+ Post New Thread
Results 1 to 15 of 15
Wired Networks Thread, VLAN Routing Netgear GSM7324 issues in Technical; I'm having issues routing between vlans on this switch (GSM7324) I appreciate it's quite old. We have wifi that uses ...
  1. #1

    Join Date
    May 2010
    Posts
    1,114
    Thank Post
    108
    Thanked 101 Times in 76 Posts
    Rep Power
    51

    VLAN Routing Netgear GSM7324 issues

    I'm having issues routing between vlans on this switch (GSM7324) I appreciate it's quite old.

    We have wifi that uses 2 vlans (25 and 35)

    so the vlans are configured like this :-

    1 All untagged except for the LAG on ports 1-2 (1/1)
    25 All excluded except tagged on the LAG on ports 1-2 (1/1)
    35 All excluded except tagged on the LAG on ports 1-2 (1/1)
    150 WAN (pvid 150 21-24) (wan switch)
    250 PFSENSE (pvid 250 19-21) (firewall switch)

    Interface vlans have IP addresses (vlan 1 - 192.168.5.23) (vlan 25 - 192.168.10.1) and routing is enabled, DHCP relay is set to point at our dhcp server

    The vlans work fine but the routing doesn't. It's currently routing through smoothwall zone bridging and DHCP is also done through smoothwall - when I turn this off I cant ping anything nor is a device getting an IP from the DHCP server

    Any ideas ? Scratching my head over this.


    I think the reason is that the vlans don't have a pvid on any ports - but I'm not sure how to fix this
    Last edited by caffrey; 1st July 2014 at 04:27 PM.

  2. #2

    Join Date
    Jul 2006
    Location
    London
    Posts
    1,267
    Thank Post
    112
    Thanked 242 Times in 193 Posts
    Blog Entries
    1
    Rep Power
    74
    In each vlan/subnet what is the default gateway ip?

    Do the settings of the DHCP scopes match what you've written in response to the above?

    On the switch, what is the default gateway ip?

    What is the flow to get a DHCP assigned address for a wireless client? (i.e. what interfaces on what boxes do packets travel through)

  3. Thanks to psydii from:

    caffrey (2nd July 2014)

  4. #3

    Join Date
    May 2010
    Posts
    1,114
    Thank Post
    108
    Thanked 101 Times in 76 Posts
    Rep Power
    51
    DHCP Scope matches
    Default gateway IP is 192.168.5.253 which is the smoothwall, I can see a problem there
    vlan subnet gateway is set to the lowest IP eg 192.168.10.1 (scope is 192.168.10.1/23)

    Currently the network is set up like this :-

    WIFI with 2 SSID on vlan 25 / 35



    Smoothwall interfaces tagged with those VLANS which is connected to Smoothwall DHCP server and the vlans are zone bridged for airserver etc. works fine (unifi access points)
    Smoothwall is gateway at 192.168.5.253

    Main issue I have is I have no lab, I'm having to do all this live which is fun and I think its causing all my problems

    I'm trying to cut out all the services on the smoothwall eg use our DHCP server and using a layer 3 switch for routing as I'm relying too much on the smoothwall box

  5. #4

    Join Date
    May 2011
    Posts
    80
    Thank Post
    8
    Thanked 11 Times in 11 Posts
    Rep Power
    8

    VLAN Routing Netgear GSM7324 issues

    Have you set inter-VLAN routing up?

    Here are my notes for setting up ours ( GSM7352Sv200 )

    Login to the switch.

    Type “enable”
    Type “vlan database”
    Type “vlan {VID}” so for example “vlan 27” if the vlan number is 27
    Type “vlan routing {VID}” so for example to enable vlan routing for vlan 27 “vlan routing 27”

    …the below example then is to enable vlan routing for vlan27 and 26

    Enable
    Vlan database
    Vlan 27
    Vlan routing 27
    Vlan 26
    Vlan routing 26
    Exit
    Save

    Let me know if I can help, maybe on a teamviewer session or something.
    Last edited by jszkudlapski; 1st July 2014 at 11:15 PM.

  6. Thanks to jszkudlapski from:

    caffrey (2nd July 2014)

  7. #5

    Join Date
    May 2010
    Posts
    1,114
    Thank Post
    108
    Thanked 101 Times in 76 Posts
    Rep Power
    51
    Cheers, think I've already done that, I think the problem is I use tagged vlans as opposed to port based - is routing only available on port based vlans on this switch ? (PVIDS are all set to 1 except for 150 and 250)

    Code:
    VLAN ID	VLAN Name	VLAN Type	Slot/Port	Member Ports
    1	Default	Default	2/1	 0/1 0/2 0/3 0/4 0/5 0/6 0/7 0/8 0/9 0/10 0/11 0/12 0/13 0/14 0/15 0/16 0/17 0/18 1/1
    25	Wifi	Static	2/2	 0/5 0/6 1/1
    35	Wifi Guest	Static	2/3	 0/5 0/6 1/1
    150	WAN	Static		 0/21 0/22 0/23 0/24
    250	PFSENSE	Static		 0/19 0/20
    Code:
    0/1	1	Admit All	Disabled	0
    0/2	1	Admit All	Disabled	0
    0/3	1	Admit All	Disabled	0
    0/4	1	Admit All	Disabled	0
    0/5	1	Admit All	Disabled	0
    0/6	1	Admit All	Disabled	0
    0/7	1	Admit All	Disabled	0
    0/8	1	Admit All	Disabled	0
    0/9	1	Admit All	Disabled	0
    0/10	1	Admit All	Disabled	0
    0/11	1	Admit All	Disabled	0
    0/12	1	Admit All	Disabled	0
    0/13	1	Admit All	Disabled	0
    0/14	1	Admit All	Disabled	0
    0/15	1	Admit All	Disabled	0
    0/16	1	Admit All	Disabled	0
    0/17	1	Admit All	Disabled	0
    0/18	1	Admit All	Disabled	0
    0/19	250	Admit All	Disabled	0
    0/20	250	Admit All	Disabled	0
    0/21	150	Admit All	Disabled	0
    0/22	150	Admit All	Disabled	0
    0/23	150	Admit All	Disabled	0
    0/24	150	Admit All	Disabled	0
    1/1	1	Admit All	Disabled	0
    Last edited by caffrey; 2nd July 2014 at 08:00 AM.

  8. #6

    Join Date
    May 2010
    Posts
    1,114
    Thank Post
    108
    Thanked 101 Times in 76 Posts
    Rep Power
    51
    Route Table

    Code:
    Total Number of Routes	 3
    Network Address	Subnet Mask	Protocol	Next Hop Slot/Port	Next Hop IP Address
    0.0.0.0	0.0.0.0	Default	 2/1	192.168.5.253
    192.168.4.0	255.255.254.0	Local	 2/1	192.168.5.23
    192.168.10.0	255.255.254.0	Local	 2/2	192.168.10.1
    VLAN Routing

    Code:
    VLAN ID	Slot/Port	MAC Address	IP Address	Subnet Mask
    1	 2/1	 00:1B:2F:B8:1B:CA	 192.168.5.23	 255.255.254.0
    25	 2/2	 00:1B:2F:B8:1B:CA	 192.168.10.1	 255.255.254.0
    35	 2/3	 00:1B:2F:B8:1B:CA	 0.0.0.0	 0.0.0.0
    Looks fine to me I think

  9. #7

    Join Date
    Jul 2006
    Location
    London
    Posts
    1,267
    Thank Post
    112
    Thanked 242 Times in 193 Posts
    Blog Entries
    1
    Rep Power
    74
    For each internal subnet the default gateway (from DHCP) needs to be the routing interface of your core switch (your core is your router)

    The default route on your core switch(router) should be the internal interface of your firewall.

    The default route on your firewall should be the next hop towards your ISP.

    There should be routes configured on your firewall for your internal subnets, with the vlan interface of your core switch(router) set as the gateway.

    If you need to keep traffic between your subnets isolated, use ACLs on the core switch.

  10. Thanks to psydii from:

    caffrey (2nd July 2014)

  11. #8

    Join Date
    May 2010
    Posts
    1,114
    Thank Post
    108
    Thanked 101 Times in 76 Posts
    Rep Power
    51
    I tried setting the gateway manually on a client but that failed also

    I think I've been looking at this the wrong way and doing it the hard way seeing as vlan 1 is blocked from routing by default, I assumed and I think I'm correct in saying that all untagged traffic gets assigned to vlan 1 on netgear switches at least and this is the traffic I'm trying to route to my other VLANS
    So am I correct in saying I probably need to create a protocol based VLAN and assign it to my VLAN 25+35 ?
    I'm trying to do this for things like airserver so that the traffic gets to a from from pc on the domain to devices on the wifi.

  12. #9

    Join Date
    Jul 2006
    Location
    London
    Posts
    1,267
    Thank Post
    112
    Thanked 242 Times in 193 Posts
    Blog Entries
    1
    Rep Power
    74
    Untagged traffic on a port is on the vlan that is untagged on the port.

    If no vlan or tagging is specified on a port then all untagged traffic passing through that port is on the default vlan. Tagged traffic hitting that port is probably dropped.

  13. #10

    Join Date
    May 2010
    Posts
    1,114
    Thank Post
    108
    Thanked 101 Times in 76 Posts
    Rep Power
    51
    Okay, so is protocol based vlan the way forward ? how do I route traffic from none tagged traffic to a vlan?

  14. #11

    Join Date
    Jul 2006
    Location
    London
    Posts
    1,267
    Thank Post
    112
    Thanked 242 Times in 193 Posts
    Blog Entries
    1
    Rep Power
    74
    Before I disappear down a rabbit hole, could I just check: What are you actually trying to achieve?

  15. #12

    Join Date
    May 2010
    Posts
    1,114
    Thank Post
    108
    Thanked 101 Times in 76 Posts
    Rep Power
    51
    I do that too Been trying to solve this for 2 days!
    Basically I need domain traffic to see wifi traffic

    the wifi traffic is on two ssids tied to two vlans which connect to smoothwall with different ranges
    the domain traffic needs to see the wifi for the use of airserver / apple tvs etc
    Currently this is done on smoothwall with zone bridging and that works great but I'm planning on removing as many services from smoothwall as I can.

    I thought a layer 3 switch could do this routing instead

  16. #13

    Join Date
    Jul 2006
    Location
    London
    Posts
    1,267
    Thank Post
    112
    Thanked 242 Times in 193 Posts
    Blog Entries
    1
    Rep Power
    74
    What does the smoothwall currently do for each of your VLANs? and is there any communication between them at the moment?

  17. #14

    Join Date
    May 2010
    Posts
    1,114
    Thank Post
    108
    Thanked 101 Times in 76 Posts
    Rep Power
    51
    The smoothwall has virtual nics tagged with each VLAN, dhcp ranges are applied per vlan - one is for testing WPA Enterprise, with zone bridging all traffic can talk to each network. Im trying to remove all this so that the vlans use standard windows DHCP server and a radius server to get more control over traffic.

    Just another thought, do I have to Tag every port on vlan 1 on every switch to enable passing the traffic ? I can soon test that I think
    Last edited by caffrey; 2nd July 2014 at 08:08 PM.

  18. #15

    Join Date
    May 2010
    Posts
    1,114
    Thank Post
    108
    Thanked 101 Times in 76 Posts
    Rep Power
    51
    I can get the switch to route 2 test vlans on the switch so it's doing that fine but it just won't route existing even after setting gateway to the switch
    I'm starting to think that this switch can't route my vlans

    e.g. this is how I have a switch set up

    1 U U U U U U U U U U U U U U U U U U U U U U U U
    25 T____________________________________ T
    35 T____________________________________ T

    PVID 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1

    port 1 is uplink 24 is wifi

    I think I either need to T vlan 1 (management) which I can't do easily because of a bug, or do a complete network overhaul and create a VLAN 5 and put all PC's into that but I'm not sure how to go about that
    This works great for SSID
    Last edited by caffrey; 4th July 2014 at 11:24 AM.

SHARE:
+ Post New Thread

Similar Threads

  1. Netgear VLAN - routing on vlan 1
    By Simcfc73 in forum Wired Networks
    Replies: 1
    Last Post: 1st November 2012, 04:58 PM
  2. Netgear VLAN Routing
    By nick3young in forum Wired Networks
    Replies: 5
    Last Post: 27th October 2012, 07:29 PM
  3. Procurve VLAN Routing Switch
    By Cache in forum Wired Networks
    Replies: 12
    Last Post: 7th June 2012, 12:30 PM
  4. Edugeek, I need your help! Netgear solution issues
    By johnymac in forum Wireless Networks
    Replies: 48
    Last Post: 21st May 2011, 10:38 PM
  5. 3Com 4500G VLAN Routing
    By ptenteges in forum Wireless Networks
    Replies: 1
    Last Post: 28th May 2008, 12:31 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •