Re: MS510TXM need some general assistance with Routing config

BeatleManiac · ‎2023-10-20

Hello everyone!

I'm running a MS510TXM with fw 1.0.5.10.

I'm trying to get VLAN routing working and I'm having trouble. From all subnets/VLANS (tagged & untagged) I can see the gateway address on he other side of the router, but not the devices on the subnet. From a Tagged vlan I can send a ping to the untagged Management VLAN 1. Using Wireshark, I can see the icmp packet on the VLAN 1 device and its reply packet, but the reply never makes it to the original VLAN.

I thought that maybe the downlink from my home router to my lab environment was causing the issue so tonight I tried connecting with 2 static IP'd laptops, one on the tagged VLAN and one on the management side with the internet router disconnected and got the same results. I'm just trying basic connectivity at this point. No DHCP helpers, etc.

I'll post the route table and VLAN interface ips below. Please let me know what else you'd like to see. It's been a while since I've dealt with this kind of networking and I know it's probably something simple I'm overlooking.

192.168.1.6 is the address of the switch (also gw from 192.168.1.0 to the Tagged VLANS) and 192.168.1.1 is the Internet router for the default route for outbound traffic.

I've included the PVID table as well - just in case my issue is here. I haven't done anything with this config yet.

Thanks in advance!!

Steve Hurd

Floyds Knobs, IN

schumaku · ‎2023-10-21

Hello Steve,

The PVID does define the VLAN untagged frame entering the switch resp. the switch ports are associated to.

I've requested a moderator moving this thread to the Plus And Smart Switches Forum to discuss Smart Switches (T) and Plus Switches (E), including Local and Remote Management, simply because this isn't a Managed Switch model.

This leads to the question on how these IP subnets are supposed to be associated with VLANs - where you expect the routing to become active. A little bit lost on how you are testing with these two computers, as (for simplicity) none of these is connected to an access port. I would suggest to configure two test ports, port set [U]ntagged and associated to the VLANs (and subnet) you intend to test routing, with the PVID set to the same VLAN ID, but not associated to any other VLAN) associated with the other VLANs. 8-/

I see you have a series of ports still untagged on 1, but tagged member of multiple VLANs. Are you testing from machines, e.g. hosting VMs, able to handle multiple subnets and VLANs?

Greeting from rainy Switzerland!

-Kurt

BeatleManiac · ‎2023-10-21

Hi Kurt!!

If you're an acapella music fan you probably know about The Real Group. They're from Switzerland too. Phenomenal! I saw them in the late 90's and was blown away!

Back to my issue. the VLANs are associated with my home lab and the ingress/egress point is from the 192.168.1.0 subnet. Most of my devices outside of my vms (NAS, vcenter & esxi mgt, etc) are on the 192.168.1.0 subnet, but I'm wanting to move them into specific VLANs based on function (management, data plane, etc.) and have them communicate with each other in the tagged environment as well as able to get to the Internet if I need them to.

I want the Lab routing to be handled by the smart switch. As you can see, most of them are in the 10.32.0.0 supernet and I have the internet router set with a static route pointing 10.32.0.0 to the management address of the switch (192.168.1.6.) on the switch side the route to 192.168.1.0 is pointed to 192.168.1.6 while the default route points to 192.168.1.1, the address of the Internet Asus wireless router.

I didn't see an option for setting a port to be access in the switch config. on the Tagged laptop, I set the VLAN ID on the ethernet adapter and was able to see other devices on that VLAN. for the 192.168.1.0 device, I just set a static address in that subnet with the gateway pointing to the switch.

Hope this helps!

schumaku · ‎2023-10-21

@BeatleManiac wrote:

If you're an acapella music fan you probably know about The Real Group. They're from Switzerland too. Phenomenal! I saw them in the late 90's and was blown away!

That would be Sweden ... Switzerland is slightly smaller my friend 8-)

@BeatleManiac wrote:

I didn't see an option for setting a port to be access in the switch config. on the Tagged laptop, I set the VLAN ID on the ethernet adapter and was able to see other devices on that VLAN. for the 192.168.1.0 device, I just set a static address in that subnet with the gateway pointing to the switch.

Normal computers like workstations, PCs, ... are always operating on untagged, connected to an access port (VLAN Membership ID [U]ntaggd, PVID set to the same. This is regardless of the VLAN - this is why I started talking about that all your switch port re untagged and PVID 1, and some allow so tagged connections.

BeatleManiac · ‎2023-10-21

My apologies! Both beautiful mountainous countries!

Here is the Advanced adapter config for my laptop:

setting the VLAN here allows me to have the laptop talk on a Tagged network.

schumaku · ‎2023-10-22

Yes, technically feasible - and the horror for IT security exposing multiple VLAN to workstation connections. That's why its not a great idea. If you need VLAN 10 on a port, then configure it as an access port with VLAN 10 [U]ntagged, PIVD 10 - and no other VLANs enabled on this switch port.

BeatleManiac · ‎2023-10-23

This is for a home lab, and the Lab Internet router is actually behind the main home Internet router, with a firewall between them. I'm not worried about security at this point. I'm just trying to duplicate most of the features of a corporate infrastructure for testing, cert prep, etc.

Back to my question though, what can I look at for insight into why I can't go from the untagged side to a tagged side? Traffic the other way seems to be flowing ok.

Steve Hurd

schumaku · ‎2023-10-25

@BeatleManiac wrote:

Back to my question though, what can I look at for insight into why I can't go from the untagged side to a tagged side? Traffic the other way seems to be flowing ok.

Tell us more about your test case, the scenario, ... what does work, and what does not work? The IPv4 traffic must flow through the switch, it does (in my opinion) not matter on how test systems are working with the IP subnets, as long as the networks are workable and configured correct.

Remember my original proposal to bring up some access ports for testing the subnets and the routing?

BeatleManiac · ‎2023-10-26

Is there anything in the config of my particular switch that designates a port as an access port? I see how I can assign vlan(s) to an interface, but not access vs trunk. Is that a command-line option?

schumaku · ‎2023-10-26

When I'm talking about an access port its a port configured (exclusively) [U]ntagged for the VLAN required, and the port PVID is set to the same VLAN ID.

At the and of the day, it does not matter if you connect your test systems on tagged trunks or some dedicated test systems to an access port. Appears you have plenty of VMs able to connect and talking to the VLANs, with some VMs ready to test the IP networking and subnetting including the IP routing.

BeatleManiac · ‎2023-10-31

Haven't forgotten about you! I have a really busy week and hopefully I'll have some time this Sunday to get back to my lab!

BeatleManiac · ‎2023-12-31

Hello everyone!!

Sorry it's been so long for my reply. I've purchased a GS108Tv3, which uses the same fw as my MS510TXM. This way I can troubleshoot the issue from a completely isolated environment. I am seeing the same issue, where a non-tagged device on a non-tagged VLAN cannot talk to a tagged device on a different tagged VLAN.

I have the default management VLAN on VLAN 1 on subnet 192.168.2.0. - Management ip is .1

My untagged VLAN is 3 on subnet 192.168.3.0 - Router interface is .1

My tagged VLAN is 4 on subnet 192.168.4.0 - Router interface is .1

I have 2 laptops.

The first one has 2 usb to ethernet adapters. One adapter is on the (untagged) management network (address 192.168.2.10). The other adapter is able to be set to a VLAN. I have it configured to use tagged VLAN 4 and I can ping the gateway address of 192.168.4.1.

The other laptop has a built-in ethernet adapter. I have it configured to talk on the non-tagged VLAN 3 with address 192.168.3.87. I can also ping its gateway address of 192.168.3.1.

From the switch, I can see both laptops' addresses in the routing table.

I have tried various permutations of the PVID settings, but none seem to allow the 2 networks to talk to each other. Here is the current PVID config:

The end goal is to allow a device on the untagged 192.168.3.0 network to communicate with a device on the tagged 192.168.4.0 network.

We can break this switch config at will!

Thanks for the help, and Happy New Year!!!

Steve Hurd

Floyds Knobs, IN

TheCat · ‎2024-01-04

HI,

Iḿ in the same situation, it looks like this product is not capable of routing packets between two VLANS!!! No matter what yo set in the configuration. I have 2 vlans assigned to 2 ports in native(untaged) mode and the .1 in each subnet assigned to the switch. Setting one PC on each port and VLAN and trying to ping from one to the other(no windoze firewall enabled) fails.

I have set a static route to my internet router that is connected to another port an VLAN and not even that is working if I set another PC in the same VLAN and point to the switch address as default gateway. This is a complete disaster and this switch is a joke as a L3 lite router.