Re: VLAN Traffic issue between two Switches

Mike36 · ‎05-09-2024

Hello Everyone,

I have a Firewall and 2 Cisco Switches.

Opnsense Firewall (FW)
Cisco CBS350-8FP-E-2G (SW1)
Cisco CBS250-24T-4G (SW2)

The current topology is as follow.

Opnsense Firewall (FW)--->Cisco CBS350-8FP-E-2G (SW1)

All 4 VLANs are configured on the Firewall.
The trunk between the Opnsense Firewall (FW) and the Cisco CBS350-8FP-E-2G (SW1) works properly between both devices.
DHCP per VLAN are also provided by the Firewall
On the Cisco CBS350-8FP-E-2G (SW1) I’m able to assign VLAN to ports and I get the appropriate IP address and able to ping appropriate gateways.

I would like to add the CBS250-24T-4G (SW2) behind the Cisco CBS350-8FP-E-2G (SW1) and have all 4 VLANs propagate to CBS250-24T-4G (SW2). As follow.

Opnsense Firewall (FW)--->Cisco CBS350-8FP-E-2G (SW1)--> CBS250-24T-4G (SW2)

The issue that I’m having is a computer assigned any VLAN on the CBS250-24T-4G (SW2) are not getting ip address for the DHCP. I’ve tried via SFPs and copper.

Here is the configuration from both switches.

Cisco CBS350-8FP-E-2G (SW1)

interface vlan 1

ip address 192.168.1.2 255.255.255.0

no ip address dhcp

!

interface vlan 165

name Red

!

interface vlan 110

name Blue

!

interface vlan 240

name Green

!

interface vlan 301

name Yellow

!

interface GigabitEthernet10

switchport mode trunk

switchport trunk allowed vlan 165,110,240,301

CISCO CBS250-24T-4G (SW2)

interface vlan 1

ip address 192.168.1.4 255.255.255.0

no ip address dhcp

!

interface vlan 165

name Red

!

interface vlan 110

name Blue

!

interface vlan 240

name Green

!

interface vlan 301

name Yellow

!

interface GigabitEthernet24

switchport mode trunk

switchport trunk allowed vlan 165,110,240,301

I would appreciate some help

Thank you

balaji.bandi · ‎05-09-2024

how is your configuraiton of the port connected Opensese FW - can you post that config.

if the switches actiong Layer 2 then that should work - its bizzar , by the way what is the DHCP Server or opensese Server IP ?

try adding VLAN 1 also in the allowed list - on both the side trunks.(not required for testing).

switchport trunk allowed vlan 1,165,110,240,301

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Mike36 · ‎05-09-2024

the ports configuration on the OPNSense FW is done via the GUI but the trunk between the firewall and the SW1 works perfectly.

and the DHCP is done by the OPNSense FW.

by adding VLAN 1 on both side trunks, I now received a ip adresse from vlan but not from any other vlans.

now i'm puzzled...

balaji.bandi · ‎05-09-2024

Glad that all working now - i was also thinking STP priorities - SW1 should be always STP root for all VLAN to work.

check some reference :

https://www.cisco.com/c/en/us/td/docs/switches/lan/csbms/CBS_250_350/CLI/cbs-250-cli/spanning-tree-commands.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

MHM Cisco World · ‎05-09-2024

If the FW work as L2 FW then you need only allow traffic between to side udp 67/68

That it

MHM

Mike36 · ‎05-09-2024

thanks for reply

the firewall works as a L3 FW

Mike36 · ‎05-09-2024

I did some more testing, I've allowed all VLAN in the trunk configurations on both sides and I was able to received IP addresse from all VLAN on SW2

I've then changed the trunk configuration on both side to only allow VLAN 165,110,240,301 and everything works now

I'm even more puzzled but It works now

thanks for all your help