07-02-2010 05:09 AM
Hello,
Recently I bought a SR520-FE. And it works fine untill I do the following…
Setup is as follows:
Vlan 75 DHCP enabled with 192.168.22.x
Vlan 70 DHCP enabled with 192.168.75.x
When I create a second Vlan with number 70 on the sr520 and “connect” it to FE1 together with a second DHCP scoop with IP range 192.168.75.x, and I create a second Vlan on my switch and connect this to the SR520, see the picture then al the systems in the network are unable to connect to the internet.
What am I doing wrong.
Thanks for you help.
Ruud
07-02-2010 11:39 AM
Hi
looks acceptable.
I guess client plugging into vlan 2 on the switch are gettting DHCP scope of 192.168.75.x ?
I guess that Switch port FE1 on the SR520 is configured as a untagged or mode access port ? (it has to be)
I guess you have a NAT and firewall setup for this new interface on the SR520 ?
I guess you have set the switch ports leading to the SR520 as access (non tagged) ports ?
I must admit I personally prefer to have a tagged uplink going from a switch to a tagged port on the router.
The defaults vlan on the switch and router being untagged , whilst subsequent vlans are tagged . But I guess from your description you don't have a spanning treee loop or broadcast storm in the switch. But the thing you lack is client in vlan2 being able to access the internet.
My approach might be to;
Step 1. simplify the network and only use the router
You have two vlans on the router,
When you plug a PC in the router ports , default VLAN and VLAN 70, do the PCs get different allocation of DHCP scopes, or to word it another way do they get a IP address from 192.168.22.x and 192.168.75.x respectively ?
Step 2. Can these PC ping a internet IP address ?
Step 3. Can the PC ping a URL or bring up a web page or can the PC's resolve DNS addresses ?
Yes - then problem is most likely in the switch configuration.
no - Nat and firewall or ACL list may be setup correctly.
Let's see some of the answers to these questions.
Could be interesting to capture a show tech on the SR520-FE, and post it (maybe hide the WAN IP address)
regards Dave
07-04-2010 11:26 PM
Hi Dave,
Thanks for your reply.
For your point of view, the client are connecting to Vlan 1 on the switch and getting an IP form the range 192.168.22.x.
As default, all the ports on the SR520 are tagged as smart ports. I've configured FE1 as a port which is connected to a switch... and did nothing els to the other ports on the router.
I don't understand this line: I guess you have set the switch ports leading to the SR520 as access (non tagged) ports
What do you mean with it?
I'll post ASAP the show tech of the router.
Thanks again,
Regeards,
Ruud
07-08-2010 09:01 AM
Hi,
When you choose the Switch Smart Port mode, it configures the port as a VLAN trunk. In this mode, the port can handle traffic without VLAN tags - in what is called the native VLAN and tagged frames, which belong to VLANs.
I suggest that you only use the cable connected to FE1 as Dave suggests - loose the other one - and ensure the port on the switch to which it is connected is configured as a trunk too (with the same native VLAN at both ends).
HTH
Andy
07-09-2010 01:21 AM
Hello,
It’s maybe a strange question, but is it possible to post or give me a drawing of your explanation.
That's probable more easier for me to understand
kind regards,
07-09-2010 06:58 AM
Hi ritsscisco
I was talking about doing something like the following;
to put it in simple terms , have the red and blue vlans leaving my SR520 down a single cat5e cable leading to the OEM managed layer 2 switch.
Vlan 75 being the native untagged vlan on FE1 whilst the new vlan called Vlan 70 is tagged coming out of FE1.
On the OEM switch the port coming from the SR520 should allow untagged packets as well as be configured to accept tagged packets from VLAN 70.
On the OEM switch you will have type types of ports configured
ports 1 to 20 and port 23 untagged ports in the switch default vlan
ports 21,22,24 untagged ports in vlan 70
port 23 tagged port in vlan 70 the following table might help
You should be able to configure this on the SR520 by configuring the E1 port as a switch port role via smart ports.
( My SR520 is on loan so can't configurate this via CCA to test it out )
To configure the OEM switch show them this posting if you can't configure the OEM managed switch yourself.
regards Dave
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide