Setting up vlan trunk

  • 1
  • 2
  • Problem
  • Updated 1 month ago
  • Solved
Hello all,

I want to start by stating that I am new to Extreme and managed switches for that matter. I am having trouble getting a vlan to work with my setup and I know its lack of knowledge that is getting me stuck on this issue.

Scenario: I have a Ubiqtuiti USG and 2 Ubiquiti AP's. I have 2 SSID's running on them. One is the main network and the other is guest. I have the main network not vlan tagged and its working as it should. The problem is that I can't get the guest network running as it should on vlan 10 and with it in an unmanaged switch it is fine, but when I add it to the managed extreme 450e-48p it wont even hand the IP out. My main network is on 10.0.0.0/8 and my guest network is on 172.168.15.1/16.

What I have done:
create vlan guest
config vlan guest tag 10
config vlan guest add port 17 tagged    (ports the AP is plugged into)
config vlan guest add port 18 tagged      <^



Thank you in advance and if I am missing anything that needs to be here to figure this out, let me know and I will post it.

Thank you
Photo of Ryan

Ryan

  • 132 Points 100 badge 2x thumb

Posted 1 month ago

  • 1
  • 2
Photo of Eric Burke

Eric Burke

  • 3,082 Points 3k badge 2x thumb
Ryan, can you send a copy of your overall config as well as a "sho port vlan" and "sho port 17-18 info det"?
Photo of Eric Burke

Eric Burke

  • 3,082 Points 3k badge 2x thumb
Also, are you tagging the SSID in the Unifi controller for your guest network with V10?
Photo of Eric Burke

Eric Burke

  • 3,082 Points 3k badge 2x thumb
Should look something like this...  
Photo of Eric Burke

Eric Burke

  • 3,082 Points 3k badge 2x thumb
Mine is show above using 68 for my guest network...
Photo of Ryan

Ryan

  • 132 Points 100 badge 2x thumb
X450e-48p.27 # show vlan
---------------------------------------------------------------------------------------
Name            VID  Protocol Addr        Flags                Proto  Ports  Virtual
                                                                      Active router
                                                                      /Total
---------------------------------------------------------------------------------------
Default         1    10.0.1.254     /8   -----------T------------ ANY    9 /50  VR-Default
guest           10   172.168.255.254/16  ------------------------ ANY    2 /2   VR-Default
Mgmt            4095 -------------------------------------------- ANY    0 /1   VR-Mgmt
---------------------------------------------------------------------------------------
Flags : (B) BFD Enabled, (c) 802.1ad customer VLAN, (C) EAPS Control VLAN,
        (d) NetLogin Dynamically created VLAN, (D) VLAN Admin Disabled,
        (E) ESRP Enabled, (f) IP Forwarding Enabled,
        (F) Learning Disabled, (i) ISIS Enabled, (L) Loopback Enabled,
        (l) MPLS Enabled, (m) IPmc Forwarding Enabled,
        (M) Translation Member VLAN or Subscriber VLAN,
        (n) IP Multinetting Enabled, (N) Network Login VLAN, (o) OSPF Enabled,
        (O) Flooding Disabled, (p) PIM Enabled, (P) EAPS protected VLAN,
        (r) RIP Enabled, (R) Sub-VLAN IP Range Configured,
        (s) Sub-VLAN, (S) Super-VLAN, (t) Translation VLAN or Network VLAN,
        (T) Member of STP Domain, (V) VPLS Enabled, (v) VRRP Enabled,

Total number of VLAN(s) : 3
X450e-48p.28 #


 

how can I send you the .cfg?
(Edited)
Photo of Eric Burke

Eric Burke

  • 3,082 Points 3k badge 2x thumb
just issue a "show conf" and log the output (using putty / telnet)
Photo of Eric Burke

Eric Burke

  • 3,082 Points 3k badge 2x thumb
BTW: where does vlan 10 go, meaning what's routing that vlan out to the internet (or your intended destination)?
Photo of Ryan

Ryan

  • 132 Points 100 badge 2x thumb
Sorry, Thought you meant you wanted the whole .cfg file. Still a noob here.

vlan 10 is just routed to the USG and pointed to the internet. its strictly a guest network from AP to net. The IP is handled through the USG itself.

X450e-48p.35 # show config
#
# Module devmgr configuration.
#
configure sys-recovery-level switch reset

#
# Module vlan configuration.
#
configure vlan default delete ports all
configure vr VR-Default delete ports 1-50
configure vr VR-Default add ports 1-50
create vlan "guest"
configure vlan guest tag 10
configure ports 17 auto off speed 100 duplex full
configure ports 49 auto off speed 10000 duplex full
configure ports 50 auto off speed 10000 duplex full
configure vlan Default add ports 1-50 untagged
configure vlan guest add ports 17-18 tagged
configure vlan Default ipaddress 10.0.1.254 255.0.0.0
configure vlan guest ipaddress 172.168.255.254 255.255.0.0

#
# Module fdb configuration.
#

#
# Module rtmgr configuration.
#
configure iproute add default 10.0.0.254

#
# Module mcmgr configuration.
#

#
# Module aaa configuration.
#

#
# Module acl configuration.
#



configure access-list zone SYSTEM application NetLogin application-priority 3
configure access-list zone SECURITY application GenericXml application-priority 2

#
# Module bfd configuration.
#

#
# Module cfgmgr configuration.
#

#
# Module dosprotect configuration.
#

#
# Module dot1ag configuration.
#

#
# Module eaps configuration.
#

#
# Module edp configuration.
#

#
# Module elrp configuration.
#

#
# Module ems configuration.
#

#
# Module epm configuration.
#

#
# Module esrp configuration.
#

#
# Module ethoam configuration.
#

#
# Module etmon configuration.
#

#
# Module exsshd configuration.
#

#
# Module hal configuration.
#

#
# Module idMgr configuration.
#

#
# Module ipSecurity configuration.
#

#
# Module lldp configuration.
#

#
# Module msdp configuration.
#

#
# Module netLogin configuration.
#

#
# Module netTools configuration.
#

#
# Module poe configuration.
#

#
# Module rip configuration.
#




#
# Module ripng configuration.
#

#
# Module snmpMaster configuration.
#

#
# Module stp configuration.
#
configure mstp region 00049620b3ee
configure stpd s0 delete vlan default ports all
disable stpd s0 auto-bind vlan default
enable stpd s0 auto-bind vlan Default

#
# Module telnetd configuration.
#

#
# Module tftpd configuration.
#

#
# Module thttpd configuration.
#
enable web http
(Edited)
Photo of Eric Burke

Eric Burke

  • 3,082 Points 3k badge 2x thumb
Looks okay. I don't see any other ports in V10, so there's nothing to route traffic from those two AP's from the 172.x network out to the internet. If you attach to the AP via the guest ssid and issue a "show fdb port 17-18", you should see the mac address of your device listed in the proper vlan. If that's correct, then your issue is more likely getting out via the firewall or router (which will also have to be able to see both your default, untagged network and your guest network. Does that make sense? What are you using for the router?
Photo of Ryan

Ryan

  • 132 Points 100 badge 2x thumb
Makes sense I think. If I take out the extreme switch and plug into my trendnet unmanaged switch it works fine. I am using the unifi USG as the gateway and I have a windows 2012 R2 as my DHCP server for the 10.x network. The USG is running the full guest route. 
(Edited)
Photo of Ryan

Ryan

  • 132 Points 100 badge 2x thumb
When I connect to the guest SSID I get a bad IP 169.254.x.x address immediately.
Photo of Eric Burke

Eric Burke

  • 3,082 Points 3k badge 2x thumb
Which port goes to the USG? Add that port to v10 tagged too. I’m assuming that’s the way it’s setup. It’s probable that the trendnet just passes all vlans to all ports by default (especially if it’s not vlan-aware). The extreme will strip the tag when the traffic comes into the port, look up the other members of that vlan and then send the pack out those ports (tagging those which are are not set to the that vlan as a default/access vlan). 
Photo of Ryan

Ryan

  • 132 Points 100 badge 2x thumb
You are a genius! I just didn't add the port for the USG into the vlan tag. IT WORKS NOW!!!! Thank you so much!!!!
Photo of Eric Burke

Eric Burke

  • 3,082 Points 3k badge 2x thumb
Cool - glad it worked! Please mark this thread as "helpful" if you don't mind! Have a great weekend...
Photo of Eric Burke

Eric Burke

  • 3,082 Points 3k badge 2x thumb
(don't forget to "save" in the CLI to keep your changes)
Photo of Ryan

Ryan

  • 132 Points 100 badge 2x thumb
Sure did. Thanks again have a good one!
Photo of Mrxlazuardin

Mrxlazuardin

  • 1,534 Points 1k badge 2x thumb
Hi Ryan,

Since your DHCP server is not on the same VLAN with Guest, you should put DHCP relay on Guest VLAN and make same adjustment on your DHCP server to support DHCP relay.

Best regards,
Photo of Ryan

Ryan

  • 132 Points 100 badge 2x thumb
That sounds like a great idea! I intend to have my DHCP server handle all IP addressing, but for now I just needed to get it working. Thanks!