I'm having issues routing between vlans on this switch (GSM7324) I appreciate it's quite old.
We have wifi that uses 2 vlans (25 and 35)
so the vlans are configured like this :-
1 All untagged except for the LAG on ports 1-2 (1/1)
25 All excluded except tagged on the LAG on ports 1-2 (1/1)
35 All excluded except tagged on the LAG on ports 1-2 (1/1)
150 WAN (pvid 150 21-24) (wan switch)
250 PFSENSE (pvid 250 19-21) (firewall switch)
Interface vlans have IP addresses (vlan 1 - 192.168.5.23) (vlan 25 - 192.168.10.1) and routing is enabled, DHCP relay is set to point at our dhcp server
The vlans work fine but the routing doesn't. It's currently routing through smoothwall zone bridging and DHCP is also done through smoothwall - when I turn this off I cant ping anything nor is a device getting an IP from the DHCP server
Any ideas ? Scratching my head over this.
I think the reason is that the vlans don't have a pvid on any ports - but I'm not sure how to fix this
Last edited by caffrey; 1st July 2014 at 04:27 PM.
DHCP Scope matches
Default gateway IP is 192.168.5.253 which is the smoothwall, I can see a problem there
vlan subnet gateway is set to the lowest IP eg 192.168.10.1 (scope is 192.168.10.1/23)
Currently the network is set up like this :-
WIFI with 2 SSID on vlan 25 / 35
Smoothwall interfaces tagged with those VLANS which is connected to Smoothwall DHCP server and the vlans are zone bridged for airserver etc. works fine (unifi access points)
Smoothwall is gateway at 192.168.5.253
Main issue I have is I have no lab, I'm having to do all this live which is fun and I think its causing all my problems
I'm trying to cut out all the services on the smoothwall eg use our DHCP server and using a layer 3 switch for routing as I'm relying too much on the smoothwall box
Cheers, think I've already done that, I think the problem is I use tagged vlans as opposed to port based - is routing only available on port based vlans on this switch ? (PVIDS are all set to 1 except for 150 and 250)
Total Number of Routes 3
Network Address Subnet Mask Protocol Next Hop Slot/Port Next Hop IP Address
0.0.0.0 0.0.0.0 Default 2/1 192.168.5.253
192.168.4.0 255.255.254.0 Local 2/1 192.168.5.23
192.168.10.0 255.255.254.0 Local 2/2 192.168.10.1
VLAN ID Slot/Port MAC Address IP Address Subnet Mask
1 2/1 00:1B:2F:B8:1B:CA 192.168.5.23 255.255.254.0
25 2/2 00:1B:2F:B8:1B:CA 192.168.10.1 255.255.254.0
35 2/3 00:1B:2F:B8:1B:CA 0.0.0.0 0.0.0.0
I tried setting the gateway manually on a client but that failed also
I think I've been looking at this the wrong way and doing it the hard way seeing as vlan 1 is blocked from routing by default, I assumed and I think I'm correct in saying that all untagged traffic gets assigned to vlan 1 on netgear switches at least and this is the traffic I'm trying to route to my other VLANS
So am I correct in saying I probably need to create a protocol based VLAN and assign it to my VLAN 25+35 ?
I'm trying to do this for things like airserver so that the traffic gets to a from from pc on the domain to devices on the wifi.
I do that too Been trying to solve this for 2 days!
Basically I need domain traffic to see wifi traffic
the wifi traffic is on two ssids tied to two vlans which connect to smoothwall with different ranges
the domain traffic needs to see the wifi for the use of airserver / apple tvs etc
Currently this is done on smoothwall with zone bridging and that works great but I'm planning on removing as many services from smoothwall as I can.
I thought a layer 3 switch could do this routing instead
The smoothwall has virtual nics tagged with each VLAN, dhcp ranges are applied per vlan - one is for testing WPA Enterprise, with zone bridging all traffic can talk to each network. Im trying to remove all this so that the vlans use standard windows DHCP server and a radius server to get more control over traffic.
Just another thought, do I have to Tag every port on vlan 1 on every switch to enable passing the traffic ? I can soon test that I think
Last edited by caffrey; 2nd July 2014 at 08:08 PM.
I can get the switch to route 2 test vlans on the switch so it's doing that fine but it just won't route existing even after setting gateway to the switch
I'm starting to think that this switch can't route my vlans
e.g. this is how I have a switch set up
1 U U U U U U U U U U U U U U U U U U U U U U U U
25 T____________________________________ T
35 T____________________________________ T
I think I either need to T vlan 1 (management) which I can't do easily because of a bug, or do a complete network overhaul and create a VLAN 5 and put all PC's into that but I'm not sure how to go about that
This works great for SSID
Last edited by caffrey; 4th July 2014 at 11:24 AM.