cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2460
Views
35
Helpful
18
Replies

Understanding Trunks and vlans

ApathiaLol
Level 1
Level 1

I managed to get my hands on an old Catalyst so I'm attempting to use an old UniFi AP for my IOT network, along with a guest network but I can't figure out how to properly configure the switch.

I have a PFSense install connected to a ge port on the switch, with the AP connected to one of the fe ports on the switch.

I have 3 vlans, 10(IOT), 20(Guest), and 99(Management).

 

From what I've read, I need to configure the port to be a trunk port, but that doesn't seem to work.

So I set fe0/2 and ge0/2 to trunk (switchport mode trunk)

And then I set them to allow all vlans (switchport trunk allowed vlan all)

I even set encapsulation to be dot1q (switchport trunk encapsulation dot1q)

 

I'm pretty sure I'm missing something, or entirely miss the point of trunking?

1 Accepted Solution

Accepted Solutions

Having read the complete discussion again I agree that both fa0/2 and G0/2 should be configured as trunks. The immediate problem is that G0/2 is configured as an access port. Once G0/2 is configured as a trunk then the switch part should be ok. If it still does not work then it would be either an issue with pfSense or with the WAP.

HTH

Rick

View solution in original post

18 Replies 18

Sounds like a pretty straightforward router-on-a-stick topology.

Have you configured your VLANs properly on the pfSense appliance?

What are you unable to do/connect to?

I'm unable to connect to the VLANs at all and the AP isn't handing out IPs. I think I have the router set up correctly, I've got 4 subnets total: LAN which is connected to my actual switch, no VLANs or anything complicated. Firewall rules allow LAN traffic everywhere

VLAN 10, 20 which is restricted

VLAN 99 which allows traffic everywhere.

DHCP server is set up for each subnet

 

This was working when I wasn't using VLANs on the Catalyst, I just had OPT1 instead of VLANs.

Sounds like a potential pfSense misconfiguation which would make this an inappropriate forum...

Lawrence Systems on YouTube has some thorough pfSense VLAN setup guides.

The switch configuration sounds correct, meaning the way you've implemented trunking on the pfSense and WAP links should be passing traffic from all VLANs configured on the Catalyst.

Hello,

 

can you post the output of:

 

show vlan

 

from the Catalyst switch ?

 

cisco>show vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi0/2
10   IOT                              active
20   LCHR                             active
99   MGMT                             active
100  BLACKHOLE                        active    Fa0/1, Fa0/3, Fa0/4, Fa0/5
                                                Fa0/6, Fa0/7, Fa0/8, Fa0/9
                                                Fa0/10, Fa0/11, Fa0/12, Fa0/13
                                                Fa0/14, Fa0/15, Fa0/16, Fa0/17
                                                Fa0/18, Fa0/19, Fa0/20, Fa0/21
                                                Fa0/22, Fa0/23, Fa0/24, Gi0/1
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        0      0
10   enet  100010     1500  -      -      -        -    -        0      0
20   enet  100020     1500  -      -      -        -    -        0      0

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
99   enet  100099     1500  -      -      -        -    -        0      0
100  enet  100100     1500  -      -      -        -    -        0      0
1002 fddi  101002     1500  -      -      -        -    -        0      0
1003 tr    101003     1500  -      -      -        -    -        0      0
1004 fdnet 101004     1500  -      -      -        ieee -        0      0
1005 trnet 101005     1500  -      -      -        ibm  -        0      0

Remote SPAN VLANs
------------------------------------------------------------------------------


Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------

 

 

 

I imagine I'm supposed to see ports assigned to the VLANs but for some reason I'm not despite the command: switchport trunk allowed vlan all for f0/2 and g0/2

The output of show vlan is helpful and shows that no ports are assigned to the vlans that you want to use. For those ports that will have  network hosts connected to them they should be configured as access ports (not trunk ports) and assigned to the appropriate vlan.

HTH

Rick

Hello
Is the psfence running the L3 addressing for the vlan 10,90,99
Have you created the L2 vlans on the switch for vlan 10,90,99
Do you have a trunk on the switch that's connecting to the psfence
What device is servicing dhcp

The AP can connect to he switch via a access port or trunk depending on if you want it to advertise ssid for a singe vlan of multiple vlans


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

show vlan is a good way to start figuring this out. I would also ask for the output of these commands from the Catalyst switch

show interface trunk

show interface status

HTH

Rick

cisco>show interface trunk

Port        Mode             Encapsulation  Status        Native vlan
Fa0/2       on               802.1q         trunking      1

Port        Vlans allowed on trunk
Fa0/2       1-99,101-4094

Port        Vlans allowed and active in management domain
Fa0/2       1,10,20,99

Port        Vlans in spanning tree forwarding state and not pruned
Fa0/2       1,10,20,99
cisco>show interface status

Port      Name               Status       Vlan       Duplex  Speed Type
Fa0/1                        disabled     100          auto   auto 10/100BaseTX
Fa0/2                        connected    trunk      a-full  a-100 10/100BaseTX
Fa0/3                        disabled     100          auto   auto 10/100BaseTX
Fa0/4                        disabled     100          auto   auto 10/100BaseTX
Fa0/5                        disabled     100          auto   auto 10/100BaseTX
Fa0/6                        disabled     100          auto   auto 10/100BaseTX
Fa0/7                        disabled     100          auto   auto 10/100BaseTX
Fa0/8                        disabled     100          auto   auto 10/100BaseTX
Fa0/9                        disabled     100          auto   auto 10/100BaseTX
Fa0/10                       disabled     100          auto   auto 10/100BaseTX
Fa0/11                       disabled     100          auto   auto 10/100BaseTX
Fa0/12                       disabled     100          auto   auto 10/100BaseTX
Fa0/13                       disabled     100          auto   auto 10/100BaseTX
Fa0/14                       disabled     100          auto   auto 10/100BaseTX
Fa0/15                       disabled     100          auto   auto 10/100BaseTX
Fa0/16                       disabled     100          auto   auto 10/100BaseTX
Fa0/17                       disabled     100          auto   auto 10/100BaseTX
Fa0/18                       disabled     100          auto   auto 10/100BaseTX
Fa0/19                       disabled     100          auto   auto 10/100BaseTX
Fa0/20                       disabled     100          auto   auto 10/100BaseTX
Fa0/21                       disabled     100          auto   auto 10/100BaseTX
Fa0/22                       disabled     100          auto   auto 10/100BaseTX

Port      Name               Status       Vlan       Duplex  Speed Type
Fa0/23                       disabled     100          auto   auto 10/100BaseTX
Fa0/24                       disabled     100          auto   auto 10/100BaseTX
Gi0/1                        disabled     100          auto   auto Not Present
Gi0/2                        connected    1          a-full a-1000 10/100/1000BaseTX SFP

gi0/2 looks like it's not a trunk. Can you only have 1 trunk port? My understanding if I want multiple VLANs on a port, it should be a trunk port, but it looks like the trunk mode was removed for some reason

Yeah, I found this video confirming all the steps I did were correct.


@ApathiaLol wrote:

gi0/2 looks like it's not a trunk. Can you only have 1 trunk port? My understanding if I want multiple VLANs on a port, it should be a trunk port, but it looks like the trunk mode was removed for some reason


Gi0/2, your pfSense link, needs to be trunked. That's a misconfiguration.

Does Fi0/2 need to be trunked too?


@ApathiaLol wrote:

Does Fi0/2 need to be trunked too?


The AP link can be trunked to carry all VLANs, yes. Not necessarily need to be. There are additional port configuration options to carry more than one but not all VLANs. (With even further additional configuration possible from there).

But for the topology you've indicated you're designing, short answer: yes. Both Fa0/2 and Gi0/2 should be trunked in order to properly pass traffic all the way up the 'stick' to the pfSense appliance which is performing your inter-VLAN routing.

We need information about what device is connected on which port.

 

The output of show interface status shows that only 2 ports have a connected device. fa0/2 is connected to something (but what ??) and is configured as a trunk. G0/2 is configured as an access port in vlan 1 (what is connected here??)

 

HTH

Rick
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: