NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Unable to route Netgear FS728TP VLAN 5 to Cisco Meraki MS250-24 switch
Hi, We have mostly Meraki switches, but our loss prevention manager has Netgear FS728TP switches that all his cameras are on. In the past 6-8 years, all cameras were on the default VLAN (1, 1...
Exactly what I mentioned above about certain brands which are hiding the effecive standard technology. It's about the Meraki partner to tell us how these Meraki trunk ports are configured exactly - then I'm happy to help. Coming back to the start:
schumaku wrote:
RCCrosier wrote:
The Meraki MS250 port #1 is connected to first Netgear port #6.
Meraki port 1 is Native VLAN 1, Trunk port.
So yes, appears the VLAN 5 does not exist on the Meraki side - or there is "more" which isn't shown here. ...
All I can read here is that the port is configured to be a trunk (so not an access port), and the untagged traffic is associated with VLAN 1.
Note the designation "native VLAN" has a very bad taste with network security world, having caused plenty of holes and vulnerabilities caused (ha, mainly Cisco systems) by having a unchangeable "native VLAN".
schumaku wrote:
RCCrosier wrote:
Netgear port 6 is VLAN 1 untagged. VLAN 5 tagged. PVID on ALL ports is 1.
Still incomplete (VLAN 5 only on the trunk?), and partially wrong in the PVID aspect. The PVID does define the switch VLAN where untagged frames are associated to.
For a trunk - and I think I've mentioned this several times - I would expect a config like this on the trunk:VLAN 1, [U]ntagged, PVID 1
VLAN 5, [T]agged
(this makes up a trunk carrying VLAN 1 untagged, and VLAN 5 tagged)For the access ports connecting the new cameras it's only:
VLAN 5, [U]ntagged, PVID 5.(and no other VLAN memberships, that makes up an access port for VLAN 5)
For the access ports connecting the old NVR/cameras on VLAN 1 it's only:VLAN 1, [U]ntagged, PVID 1.
(and no other VLAN memberships, that makes up an access port for VLAN 1)
With this config, trunking to whatever brand switch uplink, you have the VLAN 5 and the VLAN 1. Guessing again the VLAN 1 is also used as the management network for the switches et all. Watch your step acordingly in case you plan to change the management VLAN - the uplink trunk must be configued accordingly and workable for all VLANs
Again, it's no rocket science, and that's on how such simple networks with a few VLANs on a trunk are configued for decades. Nothing I show here is "Netgear" specific! You can expect from your Meraki partner that they are able to translate their fancy coloured marketing click UI to the basics resp. configure a trunk port according to the above.
All of our company network is VLAN 1. We have to be able to "access" the NVR server from VLAN 1, but we want the NVR on a separate VLAN (5) and all the cameras (eventually) to be on VLAN 5.
So a desktop (Loss Prevention manager, for example) that is on VLAN 1 (192.168.1.xxx) must be able to run software and see all the cameras on the 5.xxx network (VLAN 5).
The LP manager (and I) wanted to separate the two networks (cameras and busines) for several reasons, but mainly because we're running out of IP addresses in the 1.xxx subnet.
VLAN 5 is set up on the Meraki side, and the NVR is set to 192.168.5.253 (VLAN 5).
So, basically, devices on the 192.168.1 xxx network need to be able to see/access devices on the 192.168.5.xxx network.
We have this already, on our Meraki switches, for other VLANs (0.xxx, 2.xxx, 3.xxx, etc)
I'm not sure I understand fully what you're telling me, however, regarding an appropriate design.
To answer your other post, yes, there is routing on the Meraki side, but we cannot (and the Meraki person could not/would not) help us to figure out the appropriate settings on the netgear side to get the trunking to work properly, therefore, we have no connection there.
And yes, the NVR is connected to an Access port on the Meraki, on VLAN 5, but I don't know how to do the "proper trunk config for the Meraki<->Netgear connection" This is what we're missing, and I don't know what to set the ports for, to accomplish this.
Exactly what I mentioned above about certain brands which are hiding the effecive standard technology. It's about the Meraki partner to tell us how these Meraki trunk ports are configured exactly - then I'm happy to help. Coming back to the start:
schumaku wrote:
RCCrosier wrote:
The Meraki MS250 port #1 is connected to first Netgear port #6.
Meraki port 1 is Native VLAN 1, Trunk port.
So yes, appears the VLAN 5 does not exist on the Meraki side - or there is "more" which isn't shown here. ...
All I can read here is that the port is configured to be a trunk (so not an access port), and the untagged traffic is associated with VLAN 1.
Note the designation "native VLAN" has a very bad taste with network security world, having caused plenty of holes and vulnerabilities caused (ha, mainly Cisco systems) by having a unchangeable "native VLAN".
schumaku wrote:
RCCrosier wrote:
Netgear port 6 is VLAN 1 untagged. VLAN 5 tagged. PVID on ALL ports is 1.
Still incomplete (VLAN 5 only on the trunk?), and partially wrong in the PVID aspect. The PVID does define the switch VLAN where untagged frames are associated to.
For a trunk - and I think I've mentioned this several times - I would expect a config like this on the trunk:
VLAN 1, [U]ntagged, PVID 1
VLAN 5, [T]agged
(this makes up a trunk carrying VLAN 1 untagged, and VLAN 5 tagged)
For the access ports connecting the new cameras it's only:
VLAN 5, [U]ntagged, PVID 5.
(and no other VLAN memberships, that makes up an access port for VLAN 5)
For the access ports connecting the old NVR/cameras on VLAN 1 it's only:
VLAN 1, [U]ntagged, PVID 1.
(and no other VLAN memberships, that makes up an access port for VLAN 1)
With this config, trunking to whatever brand switch uplink, you have the VLAN 5 and the VLAN 1. Guessing again the VLAN 1 is also used as the management network for the switches et all. Watch your step acordingly in case you plan to change the management VLAN - the uplink trunk must be configued accordingly and workable for all VLANs
Again, it's no rocket science, and that's on how such simple networks with a few VLANs on a trunk are configued for decades. Nothing I show here is "Netgear" specific! You can expect from your Meraki partner that they are able to translate their fancy coloured marketing click UI to the basics resp. configure a trunk port according to the above.
schumaku ,
Thanks very much for your last reply. Today I got together with the LP manager and using your information in addition to what we already had, we were able to get the cameras to be visible to the new NVR server on the Meraki switch. I was also able to set up a test camera and connect to it on the 2nd Netgear switch in the chain, and see that camera from the NVR.
We just need to get the guy who sold him the new camera system to come in / connect in and see if he can now set up a camera on his NVR.
I appreciate the info very much.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
