VLAN configuration and routing with powerconnect 2848 - PowerConnect Forum - Network Switches - Dell Community

VLAN configuration and routing with powerconnect 2848

Network Switches

Network Switches
Information and ideas on Dell PowerConnect network switch solutions.

VLAN configuration and routing with powerconnect 2848

This question has suggested answer(s)

Hello all and thanks in advance for taking the time to give this some thought.  I have 6 switches that supply network connections to 6 wireless access points to provide an enterprise and guest wireless network in a fabrication plant.  I have set them up according to some good instructions I have found both in this forum and in the Dell documentation.  I cannot seem to get it to work as expected though...  : /

The setup is as described below:

6 access points (Netgear WNDAP 350) each connected to a 24 port Dell powerconnect 2848 switch on port 1.  Each access point hosts an enterprise secured wireless network and a guest secured wifi network.  The guest wifi is assigned the vlan ID of 30 for guest wifi traffic segregation.

6 Dell powerconnect switches 10.0.0.240-245 each members of vlan 1 (default with 10.0.0.xxx ip addresses) and vlan 30 (guest wifi with ip addresses of 192.168.30.xxx).  Port 1 is an untagged member of vlans 1 and 30.  Each switch has two fiber connections which run back to a core switch in the server room.  The fiber connections are tagged members of vlan 30.  I could not set them as tagged members of vlan 1 but vlan 1 traffic still flows without issue.  All other ports are untagged members of vlan 1.

The 6 dell switches connect back to 2 core switches via the fiber connections. Core2 handles 3 of the 6 fiber connections coming in and uplinks to core1 with a patch cable.  Ports 45-47 (fiber) are tagged members of vlan 30.  Port 48 (Ethernet) is a tagged member of vlan 30 and links to the core1 switch. Core2, port 48 -> Core1, port 22  All other ports are untagged members of vlan 1

Core 1 handles the remaining 3 fiber connections and links to the sonic wall firewall.  The 3 fiber connections are tagged members of vlan 30,  along with ports 22 (links to core2 switch) and port 24 which links to the sonic wall.  Ports 22,24, and the 3 fiber connections are tagged members of vlan 30.  All other ports are untagged members of vlan 1

All tagged ports on any switch are set to accept all frames.
All the switches mentioned above have a vlan ip of 10.0.0.2xx and have a default gateway of 10.0.0.254 assigned in their IP address configuration.  None are layer 3 or have any routing capabilities.

The sonic wall has a sub interface created on the physical interface to which the core1 switch is connected.  The ip of the sub interface is 192.168.30.254 and is assigned the vlan value of 30.  DHCP is set up in the sonic wall on this sub-interface to hand out a 192.168.30.100-199  address.

When connected to the enterprise wireless via the netgear AP's all traffic flows fine and internet access works.  When connected to the guest wireless no traffic flows and no IP address is assigned.  Even when using the AP to hand out a DHCP assigned address on the guest wifi network traffic still does not flow or even seem to reach the gateway 192.168.30.254.  Manually assigning an IP address to the wifi interface does not work either.

When trying to use the DHCP from the sonic wall it times out and the wifi interface assigns itself a private ip of 169.254.xxx.xxx
Not sure what I'm missing here but there seems to be a lack of layer 3 info or a way for DHCP (or any traffic for that matter) to reach the gateway.  I found a post which sounded very similar to my issue where the fix was to disable STP on the 2848 switches but this did not solve my issue.  Any help or insight is much appreciated!

Thank you!

Ash



All Replies
  • Is it possible for you to provide a diagram layout of your setup?

    Can you set a static IP on one of the devices that is not pulling an IP from your DHCP server on the Sonicwall?  Then try to ping the Sonicwall subinterface for that VLAN/subnet.  This can verify that we have full connectivity to the subinterface.  If unsuccessful then we need to break it down and see where the disconnect is located.

    Trace route would be a good tool to see how far the communication is getting and help isolate any disconnects in the path.

    We may need to even take a look at the switch configs at least on the interfaces that are connecting between each switch.

    What model are the 6 dell switches and the core switches?

    There are command options that help forward DHCP traffic across subnets that we can take a look at.

    Hope this helps get

    Get Support on Twitter @DellCaresPro

    Download the Dell Quick Resource Locator app today to access PowerEdge support content on your mobile device! (iOS, Android, Windows)

  • Thanks for the reply Willy.  I will try to whip up a diagram for use in troubleshooting, but in the mean time I have some answers to your questions.

    I did set a static IP on my laptop wifi interface and connected to the guest wireless network but still could not get internet access.  Pings and tracert to the sonic wall failed with either a timeout or destination host unreachable.  A ping and tracert while on the enterprise wireless network succeeds, yet the only hop shown in the tracert is straight to the sonic wall (.254).

    All the switches are powerconnect 2848's.  The 6 on the plant floor are 24 port versions and the 2 core switches are 48 port versions.

    When you say switch config, do you mean a running config as seen from a command line or just in general from the web UI?

    Ill work on that diagram and put it up somewhere.

    Thanks!

    Ash

  • Also, while I'm still thinking about it,  would making port 1 on the 6 switches a tagged member of the 30 VLAN help?  The access point is connected via port 1 on each switch but traffic to both vlans runs through this port.  If port 1 is removing tags from all traffic then wouldn't it cause problems with the AP's ability to properly identify which traffic belongs on which network?  Just a thought but it seems to make sense to me.

    Thanks again!

  • I would agree you will want port 1 to act as a trunk and carry all tagged traffic across the connection.

    If you are getting a "Destination host unreachable" response when connected with a laptop statically set to VLAN 30 subnet range, it may be possible that the Sonicwall does not have a route in it's routing table back to the VLAN 30 subnet.  It will need a route defined in order for traffic to travel back to the 28xx switch level.

    Get Support on Twitter @DellCaresPro

    Download the Dell Quick Resource Locator app today to access PowerEdge support content on your mobile device! (iOS, Android, Windows)

  • I am returning to this customer site today and will try these changes and report the status after.  Thanks again for your help!