× NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Orbi WiFi 7 RBE973
Reply

Re: GS510TLP inter vlan

mrmabmn
Aspirant

GS510TLP inter vlan

How do you configure the GS510TP for inter vlan communication.

 

 I am new to VLANs, I have a single GS510TPL.  How do I configure 3 VLAN to create 3 separate networks which can communicate on the single GS510TPL switch. Would be nice to provide internet access.  I cannot tell step by step how to do this.   Not sure whether to use General or Trunk, Tag or Untagged.   

I am creating 3 VLANs on the GS510TP
VLAN 1 = default 192.168.1.254 on Port 1
VLAN 10 = 192.168.0.250 =Ports 2-4
VLAN 20 =172.16.20.250 = Ports 5-7
VLAN 30 = 192.168.77.250= Port 8

How should the ports be configured so the hosts on the VLANs can communicate with each other.   I keep reading the inter vlan should happen automagically, but it is not happening.

Model: GS510TP|ProSAFE 8-port PoE Smart Switch with fiber uplink
Message 1 of 34

Accepted Solutions
Hopchen
Prodigy

Re: GS510TLP inter vlan

Hi,

 

I have tried to outline for you, what you need to do.

 

1. You must add an IP addresses to each of your VLAN interfaces under "Routing" --> "VLAN" --> "VLAN Routing". You have to create the VLANs first. I think you have already do this?

 

2. Static routes needs to be done on your Internet router for Internet access to these VLANs. You need static on your router so that the router can be made aware of the networks on the switch.

 

3. You need a DHCP server in each VLAN as your switch does not support DHCP relay from what I know. You cannot do the DHCP from the router as it will not be aware of the VLANs on your switch and the switch itself can't do DHCP server either, I think. The alternative is of course static IP addresses. That will work, but that is a pain for a large network.


Here is an example of a config. I am using your 3 VLANs for explanation + a VLAN used for routing to the Internet (VLAN 99). I have left VLAN 1 alone here.
VLAN 10 = 192.168.0.0 /24
VLAN 20 =172.16.20.0 /24
VLAN 30 = 192.168.77.0 /24
VLAN 99 = 192.168.99.252 /30

 

Router IP: 192.168.99.254 /30

 

Switch VLAN interface IPs (set these under: "Routing" --> "VLAN" --> "VLAN Routing").
Routing VLAN 99 IP: 192.168.99.253 /30
VLAN 10 IP: 192.168.0.250 /24
VLAN 20 IP: 172.16.20.250 /24
VLAN 30 IP: 192.168.77.250 /24

 

- Go to the routing table of the switch ("Routing" --> "Routing Table") and set the default gateway for the switch to: 192.168.99.254
- Turn on "Routing Mode" on the switch, under "Routing" --> "IP".
- Devices in VLAN 10 must have and IP of 192.168.0.x, with a default gateway address of: 192.168.0.250
- Devices in VLAN 20 must have and IP of 172.16.20.x, with a default gateway address of: 172.16.20.250
- Devices in VLAN 30 must have and IP of 192.168.77.x, with a default gateway address of: 192.168.77.250
- On the switch port that connects to the router, you want to untag that port for VLAN 99 and set a PVID of 99.
- On the switch ports that connects to VLAN 10 common non VLAN-aware devices, you want to untag those ports for VLAN 10 and set PVID of 10.
- On the switch ports that connects to VLAN 20 common non VLAN-aware devices, you want to untag those ports for VLAN 20 and set PVID of 20.
- On the switch ports that connects to VLAN 30 common non VLAN-aware devices, you want to untag those ports for VLAN 30 and set PVID of 30.

 

On the router you need to set static routes back to the subnets that the router is not aware of: 192.168.0.0 /24 and 172.16.20.0 /24 and 192.168.77.0 /24

 

So, three static routes in total on the router. They should look like this.

Destination network: 1192.168.0.0
Subnet mask: 255.255.255.0
Gateway/Router/Next Hop: 192.168.99.253

 

Destination network: 172.16.20.0
Subnet mask: 255.255.255.0
Gateway/Router/Next Hop: 192.168.99.253

 

Destination network: 192.168.77.0
Subnet mask: 255.255.255.0
Gateway/Router/Next Hop: 192.168.99.253


Hope that makes sense. Else let me know 🙂


Cheers

View solution in original post

Message 2 of 34

All Replies
Hopchen
Prodigy

Re: GS510TLP inter vlan

Hi,

 

I have tried to outline for you, what you need to do.

 

1. You must add an IP addresses to each of your VLAN interfaces under "Routing" --> "VLAN" --> "VLAN Routing". You have to create the VLANs first. I think you have already do this?

 

2. Static routes needs to be done on your Internet router for Internet access to these VLANs. You need static on your router so that the router can be made aware of the networks on the switch.

 

3. You need a DHCP server in each VLAN as your switch does not support DHCP relay from what I know. You cannot do the DHCP from the router as it will not be aware of the VLANs on your switch and the switch itself can't do DHCP server either, I think. The alternative is of course static IP addresses. That will work, but that is a pain for a large network.


Here is an example of a config. I am using your 3 VLANs for explanation + a VLAN used for routing to the Internet (VLAN 99). I have left VLAN 1 alone here.
VLAN 10 = 192.168.0.0 /24
VLAN 20 =172.16.20.0 /24
VLAN 30 = 192.168.77.0 /24
VLAN 99 = 192.168.99.252 /30

 

Router IP: 192.168.99.254 /30

 

Switch VLAN interface IPs (set these under: "Routing" --> "VLAN" --> "VLAN Routing").
Routing VLAN 99 IP: 192.168.99.253 /30
VLAN 10 IP: 192.168.0.250 /24
VLAN 20 IP: 172.16.20.250 /24
VLAN 30 IP: 192.168.77.250 /24

 

- Go to the routing table of the switch ("Routing" --> "Routing Table") and set the default gateway for the switch to: 192.168.99.254
- Turn on "Routing Mode" on the switch, under "Routing" --> "IP".
- Devices in VLAN 10 must have and IP of 192.168.0.x, with a default gateway address of: 192.168.0.250
- Devices in VLAN 20 must have and IP of 172.16.20.x, with a default gateway address of: 172.16.20.250
- Devices in VLAN 30 must have and IP of 192.168.77.x, with a default gateway address of: 192.168.77.250
- On the switch port that connects to the router, you want to untag that port for VLAN 99 and set a PVID of 99.
- On the switch ports that connects to VLAN 10 common non VLAN-aware devices, you want to untag those ports for VLAN 10 and set PVID of 10.
- On the switch ports that connects to VLAN 20 common non VLAN-aware devices, you want to untag those ports for VLAN 20 and set PVID of 20.
- On the switch ports that connects to VLAN 30 common non VLAN-aware devices, you want to untag those ports for VLAN 30 and set PVID of 30.

 

On the router you need to set static routes back to the subnets that the router is not aware of: 192.168.0.0 /24 and 172.16.20.0 /24 and 192.168.77.0 /24

 

So, three static routes in total on the router. They should look like this.

Destination network: 1192.168.0.0
Subnet mask: 255.255.255.0
Gateway/Router/Next Hop: 192.168.99.253

 

Destination network: 172.16.20.0
Subnet mask: 255.255.255.0
Gateway/Router/Next Hop: 192.168.99.253

 

Destination network: 192.168.77.0
Subnet mask: 255.255.255.0
Gateway/Router/Next Hop: 192.168.99.253


Hope that makes sense. Else let me know 🙂


Cheers

Message 2 of 34
mrmabmn
Aspirant

Re: GS510TLP inter vlan

Quick question, 

 

If my internet router has the IP address of 192.168.1.1, can I make VLAN99 192.168.1.251?

Message 3 of 34
Hopchen
Prodigy

Re: GS510TLP inter vlan

Hi again,

 

Yes, you can make VLAN 99 whatever IP scheme you want. Just make sure that the router's IP is in the same subnet as the VLAN 99 interface on the switch. And if you change the VLAN 99 IP scheme from what I suggested, then you need to make adjustments in the static routes, etc.

 

Also, note that you currently use 192.168.1.x for VLAN 1 on the switch. The switch won't allow you to use the same subnet for two different VLAN interfaces, so you would need to change the VLAN 1 IP scheme to something else before you can assign 192.168.1.x to VLAN 99.

 

BTW, the reason I introduce VLAN 99 in the first place is because I believe that these smart switches won't allow VLAN 1 to be part of routing. Probably because it is considered a management VLAN not to be routed amongst other VLANs.

Message 4 of 34
mrmabmn
Aspirant

Re: GS510TLP inter vlan

Hello Hopchen,

I truly appreciate all of the help.

 

I think I have all of the settings correct except the Routing Table, because I cannot get to the other vLANs.

 

Here is my layout

 

VLAN 1 IP is the default of 192.168.0.234

 

VLAN 99 IP = 192.168.1.250  for Internet access, my Netgear wireless router IP is 192.168.1.1, sn=255.255.255.0 I also have other hosts on this same subnet for example @192.168.1.15, sn=255.255.255.0, gw=192.168.1.1. Ports used are 2, 3, and 4

 

VLAN 20 IP = 172.16.20.250 sn = 255.255.255.0 with  1 host @ 172.16.20.96, sn =255.255.255.0, gw=172.16.20.250, Ports used are 5, 6, and 7

 

VLAN 30 IP = 192.168.77.250 sn= 255.255.255.0 with 1 host @ 192.168.77.134, sn =255.255.255.0, gw=192.168.77.250, Port used is 8

 

I have configured the static routes on my netgear wireless router.  I have attached two screen shots and 1 diagram, one from the GS510TLP and one from my Nighthawk X6 R8000 wireless router.  The VLANs are not communicating and even the hosts on the same VLAN as the internet router cannot see the internet.

 

Route 1  Destination network: 172.16.20.0 sn:255.255.255.0 gw: 192.168.1.1

Route 2 Destination network:192.168.77.0 sn:255.255.255.0 gw: 192.168.1.1

 

When I go into the routing table setting on the GS510TLP switch, I do not see how to see where I set the default gateway, I have submitted a screenshot of what I have configured.

 

Any suggestion on why it is not working?

NetGear VLAN config.jpgVlanroutingtablesmal.jpgSTatic routes on Nighthawki.jpg

 

 

 

Message 5 of 34
Hopchen
Prodigy

Re: GS510TLP inter vlan

Hey,

 

You are almost there! Just a few amendments you need to make. See my comments below.


"VLAN 99 IP = 192.168.1.250 for Internet access, my Netgear wireless router IP is 192.168.1.1, sn=255.255.255.0 I also have other hosts on this same subnet for example @192.168.1.15, sn=255.255.255.0, gw=192.168.1.1. Ports used are 2, 3, and 4"

 

Those devices on port 2, 3 and 4 - I would suggest that you use 192.168.1.250 as the default gateway. Reason being that it makes it more efficient for the inter-VLAN routing rather than those devices sending packets to the router - only to be send back to the switch 🙂 Make sure that ports 2, 3 and 4 are untagged (with a "U") for VLAN 99 and have the PVID set to 99.

 


"VLAN 20 IP = 172.16.20.250 sn = 255.255.255.0 with 1 host @ 172.16.20.96, sn =255.255.255.0, gw=172.16.20.250, Ports used are 5, 6, and 7"

 

All good! Just make sure that ports 5 6 and 7 are untagged (with a "U") for VLAN 20 and have the PVID set to 20.

 


"VLAN 30 IP = 192.168.77.250 sn= 255.255.255.0 with 1 host @ 192.168.77.134, sn =255.255.255.0, gw=192.168.77.250, Port used is 8"

 

All good here as well. Again, just make sure that port 8 is untagged (with a "U") for VLAN 30 and have the PVID set to 30.

 


"When I go into the routing table setting on the GS510TLP switch, I do not see how to see where I set the default gateway, I have submitted a screenshot of what I have configured."

 

You have done it correctly 🙂 The default route for the switch is indeed set under "Routing" --> "Routing Table" (like you did) and the screenshot you showed also has the correct "Next Hop Address" (192.168.1.1 - the Nighthawk router). Spot on!

 


As for the two static routes created on the Nighthawk router, they are not entirely correct. The gateway on those static routes should be different. So, like this:

 

Route 1
Destination network: 172.16.20.0
sn: 255.255.255.0
gw: 192.168.1.250 (the VLAN 99 IP of the switch)

 

Route 2
Destination network: 192.168.77.0
sn: 255.255.255.0
gw: 192.168.1.250 (the VLAN 99 IP of the switch)


Lastly, remember to enable Routing Mode on the switch, under the section "Routing" --> "IP".

 

Let me know if you need any assistance. Cheers.

Message 6 of 34
mrmabmn
Aspirant

Re: GS510TLP inter vlan

Hello Hoschen,

 

Almost there 🙂 with the one exception, I still cannot access the internet, even the system on the same VLAN99 with an IP of 192.168.1.15.

 

I just have a standard RJ-45 cable coming from the 24 port Netgear switch going into Port #2 of the GS510TLP. The Netgear switch is connected to the Wireless Router which provides internet access.

 

 

Model: GS510TP|ProSAFE 8-port PoE Smart Switch with fiber uplink
Message 7 of 34
Hopchen
Prodigy

Re: GS510TLP inter vlan

Hi again,

 

From what you describe, I am wondering if you remembered to set the DNS server on those devices that you are trying to access the internet with? What DNS settings did you use on the PCs?

 

Also, when testing internet access - are you accessing a URL or pinging an IP address on the Internet, like 8.8.8.8? Try both. If pinging 8.8.8.8 works, but accessing google.com does not work then you know it is a DNS issue.

Message 8 of 34
mrmabmn
Aspirant

Re: GS510TLP inter vlan

Hello,

 

I cannot ping 8.8.8.8, I do not get response on either host.

You are right I did not configure DNS, should this point to my router which gets its DNS entries from the cable modem. I ping the address of the wireless router which is 192.168.1.1, and 192.168.1.250. 

 

Message 9 of 34
Hopchen
Prodigy

Re: GS510TLP inter vlan

Hi,

 

You can use 8.8.8.8 as the DNS server for the PC. It is pretty common to use that (Google's DNS). That would be fine I'd say. You can also use the Nighthawk router IP if you want: 192.168.1.1.

 

In any case, it is not solely a DNS issue since you can't ping 8.8.8.8. Would you mind doing a few tests. Leave all devices connected as you have pictured in your diagram. Then try this:

 

1. Plug your PC into vlan 99 on the switch (port 3-4, leave the router uplink on port 2 connected as well). Set IP address accordingly on the PC (192.168.1.x), but change the default gateway on the PC to: 192.168.1.1. Can you then ping 8.8.8.8?

 

2. With 192.168.1.1 still being the default gateway on the PC, can you ping 172.16.20.250 and 192.168.77.250?

 

3. Change the default gateway on the PC back to 192.168.1.250 (leave the PC connected to vlan 99 of course). Can you no longer ping 8.8.8.8? What about 172.16.20.250 and 192.168.77.250?


Cheers

Message 10 of 34
mrmabmn
Aspirant

Re: GS510TLP inter vlan

Hello, 

 

I have to yes to all 3 conditions with the PC at static IP of 192.168.1.22, sn=255.255.255.0, gw = 192.168.1.1 and 192.168.1.250

Could ping 8.8.8.8, 172.16.20.250, and 192.168.77.250

Message 11 of 34
Hopchen
Prodigy

Re: GS510TLP inter vlan

Hi again,

 

Well that is good. It shows that VLAN 99 is OK with regards to Internet access.

 

Let's try another test from VLAN 20.
Use the PC already connected to port 5.
IP: 172.16.20.96
SN: 255.255.255.0
GW: 172.16.20.250

 

Can you ping these IP addresses, from that PC? What is the result?
192.168.1.1
192.168.1.250
172.16.20.250
192.168.77.250
8.8.8.8

 


Also, let's make a similar test for the PC in VLAN 30.


Use the PC already connected to port 8.
IP: 192.168.77.134
SN: 255.255.255.0
GW: 192.168.77.250

 

Can you ping these IP addresses, from that PC? What is the result?
192.168.1.1
192.168.1.250
172.16.20.250
192.168.77.250
8.8.8.8

 


Those two tests should tell us more about where the issue lies. Cheers!

Message 12 of 34
mrmabmn
Aspirant

Re: GS510TLP inter vlan

Good morning,

 

First, I wanted to thank you for helping me get this working to this point.

 

I ran both tests on both VLAN20 and VLAN30, and each ping test had positive results except they both failed when trying to ping the 8.8.8.8 address.

 

I will note that there was a slight delay on both 172.16.20.250 tests, but the pings were successful on both VLAN20 and VLAN30.

 

Thanks again,

 

 

 

Message 13 of 34
Hopchen
Prodigy

Re: GS510TLP inter vlan

Hello,

 

No problem. I am happy to help 🙂

 

Thank you for doing the tests. They are very useful. I am quite sure I know what the issue is (this is of course based around your feedback from the tests). The bad news is that I am not sure we can solve that! Let me explain.

 

The problem is the Nighthawk, not the switch. Your config is also spot on. Here is what we can deduce from your tests:

 

1. The switch is doing the inter-VLAN routing correctly. Else you would not be able to ping the other VLAN IP addresses. This will allow us to also conclude that the PC's IP settings + default gw are correct, else you would not be able to ping the other VLAN IP addresses either. Lastly, we can further confirm that you VLAN settings (untag "U" and PVID) are done correctly. If they weren't, you again would not be able to ping the other VLAN IP addresses.

 

2. We know that the switch is using its own default gw correctly (set under: "Routing" --> "Routing Table"). When you plug a PC into VLAN 99 and use 192.168.1.250 as the PC's gw, then try to ping 8.8.8.8 - it works. This means that the PC's request to ping 8.8.8.8 was send to the PC's gw (192.168.1.250 - the switch) and in turn the switch would say: "Do I know where 8.8.8.8 is? No, so let me forward the packet on to my own default gw (192.168.1.1 - the Nighthawk)". The switch must have forwarded the packet correctly to the Nighthawk. We know this, because your ping to 8.8.8.8 worked!

 

3. We know that the Nighthawk is using its static routes correctly, to some extend. Else you would not be able to ping 192.168.1.1 from either VLAN 20 or VLAN 30.

 

 

I think the issue is that your Nighthawk does not use its static routes when traffic comes back from the Internet. I'll elaborate.


When you are in VLAN 20 or VLAN 30, you can ping the Nighthawk (192.168.1.1). The Nighthawk must - 100% certainty - be using its static routes when replying back to you. It is the only way it can reply since the Nighthawk is not otherwise aware of how to reply back to those IP networks (172.16.20.x and 192.168.77.x respectively). It must look at its static routes.

 

However, I believe, that when traffic is coming back from the WAN (Internet) side, the Nighthawk is not using its static routes to forward the traffic back down to the switch. What I think happens is this:
- PC in VLAN 20 or 30 pings 8.8.8.8
- The PC send the packet its default gw = the switch.
- The switch send the packet to its default gw = the Nighthawk.
- The Nighthawk forwards the packet onto the Internet and the packet reaches its destination.
- The Internet destination replies back and the reply eventually ends up with Nighthawk again. All good so far.
- Then, for some unknown reason, the Nighthawk does not look at its static routes to understand to forward on the packet back to the PC. Instead, it drops the packet.

 

What further confirms the above theory is that VLAN 99 works fine. It works because the Nighthawk does not need to use any static routes to reply back to the PC in VLAN 99 (as the Nighthawk is member itself of that network). Again, pointing to an issue with those static routes.

 

It seems the static routes work for the LAN traffic, but not for traffic coming back from the WAN (Internet).

 

That is my guess. It is easy enough to 100% confirm. All you need is to run a 2 minute packet capture with Wireshark 🙂 Anyhow, if I am right - then the issue is firmware related on the Nighthawk. Neither you or I can fix that.

 

- Is the Nighthawk on the latest firmware? Else please update it and see if the issue persists.
- Do you have another router laying around, by any chance? If so, we can set that up the same way as the Nighthawk and see if works. If it does = the issue on the Nighthawk. That would also be a good way to confirm.


This was a long post - Sorry! Let me know if anything is unclear.

Message 14 of 34
mrmabmn
Aspirant

Re: GS510TLP inter vlan

Hello, 

 

Everything you said made sense, except I do not know why Nighthawk would not forward the WAN traffic to the other VLANs unless it has to be VLAN aware?

 

Yes, the Nighthawk is on the latest version of firmware, V1.0.3.54_1.1.37. 

Is there a name for this certain feature I need on a router to support what I want to do, does Netgear offer a wireless router with feature?

Do I need a router which is interVlan Aware for this to work?

 

Thanks again, so close now.

Message 15 of 34
Hopchen
Prodigy

Re: GS510TLP inter vlan

Hey,

 

Yes, it is indeed a good question why the Nighthawk does not forward that traffic correctly.

 

The Nighthawk does not need to be VLAN aware for this to work. This is one of the reasons they give you static routes :). Also, if the Nighthawk had to be VLAN aware for this to work, then it would not work either with just LAN traffic - but it does! You can sit in VLAN 20 or VLAN 30 and ping 192.168.1.1 - i.e. the static routes work for LAN only traffic. They should work equally for Internet traffic coming back, as well!

 

You might not realise, but the setup your are doing here is extremely common in all sorts of businesses. It's very common practise to do what you are doing. It is not like we are making some fiddly work-around (though it might seem like it) :).

There is even a Netgear article about it. You can see that it is the same you are doing (except the article highlights some extra stuff, like ACLs and DHCP server). But the core setup is exactly the same:
https://kb.netgear.com/30818/How-to-configure-routing-VLANs-on-a-NETGEAR-managed-switch-with-shared-...

 

So, it cannot be a question of whether the Nighthawk has to be VLAN aware or not.

 

You do not have another router we can use for a test? Any brand will do I'd say?

 

If not, then I think you should do a packet capture (I can explain how to) to 100% confirm my theory. If it proves correct - then raise it with Netgear support. It is not a case of "getting a router that can do this". All routers should be able do what you need. Simple static routes 🙂

 

Cheers!

Message 16 of 34
mrmabmn
Aspirant

Re: GS510TLP inter vlan

Hello,

 

OK, I have downloaded Wireshark, please tell me what you want me to do.  I have not used Wireshark before. walk me through it.

 

thank you,

Message 17 of 34
Hopchen
Prodigy

Re: GS510TLP inter vlan

Hey,

 

What you are interested in, is this simple question: "When I send traffic from VLAN 20 or VLAN 30, to the Internet, is the switch forwarding that traffic to the Nighthawk?"

 

Subsequently, you want to know: "If yes, does the traffic come back from the Nighthawk?". It should!

 

So, to approach this you want to examine the traffic running between the switch and the Nighthawk - in other words the traffic on port 2. In order to capture that traffic, you can use something called port mirror. All switches would have that feature. Basically, you can instruct the switch to copy all ingoing and outgoing traffic on a certain port, to another port. This is very useful in your case.

 

Essentially, one port is the mirrored port (the port we want to capture traffic from) and one port will be the probe (where we are mirroring to). Let's use port 2 as the mirrored port and port 7 as the probe. I think port 7 is free?
Port mirror is easy to setup. Here is the manual (page 398-400): http://www.downloads.netgear.com/files/GDC/GS418TPP/GS418TPP-GS510TLP-GS510TPP_UM_EN.pdf
You want the source port (mirrored port) to be port 2 and the destination port (probe port) to be port 7. Please make sure the mirror direction is set to "Tx and Rx". We want to see both transmitted and received packets on port 2.

 


When that is done, you are ready.

 

1. Plug your PC (with Wireshark installed) into port 7.

 

2. Start the Wireshark packet capture. Make sure the capture is set to capture packets on the wired NIC as that is the NIC that connects to the switch 🙂

 

3. Once the capture is running, you are likely to see various things populate here. In fact, if you don't see packets populate soon enough, the capture is wrong. There can be a lot of packets! However, you are only interested in a few specific ones (the pings). In Wireshark, you can set a filter option using the bar at the top. In that bar type (or copy/paste):
ip.addr==192.168.1.1 || ip.addr==8.8.8.8 && icmp
and hit "Enter".
This filter will look for packets to/from ip 192.168.1.1 or 8.8.8.8 and only find pings. The screen will now show no packets, after you hit "Enter". That is OK. You haven't generated any packets matching the filter - yet.

 

4. Once the capture is running, we make a test. Let's use the PC in VLAN 30. Start a ping from the PC in port 8. Ping 192.168.1.1. You should see pink coloured packets starting to show in Wireshark.

 

5. Now, ping 8.8.8.8 from the same VLAN 30 PC. Again, you should see some more pink packet populate.

 

6. Once those pings are done, take a screenshot of your Wireshark screen, just showing the pink packets. Don't include the stuff below those pink packets as it shows your mac address and it is not needed anyway. Then post the screenshot here.


NOTE: When a port is set to port mirror mode, it is no longer a normal port. It is exclusively a probe port. Turn off port mirror mode to make port 7 a normal port again - whenever you are done.


Thanks!

Message 18 of 34
mrmabmn
Aspirant

Re: GS510TLP inter vlan

Hello Hoschen,

 

My capture is not working and I am not sure what is configured wrong.

 

I added a PC to the VLAN20 on port 7 at the IP address of 172.16.20.98, I then went to the PC at IP address of 192.168.77.135 on VLAN 30 and did both pings.  Here is my screen shot of Wireshark, nothing there. I am not getting any errors. 

 

Wireshark.jpg

Message 19 of 34
Hopchen
Prodigy

Re: GS510TLP inter vlan

Hey,

 

I can't see your screenshot yet. But Did you setup the port mirror as well? To mirror port 2, to port 7?

Message 20 of 34
mrmabmn
Aspirant

Re: GS510TLP inter vlan

Yes, the mirroring was turned on, mirror from Port 2 to Port 7Wireshark.jpg

Message 21 of 34
mrmabmn
Aspirant

Re: GS510TLP inter vlan


@mrmabmn wrote:

Yes, the mirroring was turned on, mirror from Port 2 to Port 7Wireshark.jpg

 

OK, I am seeing packets, but the filter does not capture anything while pinging

 

I have tried ip.addr==192.168.1.1 || ip.addr==8.8.8.8 && icmp and (ip.addr==192.168.1.1||ip.addr==8.8.8.8) && icmp, here are two screen shots, the first without filter, the second with the filter (ip.addr==192.168.1.1||ip.addr==8.8.8.8) && icmp, I have an ongoing ping from the computer on VLAN30

 

NofilteronWireshark.jpgwithparenthesisfilter.jpg


 

Message 22 of 34
Hopchen
Prodigy

Re: GS510TLP inter vlan

Hi,

 

It looks like the traffic you see (without any filter) is indeed VLAN 99 traffic, meaning that the port mirror is working.

 

You said that you tried to ping and saw nothing in wireshark. Did the ping work, from the PC in VLAN 30 (port 8)? It should work to 192.16.1.1 (and not work to 8.8.8). So, when you pinged 192.168.1.1 - did you get reply?

 

Try instead a less restrive filter. Type: icmp
and hit "Enter"

 

Then ping 192.168.1.1 and 8.8.8.8 (respectively) from the VLAN 30 PC.

As a control test, also take a PC in VLAN 99 (port 3-4) and ping 192.168.1.1 and 8.8.8.8 (respectively) - just to see if wireshark on PC in port 7 picks it ups.


And of course let wireshark run, while you are pinging. Ping at the same time as wireshark captures. I think that is what you did already?


Cheers

Message 23 of 34
mrmabmn
Aspirant

Re: GS510TLP inter vlan

Good day Hopchen,

 

Sorry about the lack of detail, the ping to 192.168.1.1 from VLAN30 was successful, but nothing was visible on wireshark.  The ping to 8.8.8.8 from VLAN30 was NOT successful, again nothing visible on wireshark.

 

I set the filter to icmp only, and pinged both 192.168.1.1 and 8.8.8.8 from VLAN30 and nothing was visible on wireshark. The ping to 192.168.1.1 was successful, the ping to 8.8.8.8 was NOT successful.

 

Pinging 192.168.1.1, 192.168.1.250, and 8.8.8.8 from a computer on the VLAN99 (192.168.1.x) with the wireshark filter set to icmp on Port 7 was successful to each address; however NOTHING was visible on Wireshark.

Message 24 of 34
Hopchen
Prodigy

Re: GS510TLP inter vlan

Hi,

 

Hmmm....

 

You are pinging correctly, so that is good. We should see that traffic is wireshark.

I am wondering why Wireshark is not picking it up. I think your port mirror is OK.

 

Do a quick control test.

- Plug the PC in port 7, into port 6 (still VLAN20).
- Start wireshark capture on that PC, with the filter: icmp
- Then Ping 172.16.20.250 and 192.168.1.1 and 8.8.8.8.

 

Do you see anything in Wireshark. If not, you must be capturing with the wrong interface. Also try and see if you see the pings with no filter on.


Let me know.

Thanks

Message 25 of 34
Top Contributors
Discussion stats
  • 33 replies
  • 9675 views
  • 6 kudos
  • 2 in conversation
Announcements