× NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Orbi WiFi 7 RBE973
Reply

Re: Having trouble implementing vlan on Prosafe switch

No4
Tutor
Tutor

Having trouble implementing vlan on Prosafe switch

I'm in the process of slowly upgrading my home network.  I originally aquired the Prosafe JGS524PE switch for the POE capabilities for my security cameras.  Now I'm trying to ditch the ISP supplied Huawei router for a Ubiquiti Edgerouter X + APAC Lite and at the same time segregate my network into separate vlans.  This is new territory for me so I'm heavily reliant on the message boards and those who have gone before me to figure out the right approach (generally following Mike Pots guide for the Ubiquiti side).
Having realised that the switch supported vlans, I thought I'd use that rather than separate switches for the wired side.  But rather than commit to a hard changeover, it looked like I could use the switch to set up just a couple of ports for testing, leaving the rest as is until I had the bugs ironed out.  This is where I'm having trouble.
I have enabled Advanced 802.1Q VLAN. I have 4 vlan IDs - the default 01 plus 03, 04, 08 (intended for the new Home Network, IoT and Security). All ports except 12, and 24 are Untagged on vlan 01 with 01 as the PVID. This is for my current setup and still works correctly.
I have port 23 providing network/nat to the ERX eth0, and port 24 returning from eth2. Port 24 is Tagged for vlans 03, 04, 08 with a PVID of 03 as I'm intending the ERX to provide nat and segregation to the other ports (192.168.3.1 serving vlan 03, 192.168.4.1 serving 04 etc).
Port 16 is Untagged for vlan 03 with a laptop attached.
Port 12 is Untagged for vlan 08 with an IP camera with a static IP attached.
I can also access vlan 03 from wifi from either the laptop or an ipad for testing.
Using Wifi on 03, I can log into the IP camera on 08 (port 12), indicating that my firewall rules are working and suggesting the swtich vlan settings are working so far.
But with the laptop plugged into port 16, I cannot access the IP camera on port 12, nor the ERX on port 24. I can't get the NAT, or ping 192.168.3.1
I was expecting that the laptop (Untagged on 03/port 16) would communicate with the router (Tagged on 03/port 24), get an ip address assigned and be able to communicate across to the IP camera (Untagged on 08/port 12) as per the firewall rules that worked for wireless access.
I figure there is a gap in my understanding here somewhere as to how vlans work on the Prosafe switch but I haven't been able to search out any solutions so far. Any help would be appreciated.

Model: JGS524PE|ProSafe Plus 24 ports switch with PoE
Message 1 of 7

Accepted Solutions
No4
Tutor
Tutor

Re: Having trouble implementing vlan on Prosafe switch

OK, trunking problem solved, although I'm confused as I'm sure I'd already tried those settings with no success.  The switch was fine, but I needed to add vlan3 as a PVID for Eth2 on the ERX.  Now I can plug into port 16 and get assigned a vlan3 address from the ERX DHCP server.  If I change a port to vlan4, the same applies.  I can login to the camera on port12/vlan8 so the firewall settings are working also.  Here is a pic of the ERX settings to clarify for anyone else dealing with similar issues.  Thanks for the help all.

View solution in original post

Message 6 of 7

All Replies
DaneA
NETGEAR Employee Retired

Re: Having trouble implementing vlan on Prosafe switch

@No4,

 

Welcome to the community! 🙂 

 

I'm not familiar with both Ubiquiti Edgerouter X and UniFi AP-AC Lite. However, kindly answer the questions below:

 

a. Are VLANs also configured on the Ubiquiti Edgerouter X? 

b. What is the IP address of the laptop when connected wirelessly to the UniFi AP-AC Lite?  

c. Is the UniFi AP-AC Lite connected to the Ubiquiti Edgerouter X or directly connected to the JGS524PE switch? 

d. Is the wireless network broadcasted by the UniFi AP-AC Lite tagged to a certain VLAN?  If yes, to what VLAN? 

e. What is the current firmware version of the JGS524PE switch? 

 

It would be best if you post a detailed diagram of your existing network.  

 

 

Regards,

 

DaneA

NETGEAR Community Team

Message 2 of 7
No4
Tutor
Tutor

Re: Having trouble implementing vlan on Prosafe switch

Thanks for the response.

a.  Yes, VLANs are configured on the ERX ports 2-4. This has been tested by plugging the laptop into eth3. This would result in an ip address of 192.168.3.x.  If I configured the laptop's eth adapter to vlan 4, I would get an ip address of 192.168.4.x, and similarly for vlan 8.

b.  When connected to the APAC Lite, the laptop ip address was 192.168.3.47.

c.  The APAC Lite is directly connected to the ERX on eth4.

d.  The APAC broadcasts 3 wireless networks. The default home network as above, and vlans 6 & 7 for guest network and wireless IOT.

e.  The switch firmware is 2.0.1.26.

 

Network diagram attached.

Model: JGS524PE|ProSafe Plus 24 ports switch with PoE
Message 3 of 7
schumaku
Guru

Re: Having trouble implementing vlan on Prosafe switch

Don't think this is a switch config issue. The switch does only handle the VLANs ... and what is configured does go in and out there.

 

The schema does look incomplete to me, e.g. VLAN 3 is missing on the ERX (it only seems to exist on the switch), the APAC connects to a port with only VLAN 6 and 7. Add all subnet (untagged)/VLAN(tagged) details for all ERX ports, ...

 

The purpose of the ERX is only to add routing capabilities for the local [V]LAN, while the Internet access happens on VLAN 1 to the Huawei?

Last but not least, what is "NAT" used in your description?

Message 4 of 7
No4
Tutor
Tutor

Re: Having trouble implementing vlan on Prosafe switch

I wasn't sure whether this is a switch issue or a router one, but figuring the switch side of things was simpler, should be easier to diagnose or rule out.  Given your comment, it looks like there isn't anything obvious wrong with my switch config so I'll move over to the Ubiquiti community to see if they can help.  If I succeed there I'll update this post to close off.

 

The ERX schema is copied from the router configuration page (see image).  Not Netgear product but for clarity I'll elaborate a little. I followed a guide in setting my ERX up as mentioned in the OP.  That is where the eth4 settings comes from.  I think the vlan3 is somehow default, as that was set up first and then the others added.  The guide only used vlans for the AP and used separate switches on different ports to segregate the wired side so I'm extending it to add the vlans on the switch for eth2 and eth3.  That may well be where my problem lies.  I tried adding vlan3 yesterday as you suggested but that appeared to break things.

 

Yes, the current purpose of the ERX is limited to the vlan segregation testing, while I prove this all out.  Once I have verified that I have vlans working and that the firewall rules allow the Home net to talk to the security subnet but not vice versa etc, then I will replace the Huawei with the ERX and reconfigure the switch so that all IP cameras are on vlan8 (security), office on vlan3 (Home) and AV stuff on vlan4 (IoT).  The AP will also handle vlan3, vlan6 (guest) and vlan7 (wireless IoT). It would be possible to have 3 cables from the switch to the ERX rather than Tagging the trunk port but that seems a waste of ports so I'm attempting this.

 

NAT was me using the wrong acronym - I meant DNS server in this context.

 

Thanks again for you're help, it looks like my understanding of the switch settings was about right afterall.  On to Ubiquiti...

Message 5 of 7
No4
Tutor
Tutor

Re: Having trouble implementing vlan on Prosafe switch

OK, trunking problem solved, although I'm confused as I'm sure I'd already tried those settings with no success.  The switch was fine, but I needed to add vlan3 as a PVID for Eth2 on the ERX.  Now I can plug into port 16 and get assigned a vlan3 address from the ERX DHCP server.  If I change a port to vlan4, the same applies.  I can login to the camera on port12/vlan8 so the firewall settings are working also.  Here is a pic of the ERX settings to clarify for anyone else dealing with similar issues.  Thanks for the help all.

Message 6 of 7
schumaku
Guru

Re: Having trouble implementing vlan on Prosafe switch

If you have to configure a PIVD it means there is non-tagged traffic flowing to that interface, and the router (or similar a switch) will allocate this traffic to the VLAN ID identified by the PVID. Check your design if the VLAN ID 3 is intended to be tagged or untagged on each trunk. If it's supposed to be tagged, there should not be any untagged traffic belonging to the #3. But then the #3 must be configured on the port as a VLAN, too - this is currently not very consistent in the config.

Message 7 of 7
Top Contributors
Discussion stats
  • 6 replies
  • 2371 views
  • 1 kudo
  • 3 in conversation
Announcements