Vlan's not connecting across switches (GS752TP and M4100-26G)

Aranyic

Got a question I stuck up on netgear's community forum but figured I would post it here too. I'm not completely familiar with vlans and have something simple incorrect I think but I'm just hitting a wall trying to get things working correctly.

I'm running into an issue accessing a vlan from across switches. Here's what I've got setup currently. The VLAN works fine from the switch the router is plugged in to; however I can't get an IP from the other one.

Switch 1: M4100-26G; Ubiquity Router plugged into port 15.

Vlan 20: Tagged ports 15 (router), 21 + 22, 26 (uplink to other switch)

Vlan 30: Tagged ports 15 (router), 16 + 17 + 18, 26 (uplink to other switch)

Vlan 40: Tagged ports 15 (router), 19 + 20, 26 (uplink to other switch)

-No other ports are tagged or untagged they are all just left blank and not a part of the vlans.

-If I move a laptop from port to port (16, 19, 21, etc) I connect correctly and pull an IP from the correct DHCP server for that vlan.

Ports 15 and 26 are both PVID 1; the others are PVID their respective vlan that I want them tied to.

Switch 2: GS752TP

Vlan 20: Tagged ports 45, 56, 47, 48 + 52 (uplink to other switch)

Vlan 30: Tagged ports 37, 38, 39, 40 + 52 (uplink to other switch)

Vlan 40: Tagged ports 41, 42, 43, 44 + 52 (uplink to other switch)

Port 52 is PVID 1, all others are PVID their respective vlan that I want them tied to.

-This switch I can not access the router(dhcp) plugged into the other switch from any vlan segment. They are all just dead. The link is missing somehow but I can't figure it out. I've tried using the uplink ports untagged between the switches. I tried changing port 26 on the M4100 to a trunk port; however I don't see any options in the GS752TP for trunk ports?

Aranyic

//edit found something else I think I may need to try. Tagging my trunk ports that connect to routers/other switches. Then untag all the PC ports that I set specific PVID membership to the appropriate VLAN's.

https://community.netgear.com/t5/Smart-Plus-Click-Switches/can-t-get-vlan-trunk-port-working-on-the-web-managed-click/td-p/1352149

Myrmidon

I don't know 802.1Q as well as I should, so I don't guarantee I can help, but I'm pretty interested. Unfortunately I can't make out your post very well. There are some confusing things:
1. You're not untagging anywhere? Not even on pc-facing ports? Is your laptop smart enough to work with vlan tagging? That's usually a bitch to set up.
2. Is the router tagging?
3. How are you troubleshooting the link between the switches? Via laptop, or via direct ping? Does"show int ethe 1/1/26" show a link? Can you give each switch an IP on vlans and ping between them? Can you use Wireshark in promiscuous mode, or set a laptop up in transparent mode between them?

Your edit sounds in line with reality. At work, we use brocade and Arista networking gear. All uplinks/trunk ports on all networking gear is TAGGED on the vlans to traverse, and all last-mile, pc-facing ports are UNTAGGED on the vlans we want them to sit on. Except for a virtual asset I set up, no pc facing ports are tagged.

We also eschew the use of vlan1, because it's easy for your carefully planned plans to get messed up because you didn't quite understand how vlan1 was set up by default, or you missed a port on vlan1, or shit like that. No vlan1 for me, thanks.

Switching betweem vendors configs is always weird, too. I know Dell in particular has some funny treatment t of vlans. You think you could copy-paste us your config (redacting any important info, of course)?

Myrmidon

Oh, also... You mention looking for a trunk port setting in one of the switches. It may please you to know that in brocade or Arista, I don't believe there is such a setting... A "tagged" port is a trunked port automatically with those vendors, so that may be why you can't find such a setting. Maybe Netgear does it the same way.

I think. I'm not actually the network guy. I could be wrong.

Aranyic

I'll be working with it a little more tomorrow morning and then report back. I think my issue is that I need to make the PC ports untagged and that'll resolve me. I tried the uplink ports untagged with the PC ports tagged but not vice versa.

Myrmidon

I'm not a network guy, so my knowledge could be questionable, but I was taught to remember it thusly (which may help you in the future):

• 'untagged' means the frame going in (or going out of) the port is not vlan-active. This directive affects the 'external' side of the switchport only, to my understanding.
• 'tagged' means the frame going in (or going out of) the port IS vlan-active. This directive affects the 'external' side of the switchport only, to my understanding.
• the PORT is part of the vlan it's either tagged or untagged on, even if the frames are not. Ports tagged or untagged on a vlan can only send the frame internally to any other port tagged/untagged on that vlan (regardless of whether the receiving port is tagged/untagged).
• A vlan-active frame looks like a garbage packet to things that aren't expecting vlan tags. PCs (unless enabled) and untagged ports are not expecting vlan tags. Similarly, a non-vlan-active frame coming into something expecting a vlan-tag will look like garbage.
• A port can be 'tagged' on multiple vlans.
• A port can be 'untagged' on only one vlan. I have no idea why, because my understanding of vlans is that tagged/untagged has nothing to do with how the switch passes frames to other switchports internally, so there's obviously a gap in my knowledge here. This is just a rule I have to remember.

Thus, an 'untagged 76' port would be part of vlan76 and can talk to other ports on vlan76 (but only other ports on vlan76), but frames entering or leaving the port should be not vlan-active... so whatever is connected to the OTHER side of that port should be sending and receiving 'regular' frames. If the untagged port sees a vlan-active frame come into it, it'll think the frame is garbage. A 'tagged 197' port is part of vlan197 and can talk to other ports on vlan197, and frames entering or leaving the port should be vlan-active with a little '197' tag. A non-vlan-active frame coming into the port will look like garbage.

Now the massive disclaimer here is that I am not netops. I've worked with them and I have to work with vlans in practice, but my 'theoretical knowledge' is based entirely within the limited scope with which I already use vlans... meaning I may not be correct, just correct enough to do my job! :')

Aranyic

I figured it out last last night.

My configuration issue was that I had the PC port tagged instead of untagged.

I made that change early on but it took me about another 2 hours to get it working correctly. A fiber link was added between these switches when they were put in. However an ethernet connection was also left in place (port 11 to port 4 took a while to find) that I was not accounting for. I kind of knew that it may still be floating around out there but assumed that as long as I was accounting for one of the links between the switches that the packets would still find their way home. Turns out not. Once I tracked down that ethernet link and accounted for it in the tagging it all worked like magic.

Myrmidon

@Aranyic said:
I made that change early on but it took me about another 2 hours to get it working correctly. A fiber link was added between these switches when they were put in. However an ethernet connection was also left in place (port 11 to port 4 took a while to find) that I was not accounting for. I kind of knew that it may still be floating around out there but assumed that as long as I was accounting for one of the links between the switches that the packets would still find their way home. Turns out not. Once I tracked down that ethernet link and accounted for it in the tagging it all worked like magic.

I'm curious - did you figure out why that extra link was causing the packets to lose their way home? Maybe you had a looped route? Switches aren't strictly layer 2 devices anymore...