Struggling since changing the management VLAN
Hi All,
I changed the management VLAN across my estate to 90. The uplink ports are set to PVID90, tagged on all as we already have static devices on VLAN1 and I'd like to seperate them.
First lesson learnt, only use ZON on a port assigned to VLAN 90 otherwise you will have tons of issues with sub-interfaces on the wrong VLAN with the wrong IP.
All was sorted with the network of 53 switches, however I have just run updates against 7 of them. All went offline straight after the update.
One switch is connected to our XS3800 core (non-nebula) and I could see it's IP was 0.0.0.0 I changed the port it connected to, to VLAN 1 which then showed it's correct IP. I changed the port back to VLAN90 and it came online.
The other switches are connected to Nebula devices and all show the MAC address of the switch on the correct port but no IP details.
ZON does not show the switches, no matter which VLAN I run it from.
I can see the MAC address of the switches in the DHCP table, they seem to come online, try to get a DHCP address but then refuse to accept it.
There is a DHCP server running on both VLAN 1 and VLAN 90, the devices were all receiving IP addresses on VLAN 90 before they got updates.
The devices now show as "XS1930" on the DHCP server, whereas before there names would be registered.
I'm guessing an update actually completely resets the switch after it updates. My guess is that the switch ports are still assigned to the original VLANs and so it cannot communicate on VLAN1 and has got stuck, but I need a solution as half the switches ran our wireless and so APs are all down now.
Site is 3hours away, I think I'm going to have to visit, but I'm afraid that every time they update all switches will die!
Additionally, I can't find a manual for these switches, which console cable do I need please?
Additional details:
- We've had a lot of issues not using the default VLAN1 and the switches not picking up IP
- This is a new install, everything has only been online for around 3 days
- The switches are XS1930-52HP and XS1930-12HP
- Some switch uplinks are DAC others are fiber
This is the troubleshooting I've tried:
1) | Cannot see anything in the MAC table for the port |
|---|---|
2) | Cannot see the devices in ZON |
3) | Changed the downlink port to VLAN 1 |
4) | Can now see the MAC in the table for the port |
5) | Cannot see devices in Zon |
6) | Devices did briefly show correct IP address for VLAN 90 even though they’re on VLAN1 |
7) | Tried changing the port back to VLAN90 as access |
8) | Devices show in MAC table for the port and correct IP |
9) | Nothing in ZON and cannot browse the IP |
10) | IP addresses have now gone |
11) | The port then seems to die, it shows as up but you can’t see any MAC addresses attached. |
12) | If I disable the port, wait a minute or so, then enable the port shows the MAC address of the correct switch, but never shows on ZON nor gets an IP |
All Replies
-
I assume you're using XS3800 as a DHCP server on VLAN 1 and 90.
All was sorted with the network of 53 switches, however I have just run updates against 7 of them. All went offline straight after the update.
The switch changed the management VLAN from VLAN 1 to VLAN 90 causing the switch to reconnect to Nebula with a new management interface. I recommend only changing the switch management VLAN. PVID should not change to VLAN 90 or you will not get DHCP IP.
ZON does not show the switches, no matter which VLAN I run it from.
ZON will scan the VLAN to which the PC belongs. If you cannot find the switch on ZON, it might be because of the VLAN configuration. May I know which switch you cannot find on ZON?
I can see the MAC address of the switches in the DHCP table, they seem to come online, try to get a DHCP address but then refuse to accept it.
This might be due to the incorrect VLAN setting. Needs to check the VLAN settings are configured correctly.
Additionally, I can't find a manual for these switches, which console cable do I need please?
For XGS1930 and XS1930, you need a 4-pin console. However, the 1930 series does not support using CLI to configure.
To better help you solve this problem, please provide the configuration of the XS3800 and the privilege of this org/site. Also, I need a simple topology of this site with VLAN information for verification.
Zyxel Melen
0 -
Hi Melen,
I have a case logged with Zyxel - 77218919.
A restore on the switches brought them all back up when I was on site today.
Everything onsite is receiving a DHCP address on VLAN90 using PVID90 trunk all on the uplinks. Should it be PVID1 with the management VLAN trunked?
0 -
Apologies, it appears I have two Zyxel community names, both are me :-)
0 -
Thanks for the information. But since we don't have the configuration of your XS3800, I would like to clarify below:
- Are all downlink ports set to PVID 90?
- Are all downlink ports fixed to VLAN 90 and untagged?
Zyxel Melen
0 -
Hi Melen,
The switches that went offline were not directly linked to the XS3800, they actually connect to other Nebula switches (aside from one).
The XS3800 ports are all set to PVID90 with all VLANS trunked/tagged
- The uplink and downlink ports are both set to PVID90 - tagged on all
0 -
Thanks for the information.
I also checked the XS3800 configuration you provided in the ticket. Your configuration also works; however, in my experience, the easiest way to change the management VLAN, from VLAN 1 to VLAN 90, is only to change the management VLAN setting. (Path: Site-Wide > configure > Switches > Switch settings > VLAN configuration > Management VLAN)
The switch will fix the management VLAN (VLAN 90) on all ports with VLAN tagged. So, you don't need to change PVID to ensure the packets have the correct VLAN tag.
As I mentioned previously, when changing the management VLAN, the switch will reconnect to the Nebula server. In the meantime, if the VLAN setting on uplink devices has been changed, the switch may not get the correct IP address and show offline on Nebula CC.
Additionally, if you decide to change the PVID back to VLAN 1, you need to change the AP's VLAN setting from untagged to tagged and also need to change the VLAN 90's member ports on XS3800 from untagged to tagged.
Zyxel Melen
0
Zyxel Employee
Categories
- All Categories
- 397 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 81 Nebula Status and Incidents
- 5.1K Security
- 91 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 920 WirelessLAN
- 35 WLAN Ideas
- 5.9K Consumer Product
- 210 Service & License
- 337 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 2K FAQ
- 938 Nebula FAQ
- 425 Security FAQ
- 238 Switch FAQ
- 210 WirelessLAN FAQ
- 47 Consumer Product FAQ
- 139 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 62 Security Highlight
