StudentWireless
    X9:V10 Staff Wireless

    Apart from that and the SP ports on the Cisco being Native VLAN of 47 and Tagged for 8,10

    Thanks for the input, always good for someone to sanity check!
    Last edited by CAWJames; 15th June 2014 at 11:46 PM.

  14. #14

    Join Date
    Sep 2011
    Location
    Cambridgeshire
    Posts
    176
    Thank Post
    2
    Thanked 14 Times in 13 Posts
    Rep Power
    13
    OR should I be tagging 47 on the SW X9 port? Should I be matching the Untag of 47 on D23 with a Tag of 47 on X9?

  15. #15
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,432
    Thank Post
    10
    Thanked 488 Times in 428 Posts
    Rep Power
    111
    Ah, if the Sonicwall is applying 802.1q tags for VLAN47 then the procurve also needs to be tagged on the link, afaik the tags will be read and dropped, because 47 is *not* tagged on D23. Packets *without* tags will go to 47.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. 4204Vl blocking all forms of remote management
    By CAWJames in forum Wired Networks
    Replies: 4
    Last Post: 26th April 2013, 08:46 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •