cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

SG220-26 VLANS

Dean Thompson
Beginner
Beginner

Excuse the newbie in me, VLANS are new to me and I decided to create them for the pure reason of security.  With all the devices around these days, Echo Dots and so forth, I want these off of my regular network and put into a Virtual Network.

 

I have a PFSense router box that I made, I have 2 VLANS assigned to one of the interfaces, each with their own DHCP server.

 

VLAN 10 - 10.0.10.0/24

VLAN 20 - 10.0.20.0/24

 

From my PFSense I have a connection configured as a trunk port going to my SG220-26 switch.  If I configure lets say port 5 on my switch as an access port, my non-VLAN aware device will lose connection.  If I configure the port as a general port it connects but to the default VLAN of 1.....

 

I am at a loss with VLANs, I thought they would be simple to implement, but after a few days I am at the point of walking away.

 

I know this is only a home network, but I take security seriously and really need some help to get this thing working.

 

Ask questions and I will provide the details needed.

 

I appreciate your time in helping me.

1 ACCEPTED SOLUTION

Accepted Solutions

Looking at the mac address table, have you got the pfsense box connected to wrong switchport? :

1 | 00:26:55:E2:E2:4E | Dynamic           | gi1
1 | 00:26:55:E2:E2:4F | Dynamic           | gi13

...shouldn't that MAC appear on Gi13? Maybe the port numbering on the HP NIC is not what you think it is? Try swapping Gi1 an Gi13 around.

 

cheers,

Seb.

 

View solution in original post

12 REPLIES 12

Seb Rupik
VIP Advisor VIP Advisor
VIP Advisor

Hi there,

Please provide the running config of the switch.

 

My first guess would be that you have not configured the correct access VLAN on port 5....but lets take a look at the config :)

 

cheers,

Seb.

The config as of right now is this... I have omitted some items that are not relevant. I have also changed and added a couple of VLANS.

Switch486752#show running-config
config-file-header
Switch486752
v1.1.4.1
CLI v1.0
@
!
!
!
clock source sntp
sntp server 192.168.0.1 port 123
clock timezone EST -5 minutes 0
clock summer-time web recurring usa
username "#$%*#" secret encrypted ##########################################=
no passwords complexity enable
!
!
!
vlan 10
name "Admin"
vlan 20
name "Data"
vlan 30
name "Home WiFi"
vlan 40
name "UNSECURE"
vlan 50
name "GAMING_VLAN"
voice vlan oui-table add 00:E0:BB 3COM
voice vlan oui-table add 00:03:6B Cisco
voice vlan oui-table add 00:E0:75 Veritel
voice vlan oui-table add 00:D0:1E Pingtel
voice vlan oui-table add 00:01:E3 Siemens
voice vlan oui-table add 00:60:B9 NEC/Philips
voice vlan oui-table add 00:0F:E2 H3C
voice vlan oui-table add 00:09:6E Avaya

!
!
!
!
no spanning-tree
spanning-tree mst configuration
name "B0:7D:47:48:67:52"
!
!
!
!
!
!
snmp-server location "Server CLoset"
snmp-server contact "Dean"
!
!
!
ip ssh server
!
!
!
!
!
!
!
!
!
interface gi1
!
interface gi2
!
interface gi3
!
interface gi4
!
interface gi5
switchport mode access
switchport access vlan 50
!
interface gi6
!
interface gi7
!
interface gi8
!
interface gi9
!
interface gi10
!
interface gi11
!
interface gi12
!
interface gi13
switchport trunk allowed vlan add 10,20,30,40,50
!
interface gi14
!
interface gi15
!
interface gi16
!
interface gi17
!
interface gi18
!
interface gi19
!
interface gi20
!
interface gi21
!
interface gi22
!
interface gi23
!
interface gi24
!
interface gi25
!
interface gi26
!
!
!

So in an attempt to try to get this working, I setup more VLANS and changed them to what you see.  My Trunk port for now is port 13 going to the PFsense machine, I am wondering if I need to set encapsulation on the port 13?

 

Port 5 is the port I am testing with a non-vlan aware device, I will also be adding in vlan aware devices like my Ubiquity Uni-Fi WAPs on another port.

 

I look forward to your reply.

 

OK, I'd like to make some changes to your running config which will help with our troubleshooting:

!
no spanning-tree mst configuration
!
spanning-tree enable
spanning-tree mode rstp
!
int gi5
spanning-tree portfast
!

 

Connect the switch to the pfsense box in gi13...give it 30 seconds...

Can you then tell me the output of:

 

sh interfaces switchport gi13

sh spanning-tree gi13

sh mac-address table

 

Can you find out the MAC address on the pfSense VLAN interfaces too?

 

cheers,

Seb.