HP switch and vlan
-
the switch is question is 1800-24G. I suppose all traffic needs to be tagged in order for vlan to work properly.
-
I don't know the GUI, just the HP CLI:
LAG:
conf t
vlan x tagged trk1
vlan x untagged trk1Upling:
vlan 1 untagged is needed for STP, MSTP.You have to deal vlan based and set the ports tagged oder untagged.
HP LAG:
trunk ethernet 23 trk1 lacpMy pfsense uplink at HP 2520G-24 looks like:
untagged vlan 1
tagged vlan 11-20Switch Management works with a vlan ip set and a default GW what goes with it.
Unifi AP:
vlan 1 untagged 5
vlan 18 tagged 5 -
I will try to find a description of this switch, but in the meantime...
the following:
HP switch to Unifi switch, a trunk must be created
(between two switches are usually required to pass through any VLAN later)- the trunk also (cleverly) gets a LACP (LAG)
(because the VLANs consumes bandwidth)
everything on the trunk except VLAN1 is tagged, VLAN1 is untagged, because it is native
as I wrote, to Cisco it is not enough to have only ports associated with a VLAN
but it is also necessary to assign the LAG (with LACP) on the trunk itself to a VLAN (of course, to which the ports are also assigned) - the trunk also (cleverly) gets a LACP (LAG)
-
@NOCling said in HP switch and vlan:
trunk ethernet 23 trk1 lacp
My pfsense uplink at HP 2520G-24 loThis is interesting.. on the Unifi AP, what gets assign to vlan 1? The IP for the AP? The APs are all connected to the Unifi switch
-
Vlan 1 is use for Switch Management, my internal Clients, SSID 1 and Switch, AP Management.
But you can set SSIDs to Tagged Vlan only, it is your decision.
-
@NOCling
SSIDs are tagged appropriately with vlan ids.
Plan is to config the mgmt vlan last.
My main issue is trying to get HP switch VLANs setup properly -
AP Management VLAN always untagged.
Management VLAN can be tagged to pfsense if there is the GW or to the Unify Switch and there is the pfsense with the GW.
The default GW is idependet from tagging.Set operator pw first, then manager.
-
This is the vlan port config. (Pic1 & 2). if I set the LACP 24 to PVID 20 and Tagged only. Unifi switch and APs loses connection to pfsense. Which make sense because it is only allow vlan 20 tags to go through.. vlan 1 is blocked.
Making LACP 24 a member of vlan 20 should allow vlan 20 tags to pass through. (Pic 3 & 4).However, devices cant access internet.
pfsense rules allow vlan20 net to dest any.. what is blocking internet access? Disabling vlan20 on Unifi. fixes internet issue. -
Switch to Switch Uplinks use normaly untagged vlan 1, this is important if you use STP Mode MST.
The Vlan 20 tagging look good.
-
@NOCling
I think i know why vlan20 traffic is not getting to pfsense vm. The port which ESXi is connected to HP switch needs to be a member of vlan 20. vswitch is already set to 4095. All traffic is just passthrough. -
Making LACP port member of vlan20 did not resolve DHCP issue. How do i trace where the request is being dropped?
-
@moosport said in HP switch and vlan:
How do i trace where the request is being dropped?
I think it's time:
https://www.wireshark.org/download.html
https://wiki.wireshark.org/VLAN -
looks like i have work to do tonight. :)
-
@moosport said in HP switch and vlan:
looks like i have work to do tonight. :)
exactly yes
I usually use Wireshark on Cisco systems with the following method.
If your HP switch knows the SPAN protocol, your life may be easier.just an example:
https://www.ciscozine.com/how-to-analyze-traffic-with-span-feature/Cats bury it so they can't see it!
(You know what I mean if you have a cat) -
Any managed switch should be able to do that. Even my crappo TP-Link can. I first did it with Adtran switches several years ago.
-
Good to know...
(I wouldn’t have thought of this, to from many SMB category mng. switches)
for a long time, I only have Cisco and Juniper in my life
TP-Link...hmmmm, though I wouldn't use it for letter weights either (hahaha) -
Some TP-Link switches have problems with tagged VLANs. Mine doesn't seem to have a problem with port based VLANs though, though it likely would with tagged VLANs. I have it configured to use as a data tap, so I can monitor Ethernet connections with Wireshark.
-
Is there a big price difference in your country between the Cisco SMB series (SG350, SG350X, etc.) and the TP-Link devices?
Pls don't think that, I hate TP-Link so much, but we haven't used it in a long time, so I only have experience up to the TL-SG series
BTW:
we deal with AoIP stuff a lot (DANTE protocol) TP-Link is totally dead on the IGMP and DSCP QoS themes
(https://www.audinate.com/) -
I paid about $100 for a Cisco SG 200-08 switch, but that TP-Link TL-SG105E was only around $35.
BTW, my early experience with managed switches was with Adtran, as my employer was their Canadian distributor. Adtran's AOS was pretty much a clone of Cisco's IOS.
-
I understand...
just a story:
for me, TP-Link customer service answered a simple question for three months...
the question is was the factory SFP modules know DOM / DDM?then I gave up and tried no further
(of course, there was no reference in the description)-there was an SFP diag menu in the GUI of the switches
didn't give any info about any DOM / DDM capable SFP, so we thought it only works with his own...the joke is that as it turned out they don't produce SFP modules with DDM / DOM capabilities
then what is that menu for in the GUI?
