VLAN on D-link
-
Can anyone spot an obvious mistake based on these pictures? Setting up the VLAN network on the pfSense worked good based on the manual and youtube-videos, but didn't find any good instructions for the spesific switch. The terminology is a bit different, for instance it has something called Native VLAN and Asymmetric VLAN State (I have tried enable the last one just to see).
Port 1 is connected to pfSense and based on what I know now, it should be defined as Trunk port and so called Tagged.
Port 43 has a server connected to it, defined as Access-port and should be Untagged.The VLAN-interface in pfSense is given the number "40", it is UP and parent device is LAN-network. DHCP-server is enabled to run on VLAN40 and fw rule for the interface is set to allow all inside the VLAN40.
Thanks :)
-
@fireix
First thing would be to make sure you're working with 802.1q vlans in the switch. I know some of those "off brand" switches have a few different options when it comes to vlans. .1q is what you want.I'm curious why it shows all vlans tagged on port 1??
You can try to untag vlan 1 on port 1 and just have vlan 40 tagged on it. It shouldn't show vlans 1-4094 as tagged.
-
In this summary it seems to list them as untagged..
On the other screenshots above, it seems like only port 1 of the VLAN 1 is tagged I think?
-
@fireix
You're first image, all the way to the right.
Kinda confusing. -
@jarhead That was so weird, I had to type 1-4094 in a textbox and select Remove from a dropbox before I clicked Submit ;) Now it got removed.
-
@fireix Take a look here:
https://eu.dlink.com/uk/en/support/faq/switches/layer-2-gigabit/dgs-series/uk_dgs_1510_how_to_setup_vlans_scenario_configuration
-
@jarhead said in VLAN on D-link:
https://eu.dlink.com/uk/en/support/faq/switches/layer-2-gigabit/dgs-series/uk_dgs_1510_how_to_setup_vlans_scenario_configuration
Yeah, that one is one of the first that appear on Google for it, so I have seen that one. I have to say it didn't help anything.
They seem to connect a router and internet as seperate entity, so it confuses me a lot. Also, in step 4, they explain how to configure IP on Layer 3 (IP for management interface).. Is that something I need to set up also?
"Step 4 – We now need to configure the IP interfaces for each VLAN"
-
@jarhead
- looks pretty similar to the FAQ..Also, access-port looks pretty correct and can't do to many mistakes here:
Manual says that Access is Untagged, so should be correct.
-
@fireix You still don't have vlan40 tagged on port 1.
-
@jarhead Should it say 40 on the first line or the 2nd? I can try and experiment a little to get it correct.
I also have this screen to edit vlan 1 - when I try to say that port 1 is tagged, it just removes my Tagged-entry and put it back to Untagged:
-
@fireix On the line with vlan40, it should list the port under the tagged header, so it won't say 40 on either of those lines.
Each line is a separate vlan.Do this, set port 1 to hybrid, untag vlan 1 on it and tag vlan 40 on it.
-
It is so confusing, since I can edit the port individually (like when I can choose Access port on port 43 and tons of details.. this is also where I set the port 1 to now Hybrid) and then I can edit it in this multi-port view.
As you can see, when I edit the 40 VLAN group as a hole like in the screenshot here, I can't set port 40 tagged (radio is greyed out/disabled) and when I try to set port 1 to Untagged, it just ignores this after pushing Submit and in the summary button shows "Untagged port 1,40" instead of "Tagged port 1".
Edit: Ops, I see that you say "Untag port 1", so it is correct here :) So ignore that part, port 1 is Untagged as it should.
-
@fireix You can't tag a vlan on an access port and you don't want to. You need to tag vlan 40 on Port 1.
Listen, a Trunk port carries multiple vlans, an access port only carries 1 vlan. Port 43 is correct, don't mess with it anymore. That's where your server is and it's set to vlan 40. Now, you have no other ports in vlan 40 so that port can't talk to anything else.
You need to carry both vlans to your pfsense. So port 1 needs to be a trunk or a hybrid (D-Link thing only as far as I know). A trunk willonly take tagged vlans and a hybrid will take untagged native (vlan 1) and tagged vlans. At least that's what I got from that instruction website.
If you can't figure out how to trunk the port with both vlans, the hybrid will do but you need to tag vlan 40 on it. -
This post is deleted! -
Ah, I had to stay in the interface of port 1 and then enter "40" and select tag... So unusual GUI. Got it :)
I would assume I should now choose Untagged port 1 in this "VLAN40" group, but you think it migth work due to Hybrid mode on port 1? When I choose port 1, it just seems to accept it, but goes back to "Not member"-line rigth after. So the system is telling me that something is not quite rigth yet I think..
-
In this different view, it hasn't really changed during all this. In this page, I can only change the name and number of the VLAN.
-
@fireix That page is where you add the vlans you want on the switch.
Now go to "vlan interface" and tag vlan 40 on port 1.You really should read that page again, shows everything you need to do from steps 1 - 3.
-
@jarhead said in VLAN on D-link:
@fireix That page is where you add the vlans you want on the switch.
Now go to "vlan interface" and tag vlan 40 on port 1.You really should read that page again, shows everything you need to do from steps 1 - 3.
I don't see how it helps, I feel like I have done all on that page ;)
Ok, so this is VLAN-interface - I assume you want me to edit Port nb 1 entry there. Like this:
Step1:
Step 2:
Isn't vlan 40 already tagged here? Or is it wrong?
It says "Current Hybrid Untagged VLAN Range 1" and "Current Hybrid Tagged VLAN Range 40".
-
@jarhead In there, under Hybrid mode in the faq, they have stated "tagged" for all the VLANS. So you mean I should enter 1-4096 (or 1-40) as "tagged" range instead of the things I have from my screenshot above?
Update: I now see that I think I was supposed to enter the actual ports here, not the vlan-number ;) I have my pfSense in port 1..
From that manual page:
PS: As far as I can understand, the VID in this picture only says what default vlan all traffic without a vlan packet should go to. So I think it is correct to have it at "1" in my case here (and 40 on port 43). Having it at "40" (or 2 in the manual) would basically stop all traffic on most non-vlan assigned ports.
-
@jarhead I'm so confused ;) Please let me know what to enter in Step 2 if you can. Port #1 is coming from pfSense and internet , DHCP (for vlan 40 only), gw.. all all that good stuff. Port 43 is the port with the server supposed to be isolated on VLAN40.
