1 vlan over 2 switches

Rico

We have some Hardware/Server stuff to do here in the office, so some IT mates are around.
In Germany we are allowed to go to the workplace if the work can't be done from the homeoffice, of course we need to follow distance rules and so on.

-Rico

johnpoz

Ah ok - yeah you have to do what you have to do...

michael178212

Guessing by the replies you know I have netgear switches.

Made a pretty little picture of what I've done

So T is tagged and U is untagged

Not 100% its correct as sometimes I get ' cant get an ip ' on my phone when connecting from the downstairs ap to the upstairs ap. When I can connect tho then I am connected in the right subnet.

Both ap's are just old bt routers that I had lying around with dhcp turned off, both have the same ssid and password.

Any other info you need then just ask.

Many thanks

johnpoz

No not sure what you have - is best if you spell out exact make and models of your devices. What AP for example? Do they support vlans even.. If you have a tplink one it prob doesn't do it right for example and leaks info between because they don't allow removal of vlan 1, etc. etc..

While that looks correct for vlan 2, what about other vlans how are they marked on the port.. For example if you also have vlan 1 Untagged on your AP ports... You got a real problem.

You need to show us the setup for all the vlans your trying to do. Do you only want specific vlan on your AP, or do you want to run multiple vlans based on SSID to them, etc.

JKnott

@michael178212 said in 1 vlan over 2 switches:

Guessing by the replies you know I have netgear switches.

You guessed wrong. I had no idea what hardware you have

michael178212

aps dont support vlans but both switches do. Just trying to extend wifi coverage and have both aps in the same subnet so get the same ip which ever ap I connect to.

Upstairs switch is a netgear GS308E
Downstairs is a netgear GS108Ev3
Both aps are just bt homehub routers with dhcp turned off.

Both support vlans.

Only other vlan that I got is a vlan for unraid as I found it was easier to stick it on a seperate subnet with me the only person that can access it.

Ports 1 are tagged and used as trunk between both switches
Port 2 is tagged and goes into pfsense
Port 7 is to unraid
Ports 8 are to the aps

Hope this helps

johnpoz

@michael178212 said in 1 vlan over 2 switches:

Ports 8 are to the aps

And the only vlan you have on those ports is the vlan 2.. You have to remove any other Untagged vlans from those ports if you want your AP to just be vlan 2

JKnott

@michael178212 said in 1 vlan over 2 switches:

aps dont support vlans

Real APs do. However, in your case, you'll need to configure an access port on the switch, configured for the appropriate VLAN, which you will connect your "AP" to. You will not be able to support multiple SSIDs.

Configuring an AP for multiple SSIDs is quite common. For example, many businesses have SSIDs for employees and guests. The employee SSID connects to the company network, but guests can only connect to the Internet.

johnpoz

Yeah I run 4 SSIDs on my APs, all in different vlans.. 1 untagged, and 3 tagged.

JKnott

@johnpoz said in 1 vlan over 2 switches:

And the only vlan you have on those ports is the vlan 2.

I haven't tried it, but I'd expect any AP that doesn't support VLANs to just pass the tagged frames, which some devices could then be configured to use. This is no different than passing VLANs through a dumb switch. However, the proper way is to use an AP that supports VLANs and multiple SSIDs (avoid TP-Link).

michael178212

So basically all I was trying to do was to have a single port on both switches dedicated to vlan2 and then give vlan2 internet access, So no matter what I plugged into either one of those dedicated ports i would have a subnet of 10.10.10.0/24 and have internet access

So my thinking was if I can do that then surely I can then use 2 old bt homehub routers with their dhcp turned off and use their wifi signal to connect to and be on subnet of 10.10.10.0/24 as long as both ssids and passwords are the same.

But if i need a ap that can handle vlans then I best get looking haha

johnpoz

No you don't need an AP that supports vlans.. To do what your wanting to do. If all the devices connecting to the wifi of this AP are going to be in 1 vlan, ie vlan 2.. They can be dumb as rocks and will work.

You are connecting them to this port via one of their lan ports right, not a wan port of the AP.. Using an old wifi router as just an accesspoint (that doesn't specifically support AP mode) means you turn off its dhcp server, give it an IP on the network your going to connect to, and then connect it to said network via one of its lan ports.

JKnott

@michael178212 said in 1 vlan over 2 switches:

But if i need a ap that can handle vlans then I best get looking haha

As I mentioned, should you go that route, avoid TP-Link. Some of their gear doesn't work properly with VLANs. This applies to both APs and managed switches.

michael178212

Thanks guys, got it all well sort of working now.

Both switches that I've assigned a port to vlan2 work so what gets plug into it is on vlan2 and has the subnet 10.10.10.1/24 which is what I wanted. Only problem I have which I find a tad weird is if i connect to the wifi ap downstairs first then I connect, if I walk upstairs then my phone connects to the wifi ap upstairs as i was hoping for and works but the weird part is if I'm upstairs and disconnect my phone from the wifi and then reconnect then I can't connect and dont get assigned an ip but If I go downstairs I can connect

As the vlan side of it is working the I'm Putting it down to the fact I'm using bt routers as aps and not proper aps.

johnpoz

Did you change the PVID of the ports that you moved to new vlan... You would hope the switch would auto do that, but you might have to change do it by hand... Make sure whatever vlan you put a port in that is untagged, that you change the pvid of that port to the vlan you assign untagged.

michael178212

Downstairs switch

port 1 is tagged ( trunk between both switchs )
Port 2 is tagged and goes to pfsense.
Port 8 is untagged, goes to the wifi
All other ports are left untagged

Upstairs switch

Port 1 is tagged ( trunk )
Port 8 is untagged and goes to wifi
Port 7 is untagged and is for unraid
All other ports are left untagged

Only ports that have a pvid are ports 8 on both switch which have are pvid 2 and port 7 of the upstairs switch which has a pvid of 20

If this helps

Downstairs switch

Port 1 - 2 - 8 are in vlan2. Ports 1 and 2 are tagged, port 8 untagged and has pvid2

Ports 1 and 2 are tagged and are in vlan20

Upstairs switch

Ports 1 and 8 are in vlan2 port 1 tagged and 8 untagged with 8 having pvid2

Ports 1 and 7 are in vlan20 with port 1 being tagged and 7 untagged and has pvid20

johnpoz

@michael178212 said in 1 vlan over 2 switches:

if I'm upstairs and disconnect my phone from the wifi and then reconnect then I can't connect and dont get assigned an ip

When you say can't connect - you mean you can not auth and connect to the wifi, or you actually connect to the wifi but just don't get an IP and end up with 169.254.x.x as your IP?

If you can not actually auth and associate to the wifi, then no you wouldn't get an IP.

michael178212

My phones tries to connect as it says connecting but just dosnt connect both passwords are the same and ssids along with same WPA encryption. After a few attempts it gives me a 'cant get ip' message and ask me to reboot router.

Would this work.

Make another vlan Id from the downstairs switch. Connect another ethernet cable from the wifi router to the switch and then just trunk my up to the other wifi router upstairs?

So it'll go like this

Downstairs switch

Vlan2 ports 2 and 8, 2 being tagged and going into pfsense and 8 being untagged and going into wifi router with pvid2 ( as that's setup in pfsense )

Make a new vlan so let's call this one vlan50
Vlan50 has ports 7 and 1. 1 being trunk and tagged and 7 being tagged and goes into a spare port of the wifi router

Upstairs switch

Make a new vlan, vlan50

Ports 1 and 8 in vlan50 with 1 be tagged ( trunk ) and 8 being untagged and going into wifi router ?

Didnt think itll be this hard

michael178212

Or am I just over complicating things and the actual setup of the vlans are correct and it can just be somthing to do with the wifi routers

johnpoz

@michael178212 said in 1 vlan over 2 switches:

gives me a 'cant get ip' message and ask me to reboot router.

When you do that look on pfsense - do you see a discover for IP or request... Pfsense can not hand out an IP if doesn't see the discover or request...