VLANs challenge

DanF · Nov 15, 2023

I'm not a network guy, but I decided to improve my knowledge by getting myself a "nice" L2+ TP-Link switch (JetStream SG3428).

So, considering that this has some nice features, one of my first ideas was... why not use it as a DHCP server? Bright idea. Should be simple, create a VLAN on the new switch, create a DHCP pool, routing, and if everything works fine then we can move everyone from the modem to the switch and route everything at switch level. Just one or two VLANs to start with.

Wrong. Not that simple.

Setup:

VLAN 1 : 192.168.1.0/24 (same network as the modem's). Interface on switch: 192.168.1.110.
VLAN 2 : 192.168.2.0/24. Interface on switch 192.168.2.1.

Then I have a default route 0.0.0.0/0 dst 192.168.1.254 (modem).

Issues start here:

Ports assigned to VLAN 1, work brilliant. They get an IP (from the modem), and that's it. Communicate with other devices, access the internet.
Ports assigned to VLAN 2, get an IP from the switch's DHCP, but cannot ping/reach the modem, and of course nothing beyond that (i.e. no internet).

The idea was to set up a couple more VLANs, and do the usual trial and error work. But if only the default VLAN is able to go beyond the switch, then I might as well have gotten myself a cheapo dump switch. This surely has to be a mistake I'm doing, right? What is it?

Thanks

14049752 · Nov 15, 2023

Do you have the port the modem is on on VLAN2 as well?

DanF · Nov 15, 2023

14049752 said:
Do you have the port the modem is on on VLAN2 as well?

No VLAN settings on the modem

Or are you referring to the uplink?

In any case, the uplink (port 24) is on both VLANs as untagged, with VPID 1.

14049752 · Nov 15, 2023

Right, but what I'm getting at. On your switch, you have two vlans. Each port is assigned to at least one vlan. If you plug the modem into a port on (only) vlan 1, vlan 1 can communicate with it. If it's on a port with only vlan 2, only vlan 2 can communicate with it.

You can assign more than one vlan to a port, to allow it to pass traffic to devices.

edit: Ok, yeah. Wasn't sure if it was just the simplest solution or not. Can you post a pic of the configs?

DanF · Nov 15, 2023

14049752 said:
Right, but what I'm getting at. On your switch, you have two vlans. Each port is assigned to at least one vlan. If you plug the modem into a port on (only) vlan 1, vlan 1 can communicate with it. If it's on a port with only vlan 2, only vlan 2 can communicate with it.

You can assign more than one vlan to a port, to allow it to pass traffic to devices.

Yes it's on both VLANs, and untagged on both.

DanF · Nov 15, 2023

Yeah sure. VLAN 3 is the same as VLAN 2 (I created 3 and deleted 2 as a test).

Port 13 is the one I'm using to test, Port 24 is the uplink. And since I'm not a networking guru, I'm also attaching the route tables & interfaces, in case I did mistakes there.

Sky-Knight · Nov 15, 2023

DanF said:
I'm not a network guy, but I decided to improve my knowledge by getting myself a "nice" L2+ TP-Link switch (JetStream SG3428).

So, considering that this has some nice features, one of my first ideas was... why not use it as a DHCP server? Bright idea. Should be simple, create a VLAN on the new switch, create a DHCP pool, routing, and if everything works fine then we can move everyone from the modem to the switch and route everything at switch level. Just one or two VLANs to start with.

Wrong. Not that simple.

Setup:

VLAN 1 : 192.168.1.0/24 (same network as the modem's). Interface on switch: 192.168.1.110.
VLAN 2 : 192.168.2.0/24. Interface on switch 192.168.2.1.

Then I have a default route 0.0.0.0/0 dst 192.168.1.254 (modem).

Issues start here:

Ports assigned to VLAN 1, work brilliant. They get an IP (from the modem), and that's it. Communicate with other devices, access the internet.
Ports assigned to VLAN 2, get an IP from the switch's DHCP, but cannot ping/reach the modem, and of course nothing beyond that (i.e. no internet).

The idea was to set up a couple more VLANs, and do the usual trial and error work. But if only the default VLAN is able to go beyond the switch, then I might as well have gotten myself a cheapo dump switch. This surely has to be a mistake I'm doing, right? What is it?

Thanks

Based on the IP configuration above, your likely problem is in the cable modem.

You have your 2nd VLAN, you have a layer 3 switch that's assigning IP addresses. What that layer 3 switch is NOT DOING is NAT. And because it's not doing NAT, your upstream router has no route to the 192.168.2.0/24 network, which is causing unidirectional packetflow issues.

Get into your cable modem and create a static route for the 192.168.2.0/24 network, and aim it at the switch's interface on the .1 network, probably the 192.168.1.110 address listed above.

You will need to repeat this process for each IP network that lives beyond the router in the switch.

P.S. To be a pedant, and to help foster better communications please note...

A VLAN is a layer 2 object, a division in broadcast and collision domain.
An IP Network is a layer 3 object, a division in broadcast domain.

Your VLANs work perfectly, your IP Networking is broken, the two aren't the same and very often conflated.

P.S. The (JetStream SG3428) according to my googling doesn't support NAT at all, so if the cable modem lacks the ability for you to specify static routes, you're SOL this will never work.

DanF · Nov 16, 2023

Thanks for the explanation.

Yes the modem lacks the ability, it's very basic / locked down. I guess the only way is to replace the modem with my own device and bridge it.

EDIT: I'll probably start with a TP-Link ER605 to keep it simple and in the same eco system, then maybe in the future replace it with a pfSense box or something with more features.

VLANs challenge

DanF

Well-Known Member

14049752

Well-Known Member

DanF

Well-Known Member

14049752

Well-Known Member

DanF

Well-Known Member

DanF

Well-Known Member

Attachments

Sky-Knight

Well-Known Member

DanF

Well-Known Member

Similar threads