cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

CISCO SWITCHES FOR SMALL and MEDIUM BUSINESS

Introducing the next generation of Cisco Small and Medium Business Switches. Cisco is refreshing its SMB Switch portfolio. Click here  to learn more.


1636
Views
0
Helpful
4
Replies

I would like some help with what I believe is a VLAN routing issue on a SLM2008 and RVS4000

Please see attached word documentfor a complete description.  Thanks!

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Rising star

Re: I would like some help with what I believe is a VLAN routing

Hi Michael,

Anyone who says the understood VLANs in the first hour is a much smarter person than me.

I gotta admit with much much humility, I think it took me weeks and weeks and nagging questions to some patient people (AR) until  finally I have some little understanding of how VLANs work.

So don't feel concerned, a lot of folks out there are  in the same 'boat' as you.

But VLANs, when you get the feel for them, are so so useful.

I like under "acceptable frame type" to  tick "all"

The PVID value basically tells me which untagged VLAN the port is in. 

This means that in the image below, ports 3, 6-8 will hopefully expecting to  received and transmit Ethernet frames labeled with a VLAN tag of 2.

But from the diagram above, I can now make up the following table;

                         untagged vlan                 tagged vlan

switch port 3               1                                2

switch port 6               2                                2 can't be tagged and untagged on the same switch port

switch port 7               2                                2  can't be tagged and untagged on the same switch port

switch port 8               1                                2 


So in the diagram above,  I can see that switch ports 1 and 2 are untagged ifor VLAN 3   So packets rolling around inside the switch destined for VLAN 3 will have their VLAN TAGs removed from the Ethernet frame as the packets egresses out the switch  to a IP host.

I can also see that switch port 3 untagged in VLAN 1, but you have set acceptable frame type to tagged Only.

Unless I am reading this absolutely incorrectly.

note:I must admit  have the bigger brother to the SG200 a SG300 series switch, 

Remember PC / security cameras (except Cisco, hey I'm a Systems Engineer gotta give my gear a plug )  in most cases don't send tagged Ethernet frames into the switch, that's why i like the idea of accept all frame types. I guess the default vlan settings are acceptable frame types = all

When we add a vlan to a switch port, like the picture below, these switch ports are added as a tagged vlan, becasue the port should already reside in a untagged VLAN..  This means that in the case below, ports 3, 6-8 will hopefully expecting to  received and transmit ethernet frames labeled with a VLAN tag of 2.

Told you, not easy, you need to play and practice with the switch and router

.  But the general rule I have followed for VLANs  is;

A switch port can be  untagged in only one vlan, but at the same time  tagged in mutliple  vlans.

In terms of the Camera limitation, on my camera,  I have not used my filters. But there is the ability to limit access by IP or network.

I am guessing  you may find a section on your DLINK camera  to filter. Reset the camera to factory defaults and try adding it again.

The routing between VLANs will occur at the RVS4000,  it  will route packets between the different VLANs, as the SG200 cannot be put in Layer 3 mode like it's bigger brother the 300 series (SRWXXX-K9-NA)..

regards Dave

View solution in original post

4 REPLIES 4
Highlighted
Rising star

Re: I would like some help with what I believe is a VLAN routing

Hi Mike,

Thanks for the great word document and your purchase.

Missing just a little bit of  details  on port connectivity such as RVS4000 switchport used to connect to the new 200 series SLM switch..

I am guessing that the wireless camera that 10.1.10.99 can't get to,  has a option selected to only allow access from a particular network.  I know I have extensive Access-list functionality on my WVC2300.  I'm guessing that may be the kicker for the non accessable camera. 

Try reseting the camera to factory defaults and configure it in again, sorry for this pre-caution .

Looked at the VLAN connectivity and produced a table  assuming that switch port 4 on the RVS4000 is connected to the switch.  I assumed that your SLM2008T switch port 3 is connected to the RVS4000.

Since both boxes support VLAN tagging , i produced the following table of how it might be hypothetically connected, whilst considering how you have it connected now.

Somehow your VLAN configuration must be working, but your configuration can exist with a single cat5e  cable going between the SLM2008T and the RVS4000, rather than multiple cables between the RVS4000 and the SLM2008T..

              Untitled.jpg

table 1 suggested VLAN configuration on switch and router

regards Dave

Highlighted

I would like some help with what I believe is a VLAN routing iss

Dave,

Thank you very much.  I think you are right this is likely a camera issue.  Just to make sure I have a few more questions.

I'm having trouble correlating your table with the switch config (You can see that I'm not the sharpest tool in the shop!).  I have no issue adding ports to the VLAN.  I'm confused with the port settings(see the last screen shot on page 4 of the attachment for the VLAN port config screen).  

Is it correct for port 7 to have a PVID of 2, accepting all frames, and  only "enable Tx force untag" checked?

Is it correct for port 3 to have a PVID of 1 , accepting only tagged frames, and "Enable Ingress filter" checked?

If this it is a camera limitation and the camera needs to be on the same network, could I add port 1(desktop) to vlan 1 and Vlan 2?  My Desktop supports Vlan tagging and I could create a virtual enet port on VLAN 2. 

If so what would be the settings for port 1 in the attached VLAN port config screen?

Thanks again for the help!

Highlighted
Rising star

Re: I would like some help with what I believe is a VLAN routing

Hi Michael,

Anyone who says the understood VLANs in the first hour is a much smarter person than me.

I gotta admit with much much humility, I think it took me weeks and weeks and nagging questions to some patient people (AR) until  finally I have some little understanding of how VLANs work.

So don't feel concerned, a lot of folks out there are  in the same 'boat' as you.

But VLANs, when you get the feel for them, are so so useful.

I like under "acceptable frame type" to  tick "all"

The PVID value basically tells me which untagged VLAN the port is in. 

This means that in the image below, ports 3, 6-8 will hopefully expecting to  received and transmit Ethernet frames labeled with a VLAN tag of 2.

But from the diagram above, I can now make up the following table;

                         untagged vlan                 tagged vlan

switch port 3               1                                2

switch port 6               2                                2 can't be tagged and untagged on the same switch port

switch port 7               2                                2  can't be tagged and untagged on the same switch port

switch port 8               1                                2 


So in the diagram above,  I can see that switch ports 1 and 2 are untagged ifor VLAN 3   So packets rolling around inside the switch destined for VLAN 3 will have their VLAN TAGs removed from the Ethernet frame as the packets egresses out the switch  to a IP host.

I can also see that switch port 3 untagged in VLAN 1, but you have set acceptable frame type to tagged Only.

Unless I am reading this absolutely incorrectly.

note:I must admit  have the bigger brother to the SG200 a SG300 series switch, 

Remember PC / security cameras (except Cisco, hey I'm a Systems Engineer gotta give my gear a plug )  in most cases don't send tagged Ethernet frames into the switch, that's why i like the idea of accept all frame types. I guess the default vlan settings are acceptable frame types = all

When we add a vlan to a switch port, like the picture below, these switch ports are added as a tagged vlan, becasue the port should already reside in a untagged VLAN..  This means that in the case below, ports 3, 6-8 will hopefully expecting to  received and transmit ethernet frames labeled with a VLAN tag of 2.

Told you, not easy, you need to play and practice with the switch and router

.  But the general rule I have followed for VLANs  is;

A switch port can be  untagged in only one vlan, but at the same time  tagged in mutliple  vlans.

In terms of the Camera limitation, on my camera,  I have not used my filters. But there is the ability to limit access by IP or network.

I am guessing  you may find a section on your DLINK camera  to filter. Reset the camera to factory defaults and try adding it again.

The routing between VLANs will occur at the RVS4000,  it  will route packets between the different VLANs, as the SG200 cannot be put in Layer 3 mode like it's bigger brother the 300 series (SRWXXX-K9-NA)..

regards Dave

View solution in original post

Highlighted

I would like some help with what I believe is a VLAN routing iss

Thanks for all the help!  This should get me going!