VLAN passthrough problem

Options
geoffroych
geoffroych Posts: 3 image  Freshman Member
First Comment Friend Collector
in Switch

Hello everyone,

I'm having trouble with my GS1920. I've connected it to my firewall (which also handles DHCP) on port 28. I've configured the VLANs on both the firewall and the GS1920. However, when I set port 28 as PVID on VLAN 1 (managed by my firewall) and as trunk, with a fixed no-tagging for port 28 on VLAN 1 and a fixed tagging for the same port on VLAN 77, have I misconfigured something? The switch isn't getting an IP address on VLAN 77; I have to connect to it via a different port on VLAN 1. I think I've tried everything (VLAN 1 tagged/untagged, VLAN 21 tagged/untagged, PVID 1 or 21, trunking on or off, and management VID 1 or 21), but I can never get an IP address on my VLAN 77. However, when I check my firewall logs, I do see packets being sent to VLAN 77, but never any response (even when I assign a static IP address to VLAN 77 on the switch).

Thanks in advance for your help 🙏🏻

All Replies

  • XiLeiHaLo
    XiLeiHaLo Posts: 16 image  Freshman Member
    First Comment First Answer Friend Collector Fourth Anniversary

    Have you changed the MGMT VLAN ID in IP Setup page to VID 77?

  • Zyxel_Tina
    Zyxel_Tina Posts: 701 image  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Switch 100 Answers 500 Comments
    edited March 4

    Hi @geoffroych,

    As you mentioned seeing "packets being sent to VLAN 77, but never any response" on your firewall, could you please first confirm the following so we can better assist you:

    Firewall Configuration Check

    • VLAN 77 Interface: Ensure your firewall has a dedicated VLAN interface for VLAN 77. This interface should also serve as the DHCP server for that subnet.
    • Tagging on Firewall Port: The firewall port connected to the GS1920's port 28 should be set as a trunk port that sends/receives tagged traffic for VLAN 77 (and untagged/native for VLAN 1 if that's your management VLAN).

    DHCP and Traffic Verification

    Your GS1920 port 28 setup (trunk with VLAN 1 untagged/PVID 1 and VLAN 77 tagged) is correct. Please verify:

    • Your firewall's DHCP server is enabled for the VLAN 77 scope with available IPs in that subnet.
    • Firewall rules do not block the traffic.

    Additionally, please provide:

    • Screenshots of the GS1920 VLAN configuration
    • Your firewall model and screenshots of its VLAN 77 interface config (if it's a Zyxel device).
    • Details on which specific DHCP packets you're seeing (or not seeing) in the logs for VLAN 77. This will help us identify where communication is dropping in these four stages: Discover → Offer → Request → Ack.

    Zyxel Tina

Categories

Switch Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)