Loosing access to GS316EP Plus Switch after configuring, GS308's are OK

I have a Firewalla Purple firewall taking care of my connection to the internet and doing DHCP for 4 VLANS. The Firewall is connected to a GS316EP which is then connected to 2) GS308EP's. I have setup the VLANS, Trunks, and set the PVID's to the best of my understanding of how it should be setup. With essentially the same configuration on all 3 switches I have no troubles with the 2) GS308's but I loose connection to the GS316.

See below:

If I plug a PC into any of the .2, .3, or .4 switches, I get the appropriate IP address via DHCP and I can access the .3 switch, the .4 switch, and the internet, but not the .2 switch (cannot access it thru the browser nor can I ping it).

My firewall can see the .3 switch, the .4 switch and my PC but not the .2 switch, even with all rules turned off.

What am I missing? Perhaps the Default VLAN or PVID's?

Thanks for any input!

TomEcomm
Apr 06, 2023
OK, I think I got it figured out. The GS316EP has a setting for Management VLAN while the GS308EP does not. I had left this setting at VLAN 1 (Default). Changing this setting to VLAN 10 seems to have solved the issue. Now when I plug a PC into a port on any of the 3 switches that is configured for Untagged VLAN 10, I can reach any of the 3 switches as well as have internet access. I am not sure what the PVID on the Trunk Ports should be but I have them set at 10 as well and it seems to be working.
A bit curious but using the NSDT only ever shows the GS316EP, no matter which of the 3 switches I am plugged into. This is not an issue for me since the 3 switches are all configured with static IP's.
Thanks all for the input!

14 Replies

schumaku
Guru - Experienced User
Apr 05, 2023
is "loosing the connection" limited to the reachability of the GS316EP LAN IP, or is there a systematic connectivity problem through the switches?

Reason asking? Lack of a managed core, and taking very simple micro-controller based design handing the IP based access, it's suggested (or required) to configure what makes up the management VLAN as an untagged network. The micro controller is not able to "see" the tagged administration traffic reliably.
- TomEcomm
  Aspirant
  Apr 05, 2023
  I cannot reach the GS316EP LAN IP from the browser and cannot ping it from the PC. I am not sure on internet connectivity since I loose my connection before getting it fully configured. As I said, the 2) 8-port switches maintain reachability to the LAN IP as well as the ability to get to the internet.
  Does my configuration look correct?
  Can you elaborate on how to configure what makes up the management VLAN as an untagged network?
  Lastly, if this is an inherent problem with these switches, what model would you suggest I go to to actually have a managed switch?
  
  Thanks for your input!
  - schumaku
    Guru - Experienced User
    Apr 05, 2023
    TomEcomm wrote:
    
    I cannot reach the GS316EP LAN IP from the browser and cannot ping it from the PC. I am not sure on internet connectivity since I loose my connection before getting it fully configured. As I said, the 2) 8-port switches maintain reachability to the LAN IP as well as the ability to get to the internet.
    
    in my understanding, your PC does connect to a VLAN (over the security appliance/router) which does come tagged to the GS316EP. You could reach the device, however it won't talk tagged on what does carry the IP address to the switch.
    
    TomEcomm wrote:
    
    Does my configuration look correct?
    
    in my understanding, your PC does connect to a VLAN (over the security appliance/router) which does come tagged to the GS316EP. You could reach the device, however it won't talk tagged on what does carry the IP address to the switch. So the answer is afraid, a no.
    
    TomEcomm wrote:
    
    Can you elaborate on how to configure what makes up the management VLAN as an untagged network?
    
    Lastly, if this is an inherent problem with these switches, what model would you suggest I go to to actually have a managed switch?
    
    With this switch design, I strongly suggest to use an untagged connection for what is handling the switch administration. The switch microcontroller can only interpret untagged frames for the IP addresses. .