NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Unable to route Netgear FS728TP VLAN 5 to Cisco Meraki MS250-24 switch
Hi,
We have mostly Meraki switches, but our loss prevention manager has Netgear FS728TP switches that all his cameras are on.
In the past 6-8 years, all cameras were on the default VLAN (1, 192.168.1.xxx), and worked fine. However, he's installing a new camera system, and we want to move him to VLAN 5 (192.168.5.xxx). Our Meraki dealer does not support Netgear and though they tried to help a bit, could not get VLAN 5 to route to the Meraki properly, so we cannot see any of the new cameras (installed for testing), from the new NVR server. Is this possible with a Netgear FS728TP to Meraki MS250-24?
We've set up the VLAN 5 and tagged the ports connecting to the Meraki, but even connecting a laptop to a port (tagged or not), we cannot ping or see anything on 192.168.5.xxx
I could use some input on this. If it's not doable with this switch combination, we'll just bite the bullet and buy three new MS125 Meraki switches, but I'm just doing due diligence before spending that money.
Thanks in advance.
Exactly what I mentioned above about certain brands which are hiding the effecive standard technology. It's about the Meraki partner to tell us how these Meraki trunk ports are configured exactly - then I'm happy to help. Coming back to the start:
schumaku wrote:
RCCrosier wrote:
The Meraki MS250 port #1 is connected to first Netgear port #6.
Meraki port 1 is Native VLAN 1, Trunk port.
So yes, appears the VLAN 5 does not exist on the Meraki side - or there is "more" which isn't shown here. ...
All I can read here is that the port is configured to be a trunk (so not an access port), and the untagged traffic is associated with VLAN 1.
Note the designation "native VLAN" has a very bad taste with network security world, having caused plenty of holes and vulnerabilities caused (ha, mainly Cisco systems) by having a unchangeable "native VLAN".
schumaku wrote:
RCCrosier wrote:
Netgear port 6 is VLAN 1 untagged. VLAN 5 tagged. PVID on ALL ports is 1.
Still incomplete (VLAN 5 only on the trunk?), and partially wrong in the PVID aspect. The PVID does define the switch VLAN where untagged frames are associated to.
For a trunk - and I think I've mentioned this several times - I would expect a config like this on the trunk:VLAN 1, [U]ntagged, PVID 1
VLAN 5, [T]agged
(this makes up a trunk carrying VLAN 1 untagged, and VLAN 5 tagged)For the access ports connecting the new cameras it's only:
VLAN 5, [U]ntagged, PVID 5.(and no other VLAN memberships, that makes up an access port for VLAN 5)
For the access ports connecting the old NVR/cameras on VLAN 1 it's only:VLAN 1, [U]ntagged, PVID 1.
(and no other VLAN memberships, that makes up an access port for VLAN 1)
With this config, trunking to whatever brand switch uplink, you have the VLAN 5 and the VLAN 1. Guessing again the VLAN 1 is also used as the management network for the switches et all. Watch your step acordingly in case you plan to change the management VLAN - the uplink trunk must be configued accordingly and workable for all VLANs
Again, it's no rocket science, and that's on how such simple networks with a few VLANs on a trunk are configued for decades. Nothing I show here is "Netgear" specific! You can expect from your Meraki partner that they are able to translate their fancy coloured marketing click UI to the basics resp. configure a trunk port according to the above.
8 Replies
The access ports for the new cameras are set to VLAN 5 [U]ntagged and PVID 5 _only_ and no other VLAN?
For the trunk to whenever other industry standard switch with VLAN support the similar config must be applied on both ends, e.g. keep the old NVR on VLAN 1, PVID1, and for the new NVR VLAN 5 [T]agged.
Last, think L2 networking - of course you might have some L3 routing between the networks made of VLANs and IP subnets. Still, most is L2 switching. So I'm confused why you ask about routing that VLAN - explain please.
It's always funny to me reading that say Meraki or Ubiquity/UniFi (feel free to add other click brands here) resellers have apparently lost the basic track of what thier fancy UIs are really doing - at the end of the day mostly standard VLAN configurations. The standards are set for decades, and the interoperability can be taken as granted.
Thanks for your quick reply! I'm not sure I can answer these correctly, as I'm out of my area of expertise here, but I'll try.
The native/management VLAN on both switches is VLAN 1.
The NVR server is 192.168.5.253 and we can access that from VLAN 1 computers connected to the Meraki.
The Meraki MS250 port #1 is connected to first Netgear port #6.
Meraki port 1 is Native VLAN 1, Trunk port.
Netgear port 6 is VLAN 1 untagged. VLAN 5 tagged. PVID on ALL ports is 1.
I asked about routing that VLAN because I read a post by someone saying that this model may not do this...???
The vendor is telling me that "because they don't support it, even if they got it working, it may not be stable", but I think it CAN be made to work, by the right person... just not me, and apparently not the Meraki person, unfortunately.
Sorry, but I'm VERY unfamiliar with nuances/differences of L2, L3, etc. I've always relied on our vendors for routing and switches... I'm more of a software development side person.
schumaku : (I hope it's OK to say here)... I'd certainly be willing to pay for help fixing this if you can help me make these talk. I just don't know if our old switch guy is retired or still doing this stuff, and as I said, our current Meraki/Mitel phone people can't.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
