DHCP not working for new VLAN

Started by QuarkZ26, February 04, 2023, 01:47:23 AM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
February 04, 2023, 01:47:23 AM
Hello,

I already have 2 VLANs that are working perfectly and have been for quite some time. Today I've been trying to add a third one to no avail, it does not get any IP.

I connected a laptop directly on the switch's port (SG200) and if I switch to VLAN2 on that port, I get the IP as expected, when I set VLAN3 on it, it just times out.

I checked the rules and compared with the working ones and nothing seems out of place. I even redid everything from scratch using a different VLAN number but it just doesn't work at all.

Any input would be appreciated!

February 04, 2023, 03:41:21 AM #1
Did you add the new vlan to the trunk port?
February 04, 2023, 05:46:04 AM #2
I did.

If I switch to VLAN 2 Untagged on the port, it picks up the IP immediately, but if I put VLAN 3 it just times out. Also tried on my AP, which is what I was trying to originally do, configure a VLAN for IoT and after it was failing, i went and plugged a laptop directly to the port.

If other VLANs didn't work, I would point at the switch, but both my wifi guest (VLAN 1733) and VLAN 2 work without any issues, which makes me point to Opnsense
February 04, 2023, 12:51:06 PM #3
Quote from: QuarkZ26 on February 04, 2023, 05:46:04 AM
I did.

If I switch to VLAN 2 Untagged on the port, it picks up the IP immediately, but if I put VLAN 3 it just times out. Also tried on my AP, which is what I was trying to originally do, configure a VLAN for IoT and after it was failing, i went and plugged a laptop directly to the port.

If other VLANs didn't work, I would point at the switch, but both my wifi guest (VLAN 1733) and VLAN 2 work without any issues, which makes me point to Opnsense

Post a pic of the firewall rules.

Just because vlan2 works doesn't mean the switch is configured correctly, but it is a 'hint' that it is. You still have to make sure vlan3 is taggged on the trunk and untagged on an access port.
February 04, 2023, 04:12:19 PM #4
The firewall rules have very little, currently only the DHCP and an Allow All for testing purposes.

I can't indeed exclude something malfunctioning on the switch, but I know the configuration is correct as, like I said, it works when testing the other 2 working VLANs.
If I plug on Port 16, I get an IP from VLAN 2. If I plug on port 15, no IP.
Port 8 is my wifi, 1733 is the guest VLAN which works as intended, tagging VLAN 3 does not work.
February 04, 2023, 05:24:21 PM #5
Which one goes to the router?
You only show 7 - 16.
February 04, 2023, 06:12:12 PM #6
17/18 are setup as LAG and go to the router. You can see on the very first picture they all have the parent as lagg0
February 04, 2023, 06:58:48 PM #7
So show 17 and 18 then.
You would need to tag the new vlan on the lagg.

Just to add, I have a couple sg-350's. They come with all ports set to trunk. You really should set access ports to access and leave the trunks as trunk. Would make life easier when troubleshooting. Obviously it'll work as is but it should be corrected.
February 04, 2023, 07:11:59 PM #8
You can't tag anything on the LAG and the other VLANs work as is, the LAG only passes things through.

I tried also access instead of trunk, with the same result. You can see that port 16 is setup as trunk and works perfectly. If I swap 1 or 15 to VLAN2 it will also work. None of the VLAN 3 tagged or otherwise, work.
February 04, 2023, 08:23:25 PM #9
Quote from: QuarkZ26 on February 04, 2023, 07:11:59 PM
You can't tag anything on the LAG and the other VLANs work as is, the LAG only passes things through.

Of course you can. What would be the point if you couldn't??? All that bandwidth for one network?

Go to Vlan Management/Portto Vlan
Select the vlan and the lag and tag or untag as neccessary.

If you didn't do this already, how are any of the other vlans working?
February 04, 2023, 08:33:58 PM #10
Look at the screenshot, you can't tag anything on the LAG, the VLAN is tagged when it reaches the port it's connected to, not the LAG. The LAG simply forwards the packets.
February 04, 2023, 09:24:56 PM #11
Read my last post again. Follow it.

The vlan is untagged on the port it's connected to unless you tag the device that's plugged into that port.
February 04, 2023, 11:12:51 PM #12
Well you were right about the setup, just was the wrong place. Port to VLAN doesn't allow changing anything, you have to go to Port VLAN Membership and there you can select the LAG and assign the tagged VLAN. Ugh, I'm not sure why they don't allow the other option and I didn't think to look at that one.

Thank you for you patience and pointing me the right way, appreciate it!
February 04, 2023, 11:28:05 PM #13
That's odd, on the sg350 it works fine.

Glad you got it working!
February 04, 2023, 11:43:41 PM #14
Just found this:
https://community.cisco.com/t5/switches-small-business/lag-lacp-with-multiple-vlans/td-p/1717980

Says it works for the sg200.
Odd that it isn't working for you. Still would love to know how the other vlans were working if you never added them to the lagg?
Print
Go Up Pages1 2
User actions