Vlan issue

[quinnlaup]

Hi,
I've been experimenting with vlans in a lab i've built. At this point i would like to make it clear that i have a basic understanding of vlans so please understand if i use the wrong terminology. My lab is using the following equipment:

• Watchguard router
• TP link switch
• Unifi switch
• Unifi AP
• Old server

So i created vlans on separate interfaces of the watchguard for:

• Corporate lan traffic
• Guest wifi
• Voip system

Of the three vlans i have created the corporate network is the only one where DHCP is not running on the router but instead on my server.

I created my trunk ports between the two switches and also created some access ports on the TP link switch. I created the access ports by tagging the ports in the vlan and then changing the PVID's of the ports. For example my corporate network is using vlan 16 and i then changed the PVID on ports 4-45 to 16. Everything seemed to be working great and i could get an appropriate ip address when i connected to different ports on the TP link switch which were tagged in the different vlans.

One thing i noticed however is when i connect a printer to a port with a PVID of 16 it wont get a DHCP address from the old server which is providing DHCP for this network. If i manually enter an ip address on the printer it still will not connect and cannot be pinged. If i connect the printer to another interface which has a differnet vlan then the printer gets an address. The next thing i tried was to tag a port on the unifi switch into my corporate vlan and to my surprise it gets an ip from my server. It seems the unifi switch is handling the vlans differently to the tp link switch? I think it might be to do with the way i created my access ports but i'm not sure if i have missed a setting somewhere along the way. I would really appreciate any suggestions you may have. Thanks for taking the time to read this.

regards,

 

[YeOldeStonecat]

It's the end of the day so my eyes are shot and my brain fried so my reading comprehension is worse than normal. To recap what I interpret you're saying, you have a TP Link switch, guessing a 48 porter as you mention ports 4-45 are set for VLAN 16. And I'm guessing you have 1-3 set to other VLANs, and 46-48 set to yet another VLAN?

So if you plug something into ports 4-45...they do not get an IP from your Windows server?
But if you plug something into ports 1-3 or 46-48..they get something from whatever runs DHCP for those? I take it it's ETH interfaces on the WatchGuard running DHCP for some different IP ranges. Like ETH0 is your WAN, ETH1 may be for this office network with no DHCP but running 192.168.10.0/24. And ETH2 for a second network, DHCP enabled running 192.168.20.0/24, and ETH3 for the 3rd internal LAN, DHCP enabled running 192.168.30.0/24.

I'm not up on how TPLink handles VLANs, but typically if youre firewall can tag VLANs to a port you can leave the ports that uplink from the switch tagged. Or..you can just not do VLANs on the ETH of your firewall..and untag the port on the switch you uplink to it.

I try to exclude other VLANs from ports dedicated for a LAN, instead of having it tagged for many VLANs ..leaving multiple taggings for uplinks to other switches.

Ubiquiti Unifi controller REALLY makes it easy...the beauty and power of it shine when you have Ubiquiti Unifi hardware in the whole technology stack...from the gateway, to the switches, to the APs. Whipping up VLANs is insanely easy.

Mixing hardware brands...doesn't always work. Some brands handle it differently than others....so you can sometimes get weird results.

 

[quinnlaup]

Thanks for your reply Stonecat. So it was pretty late last night when i created this thread and i actually forgot about one untagged vlan which i also setup. I called this my mgmt vlan and my thinking was to give my equipment switches, cloudkey and waps etc addresses which could not be accessed by simply plugging into the corporate lan. It has a vlan id of 8 and is setup on Eth1 (192.168.8.0/24). This vlan has dhcp enabled on the router. You're assumptions are largely correct. Eth0 is wan in Eth1 is as mentioned shared between the untagged mgmt vlan and the corporate lan vlan id 16 (192.168.16.0/24) with dhcp running on the server. Eth2 is guest wifi with dhcp running on the router vlan id 172 (172.16.1.0/16). Eth3 is for voip again dhcp is running on the router vlan id 10 (10.0.1.0/24).
What i should have made clear is that on the ports which i have set the PVID to 16 i can plug either a laptop or pc into them and they will get an ip from my dhcp server. But if i plug a printer into the same port i cant get an ip. Also if i set the ip on the printer manually the printer cant be pinged. So my query is why can a pc/laptop get an address but yet a printer cant? Even though its the same port?

Sent from my SM-G920F using Tapatalk