GS1200-8HP v2 VLAN I'm not getting it (probably stupid mistake setting PVID on wrong port)

iorx

Hi,

As I said, not getting it

Port 4 has my ISPs WAN incoming connected.

In my world, that traffic should be possible to pick up on VLAN20 on the other ports, or?

Firewall connected to port 8 has it's interface tagged with VLAN20 which is WAN. LAN interface untagged.

VLAN30 and 50 are iot and guest VLANs.

So, anything more I need to do here?

Tried setting PVID on port 4 to 20 and lost all connection to the switch...

The goal is to have a "one port" firewall here with VLANs as interfaces.

PeterUK

What firewall do you have? can it do VLAN's? is your ISP by router or modem?

iorx

Hi, and thanks for answering.

ISPs equipment is some kind of fiber to copper, 4 ports. The port I'm utilizing right now, and with current firewall (apu3 with OPNsense), is bridged and I get a real internet address trough DHCP from them.

In my endeavor to reduce the number of machines I'm planning to consolidate a couple of Raspberry 3 with Dietpi and the firewall (apu3, OPNsense) under Hyper-V as guest.

Overly complicated maybe, but rather fun to setup as it becomes a very versatile little machine/environment . Done pretty much the same before but not with this switch. Had the exact same config running on another switch before coming to this one. GS1920-48HP Looking like this and worked like a charm with the below config.

Incomming untagged traffic from ISP WAN goes to port 50 in the above config.

The now! Firewall is very capable of VLAN, it's an OPNsense guest with three NICs on a Hyper-V host, Intel NUC i7; 219-LM physical NIC. The NIC is shared between the host and guests.

I've added three virtual NICs to the VM. LAN no tag, WAN tagged with 20; set on the VM-nic, and an GUEST tagged with 50. The guest operating system see them as ordinary NICs with no VLAN.

VM settings looks like this:

That became allot more explanation than I had planed for.

The original question still is if I went about this the right way with this switch.

VLAN20: all ports tagged except port 4 where ISP WAN is connected (same-same to me as I've done with the GS1920)

Shouldn't I be able to pick up the traffic from port 4 accessing any of the other ports with VLAN20 tagged traffic?

That is, untagged traffic in on port 4 goes out as tagged 20 on the other ports?

Brgs,

iorx

Thank you for answering!

I made a really long an explanatory reply here but it's was lost somehow.

So short and simple.

This is an OPNsense guest in Hyper-V which worked fine with a "looks like the same" config on a GS1920-48HP. Here ISP WAN is connected to port 50.

ISP provides a bridged/routed connection. I get a WAN address from DHCP.

Hardware is running Hyper-V Server 2022 is an Intel NUC i7; 291-LM NIC.

NIC is shared with the operating system in a Hyper-V switch, sw01

In the config on the GS1920 I had no problem picking up the incoming traffic with tagged traffic VLAN20, on this switch I can't.

So, shouldn't it work here too? Picking up traffic coming in on port 4  from any of the other ports using VLAN20 tagged connection?

Brgs,

iorx

Ohoh, found this. I've got PVID set on port 50 on my GS1920. Sorry!!! Missed that "detail".

So to accomplish the same on this GS1200 should be "same-same", but I lost all communication with the switch setting PVID to 20 on port 4.

So, again lost here.

For ref here is the config for the GS1920.

Columns: Port,Ingress Check,PVID,GVRP,Acceptable Frame Type,VLAN Trunking,Isolation.

iorx

Now I may have to be very ashamed! And apologize for wasting people time reading this.

It maybe be the very human factor messing things up by not being observant.

I "may" have looked at the config with crossed eyes... and set PVID on the wrong port!

PVID for port 3 lines up with VLAN ID 4... And port 3 have the access point I used to access the network, that explains the loss of all communication after setting PVID. Dhuh!

 

I'll leave this up here so you other can enjoy that "quick and wrong" action done here. I'm pretty confident that I get this working if I assign PVID to the right port.

No longer at the site. I'm not going forth with this as the equipment is there, don't want to jeopardize my access to the devices there.

I'll come back and confirm if I get a working config.

Brgs,

iorx

Yepp! It was me setting PVID on wrong port. Setting PVID to 20 on port 4 (the correct and corresponding VLAN configed pport ) works as intended. I now got my 1-port virtual firewall serving a 250Mbit/s fiber connection.

Thanks for listening!