NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
VLAN trunk with WAP
I'm trying to get VLANs working with my wireless access point. I have my firewall/router plugged into port 1 on the switch and have 6 VLANs setup on the firewall/router. On the switch I have VLAN 1 a...
schumaku wrote:
Kingrazor001 wrote:
schumaku wrote:
Kingrazor001 wrote:
I tried applying VLAN ID 5 to a port untagged with port 1 tagged and PVID of 5 on that port and it worked.The test port must be VLAN ID 5, Untagged, PVID 5.
The test port must be VLAN ID [2..6], Untagged, PVID [2..6] mor generic for the other VLANs.
So it looks like VLAN trunking isn't supported. If that's the case, I'd need to have one SSID per WAP to use VLANs with this switch. Right now all WAPs have all SSIDs. Guess I need a new switch.
Nope, no new switch. Just a slightly flat learning curve on VLANs, and thier troubleshooting.
I'm asking you to set-up a non-trunked port for a test system - and move this through all the VLANs required - like this we can ensure the VLAN work appropriate between the switch and the router.
Look, >95% of the issues are on the router/VLAN/IP subnet/DHCP configuration side, and not on the L2 switches. And when I read above that you have two untagged VLANs configured on a port, that's the guaranteed start into a disaster.
I have it working now. I apparently attached the VLANs on the router to the WAN port instead of the LAN port.
I would assume even these Smart Managed Plus switches do - I'm not familiar with the JGS524PE model. Does it have a full Web UI including the VLAN config in switching, or do you have to use the ProSafe Plus Configuration Utility?
VLAN -> 802.1Q -> Advanced 802.1Q -> VLAN Configuration
VLAN -> 802.1Q -> Advanced 802.1Q -> VLAN Membership
If these config options are available, I would assume it does work accordingly.
Could still be a config problem of the switch ports, being the trunk to the security appliance, being the trunk to the WAC, being the WAC itself.
Edit: The switch firmwae is anywhere near to the current one as from the JGS524PE model downloads https://www.netgear.com/support/product/JGS524PE.aspx#download ?
Sorry for my confusion before, I had a different switch family in mind.
Regards,
-Kurt
schumaku wrote:
I would assume even these Smart Managed Plus switches do - I'm not familiar with the JGS524PE model. Does it have a full Web UI including the VLAN config in switching, or do you have to use the ProSafe Plus Configuration Utility?
VLAN -> 802.1Q -> Advanced 802.1Q -> VLAN Configuration
VLAN -> 802.1Q -> Advanced 802.1Q -> VLAN Membership
If these config options are available, I would assume it does work accordingly.
Could still be a config problem of the switch ports, being the trunk to the security appliance, being the trunk to the WAC, being the WAC itself.
Edit: The switch firmwae is anywhere near to the current one as from the JGS524PE model downloads https://www.netgear.com/support/product/JGS524PE.aspx#download ?
Sorry for my confusion before, I had a different switch family in mind.
Regards,
-Kurt
I believe you need to use the utility, that's what I've been using so far. The screen shots in your comment match what I see. I'll check the firmware version next time I'm in front of the unit.
Great, looking forward. Provide some screenshots of the base LAN and at least one example VLAN please.
What kind of WAC is involved - and insight on it's configuration?
So here's what my screens look like:
If I tag or untag port 3 (which the WAP is physically connected to) and connect to the SSID with the cooresponding VLAN, I do not get an IP address. This is also true if I tag or untag port 1. Basically any combination of tagged or untagged on ports 1 and 3 doesn't work.
The WAPs are Ubiquiti UniFi APs. This is what the screen looks like for the SSID I'm testing:
Can't see the screenshots yet - takes a while until a moderator has approved.
In any case, when I have UniFi right in my grey cells, the management network must be untagged.
schumaku wrote:
Can't see the screenshots yet - takes a while until a moderator has approved.
In any case, when I have UniFi right in my grey cells, the management network must be untagged.
That's one of the combinations I tried. Port 1 untagged for VLAN 5 and port 3 tagged. VLAN 1 is untagged on all ports.
Kingrazor001 wrote:
That's one of the combinations I tried. Port 1 untagged for VLAN 5 and port 3 tagged. VLAN 1 is untagged on all ports.
All VLAN IDs used for the virtual SSIDs (for VLANs) must be tagged.
Does a simple test port configured untagged say for the VLAN ID 5 and PVID 5 supply a DHCP config and give access to the VLAN 5 and IP subnet at all?
schumaku wrote:
Kingrazor001 wrote:
That's one of the combinations I tried. Port 1 untagged for VLAN 5 and port 3 tagged. VLAN 1 is untagged on all ports.
All VLAN IDs used for the virtual SSIDs (for VLANs) must be tagged.
Does a simple test port configured untagged say for the VLAN ID 5 abd PVID 5 supply a DHCP config and give access to the VLAN 5 and IP subnet at all?
So far the only way I've gotten it to work is by assigning a PVID for that VLAN to a port. I tried applying VLAN ID 5 to a port untagged with port 1 tagged and PVID of 5 on that port and it worked.
Kingrazor001 wrote:
I tried applying VLAN ID 5 to a port untagged with port 1 tagged and PVID of 5 on that port and it worked.The test port must be VLAN ID 5, Untagged, PVID 5.
The test port must be VLAN ID [2..6], Untagged, PVID [2..6] mor generic for the other VLANs.
schumaku wrote:
Kingrazor001 wrote:
I tried applying VLAN ID 5 to a port untagged with port 1 tagged and PVID of 5 on that port and it worked.The test port must be VLAN ID 5, Untagged, PVID 5.
The test port must be VLAN ID [2..6], Untagged, PVID [2..6] mor generic for the other VLANs.
So it looks like VLAN trunking isn't supported. If that's the case, I'd need to have one SSID per WAP to use VLANs with this switch. Right now all WAPs have all SSIDs. Guess I need a new switch.
Kingrazor001 wrote:
schumaku wrote:
Kingrazor001 wrote:
I tried applying VLAN ID 5 to a port untagged with port 1 tagged and PVID of 5 on that port and it worked.The test port must be VLAN ID 5, Untagged, PVID 5.
The test port must be VLAN ID [2..6], Untagged, PVID [2..6] mor generic for the other VLANs.
So it looks like VLAN trunking isn't supported. If that's the case, I'd need to have one SSID per WAP to use VLANs with this switch. Right now all WAPs have all SSIDs. Guess I need a new switch.
Nope, no new switch. Just a slightly flat learning curve on VLANs, and thier troubleshooting.
I'm asking you to set-up a non-trunked port for a test system - and move this through all the VLANs required - like this we can ensure the VLAN work appropriate between the switch and the router.
Look, >95% of the issues are on the router/VLAN/IP subnet/DHCP configuration side, and not on the L2 switches. And when I read above that you have two untagged VLANs configured on a port, that's the guaranteed start into a disaster.
schumaku wrote:
Kingrazor001 wrote:
schumaku wrote:
Kingrazor001 wrote:
I tried applying VLAN ID 5 to a port untagged with port 1 tagged and PVID of 5 on that port and it worked.The test port must be VLAN ID 5, Untagged, PVID 5.
The test port must be VLAN ID [2..6], Untagged, PVID [2..6] mor generic for the other VLANs.
So it looks like VLAN trunking isn't supported. If that's the case, I'd need to have one SSID per WAP to use VLANs with this switch. Right now all WAPs have all SSIDs. Guess I need a new switch.
Nope, no new switch. Just a slightly flat learning curve on VLANs, and thier troubleshooting.
I'm asking you to set-up a non-trunked port for a test system - and move this through all the VLANs required - like this we can ensure the VLAN work appropriate between the switch and the router.
Look, >95% of the issues are on the router/VLAN/IP subnet/DHCP configuration side, and not on the L2 switches. And when I read above that you have two untagged VLANs configured on a port, that's the guaranteed start into a disaster.
I have it working now. I apparently attached the VLANs on the router to the WAN port instead of the LAN port.
Excellent find, glad you have your set-up up and running!
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
