VLAN Trunk issue with CRS-125 and RB100AHx2

jamesw · July 4, 2017, 12:25pm

Hi guys. I’m coming up against an issue but I’ve exhausted my understanding on the topic.

Basically, we have 14 x CRS125 switches all handing traffic from the patch panels. We set most of the ports on these switches to VLAN 10 using the Ingress VLAN table. We also have a couple of ports on each switch that have a different VLAN, 20 or 30 etc. On each switch, all 24 ports are a slave of the master port (SFP), and I have all egress VLAN ID’s set. (Image 1)

All 14 switches are plugged in to ports 1-14 on another CRS125 (the “uplink switch”), and this then uplinks to port 10 of the RB1100AHx2 via it’s SFP port (which also trunks the VLAN IDs). On port 10 of the RB, we have the same VLAN IDs set.

Now, at this stage, it is working. A client is being placed on the correct VLAN from whatever switch they are plugged in to, so I know the ingress vlan is setting the tag and its being trunked via the SFP port.

However, I am trying to get our wireless access points (and anything else that passes a VLAN ID in the trunk uplink) to work properly. We have 3 SSID’s and each SSID has a different VLAN ID (10, 30 and 40). The access point is plugged in to a port on one of the 14 switches, and I have also set the egress VLAN ID’s on that port too. (Image 2).

Now, when a user connects to the SSID, they do not get an IP from the RB. So, somewhere, the VLAN trunk ID is not getting through to the RB.

I am not using (or hope not to have to use) bridging on the RB - I want to use the native switch for VLAN so I can get better performance. The config on the RB is (Image 3).

Topology is shown in Image 4.

Could anyone advise what I am missing, or any suggestions?

I would really appreciate it.

Thanks

James

jamesw · July 4, 2017, 1:52pm

Image 4 (Topology) attached
Network Topology.jpg

jamesw · July 5, 2017, 7:04am

Really hoping for some help so I can kick-start our network I’m sure its just a setting or tweak required. Or, is there just no way at all without using a bridge? (I am only using a single trunk port on the RB - eth10), so don’t really want to have a bridge with one port and force software routing…

Thanks

kamillo · July 5, 2017, 7:42am

Hi,

The access point is plugged in to a port on one of the 14 switches, and I have also set the egress VLAN ID’s on that port too. (Image 2).

Did you add eth9-meraki… port to relevant VLANs (Vlan tab on your Image 2)?

jamesw · July 5, 2017, 8:54am

On the CRS125 switch its plugged in to, or the RB1100? I have eth9-meraki listed in the egress table, so it should just pass those VLAN IDs to SFP1 (which connects to ether10 on the RB), and then the DHCP server on the RB.

Am I supposed to add the VLANs to the VLAN tab also (to trunk traffic upstream?)

Thanks

kamillo · July 5, 2017, 9:09am

You need to configure a port you plugged your AP to as a trunk port for vlan 10, 30 and 40 (I’m assuming this will be a port on one of your 14 switches). Since your vlans are working OK with a cable connection I’m assuming your uplink switch and RB and configured correctly.

jamesw · July 5, 2017, 9:36am

I thought setting the egress vlan tag makes it trunk the vlan id to the ports added? See attached screenshot.

Looking on the RB, I can see the DHCP request comes in to the correct DHCP server (thus correct VLAN), and a lease is offered, but it’s not taken. I can also see the correct VLAN ID in the Torch tool, suggesting that the VLAN ID is getting through the switches to the RB. Sounds like the RB is not pushing the VLAN traffic back up to the switch and then client?

Thanks

kamillo · July 5, 2017, 9:45am

Setting egress is not enough. When you switch to “vlan” tab (the first to the left of “eg. vlan tag”- as on the last image you send), what can you see there?

jamesw · July 5, 2017, 10:11am

Actually, your points made me check something. On the uplink siwtch, I only had “sfp1” as an egress vlan. So, although it passed vlan ID’s down to the RB, it was not allowing it back up to the 14 switches. I have now added all vlan id’s to all switches in the egress vlan on that uplink switch and I think it’s working!

Before, it was just set to tag the SFP uplink. Now, it allows the tag to reach all swiches.

See attachment now…

Does that make sense?

jamesw · July 5, 2017, 10:48am

Another question… if I am only using 1 port as the trunk port on the RB1100AHx2, is eth10 (part of switch1) faster/better than just using eth11/12/13 which are directly connected to the CPU?

Would there be any benefit?

Thanks