1
24.1 Legacy Series / Re: VLAN
« on: March 28, 2024, 01:21:55 pm »
gorgeous thank you! worked like a charm!
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1] 2
2
24.1 Legacy Series / Re: VLAN
« on: March 28, 2024, 12:16:03 am »
UPDATE: yes the video worked that was indeed the issue!!! however I have a new one now...
I messed up and changed the listening interface for the webgui I still have SSH however it seems like everything I change on there does not fix my issue does anyone know how to change the listening interface via SSH
I messed up and changed the listening interface for the webgui I still have SSH however it seems like everything I change on there does not fix my issue does anyone know how to change the listening interface via SSH
3
24.1 Legacy Series / Re: VLAN
« on: March 25, 2024, 09:26:25 pm »
Thank you all for all your help! I am going to try that video I just watched it and it looks promising!! Thank you guys so much I will update you all when I get a chance!
4
24.1 Legacy Series / Re: VLAN
« on: March 25, 2024, 04:56:40 am »
Great we found the issue thank you for the help! But how do I fix it?
5
24.1 Legacy Series / Re: VLAN
« on: March 25, 2024, 03:21:55 am »
could any of these settings be affecting it? or the fact that it is a hyper v vm? i mean that NIC port on the server is dedicated to just the VM and nothing else
6
24.1 Legacy Series / Re: VLAN
« on: March 25, 2024, 02:48:20 am »
show mac address-table interface tenGigabitEthernet1/1/3
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
1 1418.7762.dcff DYNAMIC Te1/1/3
Here is the mac address table table for the interface facing opnsense, I have the windows machine ip to 192.168.10.101 and pinging 10.1 continuously.
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
1 1418.7762.dcff DYNAMIC Te1/1/3
Here is the mac address table table for the interface facing opnsense, I have the windows machine ip to 192.168.10.101 and pinging 10.1 continuously.
7
24.1 Legacy Series / Re: VLAN
« on: March 25, 2024, 02:37:41 am »
no that was over the auto back up assigned IPs APIPA i think is the protocol.
No ping of gate way from laptop with static and APIPA IPs
No ping of gate way from laptop with static and APIPA IPs
8
24.1 Legacy Series / Re: VLAN
« on: March 25, 2024, 02:26:32 am »
Here is an SS of the DHCP page for vlan10 on opnsense
9
24.1 Legacy Series / Re: VLAN
« on: March 25, 2024, 02:20:23 am »Can you do,
While the current config the one with trunk on the ports >Code: [Select]show int Te[port towards OPN] trunk
show int Te[port towards PC] trunk
show int Te[port towards AP] trunk
And as well while a device is connected to your AP, do on teh switchCode: [Select]sh mac address-table interface Te[port towards AP]
Regards,
S.
show interfaces tenGigabitEthernet1/1/3 trunk
Port Mode Encapsulation Status Native vlan
Te1/1/3 on 802.1q trunking 1
Port Vlans allowed on trunk
Te1/1/3 1,10
Port Vlans allowed and active in management domain
Te1/1/3 1,10
Port Vlans in spanning tree forwarding state and not pruned
Te1/1/3 1,10
show interfaces GigabitEthernet1/0/5 trunk
Port Mode Encapsulation Status Native vlan
Gi1/0/5 on 802.1q trunking 1
Port Vlans allowed on trunk
Gi1/0/5 1,10
Port Vlans allowed and active in management domain
Gi1/0/5 1,10
Port Vlans in spanning tree forwarding state and not pruned
Gi1/0/5 1,10
show interfaces GigabitEthernet1/0/38 trunk
Port Mode Encapsulation Status Native vlan
Gi1/0/38 off 802.1q not-trunking 1
Port Vlans allowed on trunk
Gi1/0/38 10
Port Vlans allowed and active in management domain
Gi1/0/38 10
Port Vlans in spanning tree forwarding state and not pruned
Gi1/0/38 10
sh mac address-table interface gigabitEthernet1/0/5
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
1 4abd.fb3e.9eac DYNAMIC Gi1/0/5
1 9c05.d643.c1b9 DYNAMIC Gi1/0/5
1 a64a.6488.9532 DYNAMIC Gi1/0/5
1 ae5a.8867.163d DYNAMIC Gi1/0/5
1 bad2.b99c.0125 DYNAMIC Gi1/0/5
10 ba41.46ea.f647 DYNAMIC Gi1/0/5
Total Mac Addresses for this criterion: 6
10
24.1 Legacy Series / Re: VLAN
« on: March 25, 2024, 02:16:26 am »
As a few more people have jumped on this thread I want to summarize what we know so far. I have a VM running OpnSense on a Dell R730 native OS is windows server 19 with a 10g SFP+ connection to a Cisco 3650 SFP+ 10g connection that is set to trunk vlan 1 and 10, 1 is set to native and if I remove vlan 1 from the trunk I lose the opnsense gui and ssh for some reason. I have a windows end device connected to port 38 on that same switch configured as an access port for vlan 10, I have a u7 pro AP on port 5 of that switch configed as a trunk port for 1 and 10 as well on unifi controller I have two networks 1 for vlan 1 and one for vlan 10, 3 SSIDs for vlan 1 and 1 for vlan 10. I have connected my phone to vlan 10 and can ping said phone from the windows machine also on vlan 10. I do have the vlan set up in OPNsense but i can not get an IP from DHCP on either the wireless or wired devices.
Thank you all for the help so far I hope this summary helps clarify
Thank you all for the help so far I hope this summary helps clarify
11
24.1 Legacy Series / Re: VLAN
« on: March 25, 2024, 02:06:54 am »
okay I will work on taking VLAN 1 off, I have my phone and the switchport mode access on port 38 which is a windows machine they could ping each other from switch to AP
Laptop Switch AP
Vlan10 vlan10/P38 IOT network Port 5
Laptop Switch AP
Vlan10 vlan10/P38 IOT network Port 5
12
24.1 Legacy Series / Re: VLAN
« on: March 25, 2024, 01:58:03 am »
yes my AP can tag it is a U7 pro with multiple SSIDs 3 for vlan 1 (just the different GHz) and 1 for vlan 10 IOT devices
13
24.1 Legacy Series / Re: VLAN
« on: March 25, 2024, 01:56:04 am »
yes I have 2 10G ports the other is shut down so this is for sure it
14
24.1 Legacy Series / Re: VLAN
« on: March 25, 2024, 01:47:43 am »
ifconfig
enc0: flags=0<> metric 0 mtu 1536
groups: enc
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
inet 127.0.0.1 netmask 0xff000000
groups: lo
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
pflog0: flags=20100<PROMISC,PPROMISC> metric 0 mtu 33160
groups: pflog
pfsync0: flags=0<> metric 0 mtu 1500
syncpeer: 0.0.0.0 maxupd: 128 defer: off
syncok: 1
groups: pfsync
hn0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: WAN (wan)
options=80018<VLAN_MTU,VLAN_HWTAGGING,LINKSTATE>
ether 14:18:77:62:dc:fe
inet xxx.xxx.xxx.xxx netmask 0xfffffc00 broadcast xxx.xxx.xxx.xxx media: Ethernet autoselect (10Gbase-T <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
hn1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: LAN (lan)
options=80018<VLAN_MTU,VLAN_HWTAGGING,LINKSTATE>
ether 14:18:77:62:dc:ff
inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
media: Ethernet autoselect (10Gbase-T <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
vlan0.10: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: Vlan10 (opt2)
options=80000<LINKSTATE>
ether 14:18:77:62:dc:ff
inet 192.168.10.1 netmask 0xffffff00 broadcast 192.168.10.255
groups: vlan
vlan: 10 vlanproto: 802.1q vlanpcp: 0 parent interface: hn1
media: Ethernet autoselect (10Gbase-T <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
wg1: flags=80c1<UP,RUNNING,NOARP,MULTICAST> metric 0 mtu 1420
description: wireguard (opt1)
options=80000<LINKSTATE>
inet 10.10.10.1 netmask 0xffffff00
groups: wg wireguard
nd6 options=9<PERFORMNUD,IFDISABLED>
root@OPNsense:~ #
enc0: flags=0<> metric 0 mtu 1536
groups: enc
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
inet 127.0.0.1 netmask 0xff000000
groups: lo
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
pflog0: flags=20100<PROMISC,PPROMISC> metric 0 mtu 33160
groups: pflog
pfsync0: flags=0<> metric 0 mtu 1500
syncpeer: 0.0.0.0 maxupd: 128 defer: off
syncok: 1
groups: pfsync
hn0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: WAN (wan)
options=80018<VLAN_MTU,VLAN_HWTAGGING,LINKSTATE>
ether 14:18:77:62:dc:fe
inet xxx.xxx.xxx.xxx netmask 0xfffffc00 broadcast xxx.xxx.xxx.xxx media: Ethernet autoselect (10Gbase-T <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
hn1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: LAN (lan)
options=80018<VLAN_MTU,VLAN_HWTAGGING,LINKSTATE>
ether 14:18:77:62:dc:ff
inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
media: Ethernet autoselect (10Gbase-T <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
vlan0.10: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: Vlan10 (opt2)
options=80000<LINKSTATE>
ether 14:18:77:62:dc:ff
inet 192.168.10.1 netmask 0xffffff00 broadcast 192.168.10.255
groups: vlan
vlan: 10 vlanproto: 802.1q vlanpcp: 0 parent interface: hn1
media: Ethernet autoselect (10Gbase-T <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
wg1: flags=80c1<UP,RUNNING,NOARP,MULTICAST> metric 0 mtu 1420
description: wireguard (opt1)
options=80000<LINKSTATE>
inet 10.10.10.1 netmask 0xffffff00
groups: wg wireguard
nd6 options=9<PERFORMNUD,IFDISABLED>
root@OPNsense:~ #
15
24.1 Legacy Series / Re: VLAN
« on: March 25, 2024, 01:42:41 am »
* Your Trunk ports are missing encap configCode: [Select]switchport trunk encapsulation dot1q
This command will not work on 3650 and other legacy switches. These command is for MLS switches.
3650 already by default supports 802.1Q and its the only encapsulation it supports by default.
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3650/software/release/3e/vlan/configuration_guide/b_vlan_3e_3650_cg/b_vlan_3se_3650_cg_chapter_0100.html
Regards,
S.
I was about to say this as it indeed does do 802.1q by default and the encapsulation dot1q is an invalid command on my switch. If I untruck vlan 1 I get locked out of Opense managment ssh and webgui. still routes traffic though
Pages: [1] 2