XG-7100 and 2 Stacked Netgear Switches

ITageI

Okay so I have been trying to research and get this working for the past 5 days and I am now throwing my hands up and asking for help. I currently have an XG-7100 as my router with ETH2 - ETH8 setup as separate VLAN interfaces. I also purchased the additional 4 port NIC and configured each of those interfaces with their own VLAN giving me 12 logical networks (11 if we arent counting WAN). I also have 2 Netgear switches, 1 GS724Tv4 and 1 XS728T. I am connecting port 24 of the GS724Tv4 to port 24 of the XS728T as a trunk port. On my second switch I cannot get DHCP addresses from any of the VLANS and if I statically assign addresses I can't ping the gateway even though I have firewalls on each VLAN that allow any protocol from any source to any destination. I am so lost. What I have below is my desired config. :(
Switch 1 (GS724Tv4)

Port 2 through 12 - Connected to Router (Each interface should carry its respective VLAN)
Port 13 through 16 - Dedicated iLo/IPMI (These work going to VLAN 10 for some reason)
Port 23 - Wireless Access Point (VLAN 60 and 70)
Port 24 - Trunk Port - All VLANS Tagged

Switch 2 (XS728T)

Port 1 through 8 - I am trying to trunk these to ESXi hosts. I think all VLANS should be tagged here as well
Port 9 through 10 - Dedicated as FreeNAS Management interfaces (VLAN 10)
Port 13 through 16 - ESXi 10Gbps Storage Ports (VLAN 90)
Port 17 through 20 - FreeNAS 10Gbps Storage (VLAN 90)
Port 24 - Trunk Port back to Switch 1 (All VLANS Tagged)

Here is a link to all the information I think may be needed. I have also attached them to the post
https://imgur.com/a/GWiZ6Rj

0.PNG_thumb

1.PNG_thumb

2.PNG_thumb

3.PNG_thumb

4.PNG_thumb

5.PNG_thumb

6.PNG_thumb

7.PNG_thumb

stephenw10

The screenshots of your switch ports do not line up with your description at the top. I'm not sure which is which.

However it looks like you have the wrong PVID set on the ports you're using as 'access' ports. Those need to be set to the VLAN ID so untagged packets coming into them are tagged onto the correct VLAN. Without that you will only have one way traffic, out of the port.

You realise you can trunk all the VLANs out of the XG-7100 on onr port if you want rather than using all the ports to connect to the switch?

Steve

stephenw10

Reviewing the switch specs you have there it might be better to tell us what you want to achieve here. There is probably a better connection strategy available. A 10GbE connection from the XS728T directky to the XG-7100 carrying all the VLANs for example.

Steve

ITageI

@stephenw10:

The screenshots of your switch ports do not line up with your description at the top. I'm not sure which is which.

However it looks like you have the wrong PVID set on the ports you're using as 'access' ports. Those need to be set to the VLAN ID so untagged packets coming into them are tagged onto the correct VLAN. Without that you will only have one way traffic, out of the port.

You realise you can trunk all the VLANs out of the XG-7100 on onr port if you want rather than using all the ports to connect to the switch?

Steve

The screenshots are what I have setup now. The description at the top is my desired configuration. Hope that helps a bit I know it is pretty messy. Sorry about that. As far as the one port comment does that have any affect on performance? If not, was there literally no point of me buying the extra 4-port adapter. (trying to learn networking at the moment forgive my ignorance)

@stephenw10:

Reviewing the switch specs you have there it might be better to tell us what you want to achieve here. There is probably a better connection strategy available. A 10GbE connection from the XS728T directky to the XG-7100 carrying all the VLANs for example.

Steve

I had actually tohught about that the only issue was that I dont have any DAC cabled at the moment and did not want to purchase one since theoretically I thought it would work how I planned. Man was I wrong. To answer the question on what I am trying to achieve though I would like to have all VLANS passed through that trunk port and ultimately trunk ports going into ESXi. I can put storage on VLAN 1 if I have to I just wanted storage on a separate VLAN (90) but I am not sure if I will be able to get that to work. Either FreeNAS is being finnicky or my VLAN setup isnt going to work.

Derelict

First: Those switches are not "stacked."

Stacked switches utilize special, usually-proprietary protocols to connect two or more switches so they operate as one unit. You are simply connecting two switches with a VLAN trunk/tagged port.

I would concentrate on ONE aspect of your design and make that work. I am unsure what you are doing with all of those physical router interfaces going to the switch.

I would probably LACP two, three, or four of the expansion port NICs to the switch and just trunk VLANs there unless you KNOW you're going to be pushing 800Mbit+ on them all. That way if a VLAN needs more than a gigabit, there is at least the possibility LACP can give the bw needed - depending on the type of traffic it is carrying. Keep in mind that the aggregate bandwidth from the built-in switch to the XG-7100 SoC is 5 gigabits (2 x 2.5Gbit links in a LAG. Switch ports 9 and 10 to SoC ports ix2 and ix3 (lagg0))

ITageI

@Derelict:

First: Those switches are not "stacked."

Stacked switches utilize special, usually-proprietary protocols to connect two or more switches so they operate as one unit. You are simply connecting two switches with a VLAN trunk/tagged port.

I would concentrate on ONE aspect of your design and make that work. I am unsure what you are doing with all of those physical router interfaces going to the switch.

I would probably LACP two, three, or four of the expansion port NICs to the switch and just trunk VLANs there unless you KNOW you're going to be pushing 800Mbit+ on them all. That way if a VLAN needs more than a gigabit, there is at least the possibility LACP can give the bw needed - depending on the type of traffic it is carrying. Keep in mind that the aggregate bandwidth from the built-in switch to the XG-7100 SoC is 5 gigabits (2 x 2.5Gbit links in a LAG. Switch ports 9 and 10 to SoC ports ix2 and ix3 (lagg0))

In regards to the "Stacked" configuration yes this is true. The two models of switches that I am running do not support the stacking feature that Netgear has since they are not from the same model or series number. As far as the unsure part as to what I am trying to do with all the interfaces connected to the switch, I am trying to have each interface act as a separate VLAN. Your suggestion on using LACP seems interesting I wonder if it would be easier to get that going than what I have been trying. Also in regards to the SoC I have all the lower priority stuff that wont use that much bandwidth on those ports. The additional 4-port NIC is where I seperated stuff like server traffic and a vMotion network. All the VLANS on the SoC seem to work on both switches I am assuming because they are switched and not separate interfaces but the 4 port NIC add-on I have not been having much luck with. Hope that helps and I appreciate you taking the time to reply.

Derelict

Your storage should simply not go through your firewall period. It should be a blank VLAN with your host storage interfaces and your storage device(s).

Storage through the firewall will just plain suck. Zero reason to do that.

ITageI

Oh. I didnt know that. Then most of this headache will go away because thats where I was having the big issue. I wanted to set storage up first before anything so that has been the sticking point for me. So okay cool! I will add FreeNAS to my primary LAN network and then go from there. ESXi trunking is the next phase of my project. I appreciate that.

Derelict

I would make a dedicated storage VLAN but that's probably just me.

ITageI

ahh shoot… thats what i was trying lol VLAN 90 was supposed to be for storage only the issue i was having was that I wasnt getting a DHCP address and couldnt ping that gateway when trying it. I honestly think it may have something to do with FreeNAS though. I think I am supposed to tag all VLANS except 1 (untagged) on the trunk port connecting both switches. I think from what I am understanding the Access ports (Ports connecting to end devices need to be untagged members of their vlans) I hope I am soaking all this information in correctly or I am about to tear some stuff up lol.

Derelict

Not sure why you need DHCP on your SAN/Storage.

ITageI

@Derelict:

Not sure why you need DHCP on your SAN/Storage.

LOL thats not the intended design i only did it to see if it would get an address. I had a static address on it before but was not able to ping the gateway. I switched it to DHCP to see if it would at least pull an address from it eventually while I was changing port configs on the switch. I'm new but not that new :D

ITageI

@Derelict:

Not sure why you need DHCP on your SAN/Storage.

I actually just said "forget it" and reset everything. Now I only have one Network (LAN 10.1.1.x) and am going to try to take this slow. Am I able to make separate posts for each thing when I run into it or is that frowned upon? My first thing I want to get down is creating the VLANS on pfSense correctly before even getting into the switches.

stephenw10

Several posts with each restricted to a very specific issue is fine IMO. Often easier to diagnose issues like that. Long rambling posts encompassing numerous issues can be hard to follow but do sometimes allow a better overall picture of the issues.

If you're not using those 10GbE ports for anything else eight now I'd pick up a direct attach cable and use that to the switch. Assuming they are physically local. Better total throughput in almost any situation. Only drawback there is no failover if that one connection does fail but there are multiple other single points of failure so it's not really an increased risk.

Steve