VLANs stopped working?
-
Any managed switches? As always, packet captures can speak volumes about network issues.
-
@jknott Thanks for the reply!
Yes - all three of those are managed switches, but I didn't change any settings. The VLANs have been working for at least a year.
I'm not getting IP addresses for the devices on the VLANs, I'm not sure if that is helps. For example, when I look at the Unifi device, I see the IOT devices are connected the IOT wifi, which is tagged '50' by the Unify. But they are not getting the subnet 192.168.50.x IPs assigned any longer.
The Unify is attached to a HP 1820 switch, here's the setup:
Then it goes to the HP 1920 switch, VLAN 30 isn't setup in these screenshots.
-
Not enough info. Are we talking about wireless or ethernet clients (failing to get an IP)? Is the SG-3100 also the DHCP server?
The Unifi AP should be on a trunk port, as each wifi SID should map to a specific VLAN. The only specical case would be the AP & all wifi clients in the same VLAN, then a single tagged port would be fine.
I'm guessing the power loss caused a reboot or config reset of at least one device, but you'll need to check every network device to ensure it's configured as intended.
-
@msf2000 Thanks for the reply.
The IOT clients are wireless and connecting to the Unifi AP via a specific tagged wireless network. Yes, the SG-3100 is the DHCP server.
On the Gaming VLAN, that's a wired XBOX.
Correct, the SIDs on the Unifi map to specific VLANs.
I checked the settings on all the switches and on the SG-3100 and everything looks correct.
-
@newberger said in VLANs stopped working?:
Yes - all three of those are managed switches, but I didn't change any settings. The VLANs have been working for at least a year.
Then you need to do some diagnosing. For example, are all the port LEDs flashing? If not, you could have a port or switch that failed. With managed switches, you can connect a computer running Wireshark and use port mirroring to see what's actually on the wire, etc.. Pfsense includes Packet Capture.
There's no way we can tell what your problem is with what you've told us.
-
Thanks, I do appreciate your reply. Yes, I understand I'm not providing enough information. I've gone over all the settings and am baffled where the problem might have developed - out of nowhere. So, I'm having a difficult time trying to figure out what info to provide.
I have wireshark, but, honestly, I'm not sure what to look for in the capture.
Update:
If one of the 'parallel' switches downstream of the 1920 failed, would it interfere with the VLAN on the other switch? The switch with 99% of the IOT traffic is the one with the Unifi AP attached and it's testing fine. I may have a bad port on the other downstream port. It would surprise me if that would cause the entire IOT VLAN to fail?
-
@newberger said in VLANs stopped working?:
I've gone over all the settings and am baffled where the problem might have developed - out of nowhere. So, I'm having a difficult time trying to figure out what info to provide.
If this happened with a power failure then either some setting got changed or hardware failed. Looking at the LEDs can tell you if a connection is physically working. That would be a good place to start. As for Wireshark, it will tell you what is actually on the wire, including VLANs. However, you'll want to add a VLAN column to make that easier. The best way to learn is to just use it. If you need help, feel free to ask.
-
Thanks and sorry for the delayed reply. I ended up temporarily disabling the VLANs as I am not at home to do the packet capture and I needed to get the devices running. I will follow up with that step later.
The 'power event' was very strange. One of my HP 8-port 1820s lost ports 1&2 (it was connected to a good power strip), my sprinkler controller (RainMachine) had one zone connection short out, and I had a home automation powerline modem (a SmartHome PLM) that died. It's been a mess, to say the least.
-
I'd say you're looking at hardware damage then. Electrical damage can affect one device and not another or even just part of one device. The best way to avoid damage is to have everything plugged into one source. Of course that often isn't possible with networks, but there is no electrical connection between an Ethernet port and the actual wires. There's a transformer, which passes the signal, but not power frequency. However, even with that, a good enough hit can still cause damage.
-
Thanks - I will try replacing the HP 1820 switches and see if that solves the VLAN problem. Although it could also be the Unifi AP.
From your comments, I presume that if I did the packet capture with different switches, I could tell whether the VLAN tags are correct - conclusively determining whether it's a switch.
-
Well, you could tell if they were enabled or not, as there should be some traffic, such as spanning tree, to reveal them, regardless of any actual data traffic between devices. However, you'd only STP frames from switches.
-
@newberger said in VLANs stopped working?:
I have wireshark, but, honestly, I'm not sure what to look for in the capture.
As I mentioned, the best way to learn is to do. For example, with spanning tree, you can see the difference between DIX II and 802.3 frames. DIX is used for IP¹ and most other current protocols, but spanning tree uses 802.3. DIX has a an Ethertype field, which is also used as the length field with 802.3. To get the same function with 802.3, as with DIX, you have to add LLC / SNAP protocols to recreate the Ethertype field. The Ethertype field is where you'll find the VLAN frame denoted (2 bytes), followed by the VLAN ID (2 bytes). By examining the various fields in this manner you can learn a lot.
BTW, DIX has no need of a length field, relying on the signalling to indicate the end of the frame.- 802.3/LLC/SNAP can also be used with IP in special circumstances, such as bridging with token ring, but the days for that sort of thing are long past. I used to work at IBM in the late 90s, when I learned of that. Token ring was the network used at IBM back then.
-
Thanks - I appreciate the extra info! It may be a couple weeks before I can get the new switches and run some test captures. I'll report back when I have more information - or when I get stuck.
