FWG+ VLAN with Dell managed switch (x1052)
I just received my FWG+ and got everything up and working on a single LAN. Now I'm trying to isolate out my CCTV using a VLAN (10) on my x1052. I've tried everything I can think of but, using a test PC on a tagged port, I never even receive an IP.
Setup:
Modem->(port 4)FWG+(port 1-3)->(port 1-3)X1052
FWG+ config:
VLAN 10 on ports 1-3
IP address 192.168.10.1/24
X1052:
Trunk:
ports 1-3
All future VLANS (currently VLAN 1, VLAN 10)
PVID 1
Native VLAN 1
I've also tried General with similar settings but seeing same results.
I don't really know how to troubleshoot any further or if other information would be useful, but I'm happy to provide any other details or logs. just may need some direction on how to find them.
Thanks!
-
Thank you for your response. I’ll do my best to answer your questions:
I have a few questions:
Is your FWG+ running in router mode?
YesWhat LANs do you have defined on your FWG+, and how are they defined?
I ultimately want 4 VLANs: CCTV, IoT, WiFi and Guest. I started with CCTV as I expected that to be the most straightforward (no outbound traffic at all, very limited inbound)
I since I couldn’t get that working I’ve temporarily dedicated port 2 to a separate LAN (LAN 2) and put all CCTV equipment on a dumb switch on that port. I’d prefer to LAG and trunk all 3 ports to my managed switch to better manage throughput. But starting as simple as I can for now.Do you have a LAG defined for the FWG+ ports 1-3?
Not yet, but would like to get there
If so, do you have defined on the switch? N/AWas it working before you introduced the new VLAN network?
Everything works as long as I don’t use a VLAN (single or multiple LANs with corresponding routes and rules)Based solely on behavior and my very limited knowledge, it SEEMS like either the traffic isn’t getting tagged or the tagged traffic isn’t being sent to the trunk. Not sure how to pinpoint the failure further.
Thanks, again, for your help. Happy holidays!
-
You said you had 3 ports connected from the FWG+ to the switch, and they were all members of VLAN 10. I don't see how that can work without a LAG.
I would start with one connection between the FWG+ and switch, and configure it for your CCTV VLAN. Then, add another VLAN to the connection by adding it to your trunk port on the switch and creating a new VLAN network on the FWG+.
Add the LAG once you have a one port trunk working with multiple VLANs.
-
I thought I posted this question yesterday but I do t see it here.
Is the general rule that only one logical connection should be made for each network? So, I can use all 3 links as long as:
A) each connection is dedicated to a single network (LAN/VLAN), or
B) multiple connections assigned to the same network are correctly LAG’d on each side of the linkSpecifically, can you confirm that the following would be a good basic starting point to get a working VLAN:
FWG+
Port 1: LAN 1
Port 2: VLAN 10, PVID 1 default VLAN 1
Port 3: LAN 2X1052:
Port 1: LAN 1 uplink to FWG+ port 1
Port 2: trunk VLAN 10, uplink to FWG+ port 2
Port 3-12: LAN 1
Port 13-16: tagged VLAN 10Dumb PoE switch:
Port 1: uplink to FWG+ port 3
Port 2-8: CCTVThanks a ton
-
Firewalla does not have the concept of PVID, so port 2 would just be configured as VLAN 10.
On the switch, ports 13-16 should have PVID 10 and be untagged, unless the devices connected to those ports are expecting tagged traffic (which is unlikely).
This configuration gives you three separated Loans on the Firewalla. Is that what you wanted?
Please sign in to leave a comment.
Comments
5 comments