Issue with VLANs

Started by i716, June 24, 2021, 01:42:35 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 24, 2021, 01:42:35 PM Last Edit: June 24, 2021, 03:07:21 PM by i716
I have set up 2 VLANs:
1) VLAN 3 (For Guest/IoT Network): 192.168.2.0/24
2) VLAN 99 (For management): 192.168.0.0/24
and there is the (native) VLAN 1 (main network): 192.168.1.0/24

Those VLANs are passed onto port 1 (a trunk port) of the switch where VLAN1 is the native VLAN.
Port 3 is connected to a Wi-Fi AP where VLAN 3 is the Guest network, (native) VLAN 1 is the main network and VLAN 99 is the management interface. Everything works great so far.

A few days ago, I tried to add the IMPI Interface of a server and the network card of my UPS to that VLAN and tagged ethernet ports 45 and 47 on the switch for VLAN 99.
Both devices can not be pinged and a traceroute command shows only one hop from the main network to the 192.168.1.1 GW.
Then I tried to connect the Wi-Fi AP to the newly tagged port and I could access its configuration interface. Of course no internet connection as port 47 only carries the VLAN 99 - but that was expected.

So here's the question:
Why does only the AP work?
So the issue can not be with the rules or the switch.

The switch configuration:

Code Select

SSH@ICX6450-48 Router(config)#sh run
Current configuration:
!
ver 08.0.30uT313
!
stack unit 1
  module 1 icx6450-48-port-management-module
  module 2 icx6450-sfp-plus-4port-40g-module
!
!
!
!
vlan 1 name DEFAULT-VLAN by port
!
vlan 3 by port
tagged ethe 1/1/1 ethe 1/1/3
!
vlan 99 by port
tagged ethe 1/1/1 ethe 1/1/3 ethe 1/1/45 ethe 1/1/47
router-interface ve 99
!
!
!
!
!
errdisable recovery cause all
aaa authentication web-server default local
aaa authentication enable default local
aaa authentication login default local
ip dhcp-client disable
ip route 0.0.0.0/0 192.168.0.1
!
username root password .....
snmp-server community ..... ro
!
!
clock timezone gmt GMT+09
!
!
ntp
disable serve
server 192.168.0.1
server 192.168.1.1
!
!
!
!
!
interface ethernet 1/1/1
dual-mode
!
interface ethernet 1/1/3
dual-mode
!
interface ve 99
ip address 192.168.0.250 255.255.255.0
!
!
!
!
!
!
!
!
!
end


The FW rule for the management interface:

Code Select
Protocol Source Port Destination Port Gateway Schedule Description
  IPv4 * MNGMT net * This Firewall * * *    
  IPv4 * MNGMT net * This Firewall * * *    
  IPv4 * * * * * * *

* The last rule is not active but it does not change anything. Besides that, the Wifi-AP works fine with the same rules intact.
June 24, 2021, 03:06:50 PM #1
Solved!

I mistakenly set the ports 45 and 47 as tagged ports and both the IPMI and UPS network card have no VLAN set whereas the Wifi-AP has. Therefore it could be accessed.
Changed the ports from tagged to untagged for VLAN99 et voila, it's working.
Print
Go Up Pages1
User actions