cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2182
Views
0
Helpful
5
Replies

SR520-FE and creating Vlan

ritsscisco
Level 1
Level 1

Hello,

Recently I bought a SR520-FE. And it works fine untill I do the following…

Setup is as follows:

Vlan 75 DHCP enabled with 192.168.22.x

Vlan 70 DHCP enabled with 192.168.75.x

When I create a second Vlan with number 70 on the sr520 and “connect” it to FE1 together with a second DHCP scoop with IP range 192.168.75.x, and I create a second Vlan on my switch and connect this to the SR520, see the picture then al the systems in the network are unable to connect to the internet.

What am I doing wrong.

Thanks for you help.

Ruud

network layout.jpg

5 Replies 5

David Hornstein
Level 7
Level 7

Hi

looks acceptable.

I guess client plugging into vlan 2 on the switch  are gettting  DHCP scope of 192.168.75.x  ?

I guess that Switch port FE1  on the SR520 is configured as a untagged or mode access port  ?  (it has to be)

I guess you have a NAT and firewall setup for this new interface on the SR520 ?

I guess you have set the switch ports leading to the SR520 as access (non tagged) ports ?

I must admit I personally prefer to have a tagged uplink going from a switch to a tagged port on the router.

The defaults vlan on the switch and router being untagged , whilst subsequent vlans are tagged .  But I guess from your description you don't have a spanning treee loop or broadcast storm  in the switch. But the thing you lack is client in vlan2 being able to access the internet.

My approach might be to;

Step 1. simplify the network and only use the router

  You have two vlans on the router,

When you plug a PC in the router ports , default VLAN and VLAN  70, do the PCs get  different allocation of DHCP scopes, or to word it another way do they get a IP address from 192.168.22.x  and 192.168.75.x respectively ?

Step 2.  Can these PC ping a internet IP address ?

Step 3.  Can the PC ping a URL or bring up a web page or can the PC's resolve DNS addresses ?

Yes  - then problem is most likely in the switch configuration.

no - Nat and firewall or ACL list may be setup correctly.

Let's see some of the answers to these questions.

Could be interesting to capture a show tech on the SR520-FE, and post it  (maybe hide the WAN IP address)

regards Dave

Hi Dave,

Thanks for your reply.

For your point of view, the client are connecting to Vlan 1 on the switch and getting an IP form the range 192.168.22.x.

As default, all the ports on the SR520 are tagged as smart ports. I've configured FE1 as a port which is connected to a switch... and did nothing els to the other ports on the router.

I don't understand this line: I guess you have set the switch ports leading to the SR520 as access (non tagged) ports

What do you mean with it?

I'll post ASAP the show tech of the router.

Thanks again,

Regeards,

Ruud

Hi,

When you choose the Switch Smart Port mode, it configures the port as a VLAN trunk.  In this mode, the port can handle traffic without VLAN tags - in what is called the native VLAN and tagged frames, which belong to VLANs.

I suggest that you only use the cable connected to FE1 as Dave suggests - loose the other one - and ensure the port on the switch to which it is connected is configured as a trunk too (with the same native VLAN at both ends).

HTH

Andy

ritsscisco
Level 1
Level 1

Hello,

It’s maybe a strange question, but is it possible to post or give me a drawing of your explanation.

That's probable more easier for me to understand

kind regards,

Hi ritsscisco

I was talking about doing something like the following;

to put it in simple terms , have the red and blue vlans leaving my SR520 down a single cat5e cable  leading to the OEM managed layer 2 switch.

Vlan 75 being the native untagged vlan on FE1  whilst the new vlan called Vlan 70 is tagged coming out of FE1.

On the OEM switch the port coming from the SR520  should allow untagged packets as well as be configured to accept tagged packets from VLAN 70.

On the OEM switch you will have type types of ports configured

ports 1 to 20 and port 23  untagged ports in the switch default vlan

ports 21,22,24  untagged ports in vlan 70

port 23 tagged port in vlan 70  the following table might help

You should be able to configure this on the SR520 by configuring the E1 port as a switch port role via smart ports.

( My SR520 is on loan so can't configurate this via CCA to test it out )

To configure the OEM switch show them this posting if you can't configure the OEM managed switch yourself.

regards Dave

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: