NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Unable to route Netgear FS728TP VLAN 5 to Cisco Meraki MS250-24 switch
Hi, We have mostly Meraki switches, but our loss prevention manager has Netgear FS728TP switches that all his cameras are on. In the past 6-8 years, all cameras were on the default VLAN (1, 1...
Exactly what I mentioned above about certain brands which are hiding the effecive standard technology. It's about the Meraki partner to tell us how these Meraki trunk ports are configured exactly - then I'm happy to help. Coming back to the start:
schumaku wrote:
RCCrosier wrote:
The Meraki MS250 port #1 is connected to first Netgear port #6.
Meraki port 1 is Native VLAN 1, Trunk port.
So yes, appears the VLAN 5 does not exist on the Meraki side - or there is "more" which isn't shown here. ...
All I can read here is that the port is configured to be a trunk (so not an access port), and the untagged traffic is associated with VLAN 1.
Note the designation "native VLAN" has a very bad taste with network security world, having caused plenty of holes and vulnerabilities caused (ha, mainly Cisco systems) by having a unchangeable "native VLAN".
schumaku wrote:
RCCrosier wrote:
Netgear port 6 is VLAN 1 untagged. VLAN 5 tagged. PVID on ALL ports is 1.
Still incomplete (VLAN 5 only on the trunk?), and partially wrong in the PVID aspect. The PVID does define the switch VLAN where untagged frames are associated to.
For a trunk - and I think I've mentioned this several times - I would expect a config like this on the trunk:VLAN 1, [U]ntagged, PVID 1
VLAN 5, [T]agged
(this makes up a trunk carrying VLAN 1 untagged, and VLAN 5 tagged)For the access ports connecting the new cameras it's only:
VLAN 5, [U]ntagged, PVID 5.(and no other VLAN memberships, that makes up an access port for VLAN 5)
For the access ports connecting the old NVR/cameras on VLAN 1 it's only:VLAN 1, [U]ntagged, PVID 1.
(and no other VLAN memberships, that makes up an access port for VLAN 1)
With this config, trunking to whatever brand switch uplink, you have the VLAN 5 and the VLAN 1. Guessing again the VLAN 1 is also used as the management network for the switches et all. Watch your step acordingly in case you plan to change the management VLAN - the uplink trunk must be configued accordingly and workable for all VLANs
Again, it's no rocket science, and that's on how such simple networks with a few VLANs on a trunk are configued for decades. Nothing I show here is "Netgear" specific! You can expect from your Meraki partner that they are able to translate their fancy coloured marketing click UI to the basics resp. configure a trunk port according to the above.
Thanks for your quick reply! I'm not sure I can answer these correctly, as I'm out of my area of expertise here, but I'll try.
The native/management VLAN on both switches is VLAN 1.
The NVR server is 192.168.5.253 and we can access that from VLAN 1 computers connected to the Meraki.
The Meraki MS250 port #1 is connected to first Netgear port #6.
Meraki port 1 is Native VLAN 1, Trunk port.
Netgear port 6 is VLAN 1 untagged. VLAN 5 tagged. PVID on ALL ports is 1.
I asked about routing that VLAN because I read a post by someone saying that this model may not do this...???
The vendor is telling me that "because they don't support it, even if they got it working, it may not be stable", but I think it CAN be made to work, by the right person... just not me, and apparently not the Meraki person, unfortunately.
Sorry, but I'm VERY unfamiliar with nuances/differences of L2, L3, etc. I've always relied on our vendors for routing and switches... I'm more of a software development side person.
schumaku : (I hope it's OK to say here)... I'd certainly be willing to pay for help fixing this if you can help me make these talk. I just don't know if our old switch guy is retired or still doing this stuff, and as I said, our current Meraki/Mitel phone people can't.
Oh, one more pertinent bit of info...
The NVR server is connected to the Meraki switch stack, not the Netgear.
So I know the routing/vlan on the Meraki side is working OK, because I can PING it from a PC on VLAN 1.
RCCrosier wrote:
The NVR server is connected to the Meraki switch stack, not the Netgear.
So the VLAN 5 does exist onthe Meraki stack, the NVR server is connected to an access port for the VLAN 5, and has a 192.168.5.x address, computers on the Meraki VLAN 1 with a 192.168.1.x address can reach the NVR so there seem to be some routing to be in place? All what has to happen is a proper trunk config for the Meraki<->Netgear connection, as explained before.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
