Cannot access VLAN across Mesh
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Hey all. I have 2 networks, 1 for IoT and 1 for everything else (including device mgmt because I'm lazy). I have the ER605 V1, 3 EAP245 V3s, 2 non PoE Omada switches, and 1 PoE Omada switch (all running the latest firmware). I'm using the APs to create a mesh in the house to avoid running cables so 2 switches are hanging off of the mesh.
I use the software controller to assign the ips of all of my clients vs configuring the clients themselves. I'm able to assign specific clients IPs on both networks fine if they're wireless clients or connected to the main switch that is directly connected to the er605. If I try to assign a client an ip to the IoT network on a switch that is hanging off of the mesh, it will not work. I also tried configuring the client to use an available ip from the IoT network and it just never comes online and dies. I verified that if i use the software controller to assign those clients IPs on the main network, it'll work fine.
I recall that there used to be DHCP issues with the er605 v1, but that had been fixed in the latest firmware update. Anyone aware of any issues trying to assign ips on different networks across the mesh?
Topology:
ER605 --> ethernet --> non PoE Switch1 --> ethernet --> Root AP.
Root AP --> wireless mesh --> Mesh AP1 ---> ethernet --> non PoE Switch2.
Root AP --> wireless mesh --> Mesh AP2 ---> ethernet --> PoE Switch1. This is the switch that I'm trying to assign clients ips from the IoT network
Summary: Wireless clients are able to be on the IoT network. Wired clients NOT on the mesh are able to be on the IoT network. Wired clients ACROSS the mesh are NOT able to be on the IoT network.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi, have you checked if there is a loop in your network? Did you enable loopback detection on the managed switch?
If you keep the ER605's firmware version is the latest, it won't exist the DHCP issue, mine is perfectly working in this aspect.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
@Virgo I turned off loopback detection on the switch that the clients are in question on and no change. I did NOT turn it off on the rest of the network. Here is the show run from the switch that has the clients configured for the IoT network, but retain the ip on the network for everything else. Yes, there is a third network (vlan 30) that is used for 2 other PCs that are not part of the issue.
TL-SG2008P>enable
TL-SG2008P#show run
!TL-SG2008P
#
vlan 10
#
vlan 20
#
vlan 30
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
Press any key to continue (Q to quit)#
#
#
#
location ""
contact-info ""
ip management-vlan 10
#
#
no system-time ntp
system-time dst date Mar 12 02:00 2023 Nov 5 02:00 2023 60
#
sdm prefer omada
#
#
no protocol-vlan template 1
no protocol-vlan template 1
no protocol-vlan template 1
no protocol-vlan template 1
no protocol-vlan template 1
Press any key to continue (Q to quit)
#
no dot1x handshake
#
mac address-table filtering 02:42:c0:a8:00:03 vid 10
mac address-table filtering 02:42:c0:a8:00:04 vid 10
#
user name mclouse privilege admin secret 5 $1$L0L7J/L3O4H1N<L9B2H>J3F7E0K7L;B6$-!()
no service reset-disable
#
#
#
#
#
#
#
#
#
spanning-tree max-hops 40
#
snmp-server
#
#
lldp
Press any key to continue (Q to quit)#
ipv6 routing
#
#
power inline consumption 62.0
#
#
profile ip id 2094954352 ip 0.0.0.0/0
profile ip id 945847952 ip 192.168.0.1/24
profile ip id 1279487911 ip 192.168.10.1/24
profile ip id 1127741083 ip 10.0.0.1/27
profile ip id 1127741083 ip 10.0.1.1/27
profile ip id 532069052 ip 192.168.0.11/32
profile ip id 927296143 ip 192.168.0.10/24
profile ip id 801197063 ip 192.168.0.2/24
profile ip id 707568785 ip 10.0.0.2/32
profile ipv6 id 1 ipv6 ::/0
profile network id 119688440 vid 10 ip 192.168.0.1/24
profile network id 599762536 vid 20 ip 10.0.0.1/27
profile network id 1539141601 vid 30 ip 10.0.1.1/27
access-list sdn id 2088991934 position 1 srcType network source 119688440 dstType network dest 119688440 protocolEn disable protocol 6,17 bindType all etherEn disable operation permit comboId 1000
access-list sdn id 2000813358 position 2 srcType network source 119688440 dstType network dest 119688440 protocolEn disable protocol 6,17 bindType all etherEn disable operation permit comboId 1001
access-list sdn id 488577896 position 3 srcType network source 599762536 dstType ip dest 927296143 protocolEn disable protocol 6,17 bindType all etherEn disable operation permit comboId 1002
access-list sdn id 603085426 position 4 srcType ip source 927296143 dstType network dest 599762536 protocolEn disable protocol 6,17 bindType all etherEn disable operation permit comboId 1003
Press any key to continue (Q to quit)access-list sdn id 2046414219 position 5 srcType network source 599762536 dstType ip dest 532069052 protocolEn enable protocol 17 bindType all etherEn disable operation permit comboId 1004
access-list sdn id 533886956 position 6 srcType ip source 532069052 dstType network dest 599762536 protocolEn enable protocol 17 bindType all etherEn disable operation permit comboId 1005
access-list sdn id 99757164 position 7 srcType network source 599762536,1539141601 dstType ip dest 801197063 protocolEn disable protocol 6,17 bindType all etherEn disable operation permit comboId 1006
access-list sdn id 2011940978 position 8 srcType ip source 801197063 dstType network dest 599762536,1539141601 protocolEn disable protocol 6,17 bindType all etherEn disable operation permit comboId 1007
access-list sdn id 1867509527 position 9 srcType ip source 707568785 dstType network dest 119688440 protocolEn disable protocol 6,17 bindType all etherEn disable operation permit comboId 1008
access-list sdn id 254225599 position 10 srcType network source 119688440 dstType ip dest 707568785 protocolEn disable protocol 6,17 bindType all etherEn disable operation permit comboId 1009
access-list sdn id 838093092 position 11 srcType network source 599762536,1539141601 dstType network dest 119688440 protocolEn disable protocol 6,17 bindType all etherEn disable operation deny comboId 1010
access-list create 1000
access-list combined 1000 rule 1 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.0.1 dip-mask 255.255.255.0
access-list create 1001
access-list combined 1001 rule 1 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.0.1 dip-mask 255.255.255.0
access-list create 1002
access-list combined 1002 rule 1 permit logging disable sip 10.0.0.1 sip-mask 255.255.255.224 dip 192.168.0.10 dip-mask 255.255.255.0
access-list create 1003
access-list combined 1003 rule 1 permit logging disable sip 192.168.0.10 sip-mask 255.255.255.0 dip 10.0.0.1 dip-mask 255.255.255.224
access-list create 1004
access-list combined 1004 rule 1 permit logging disable sip 10.0.0.1 sip-mask 255.255.255.224 dip 192.168.0.11 dip-mask 255.255.255.255 protocol 17
access-list create 1005
access-list combined 1005 rule 1 permit logging disable sip 192.168.0.11 sip-mask 255.255.255.255 dip 10.0.0.1 dip-mask 255.255.255.224 protocol 17
access-list create 1006
access-list combined 1006 rule 1 permit logging disable sip 10.0.0.1 sip-mask 255.255.255.224 dip 192.168.0.2 dip-mask 255.255.255.0
access-list combined 1006 rule 2 permit logging disable sip 10.0.1.1 sip-mask 255.255.255.224 dip 192.168.0.2 dip-mask 255.255.255.0
access-list create 1007
Press any key to continue (Q to quit) access-list combined 1007 rule 1 permit logging disable sip 192.168.0.2 sip-mask 255.255.255.0 dip 10.0.0.1 dip-mask 255.255.255.224
access-list combined 1007 rule 2 permit logging disable sip 192.168.0.2 sip-mask 255.255.255.0 dip 10.0.1.1 dip-mask 255.255.255.224
access-list create 1008
access-list combined 1008 rule 1 permit logging disable sip 10.0.0.2 sip-mask 255.255.255.255 dip 192.168.0.1 dip-mask 255.255.255.0
access-list create 1009
access-list combined 1009 rule 1 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 10.0.0.2 dip-mask 255.255.255.255
access-list create 1010
access-list combined 1010 rule 1 deny logging disable sip 10.0.0.1 sip-mask 255.255.255.224 dip 192.168.0.1 dip-mask 255.255.255.0
access-list combined 1010 rule 2 deny logging disable sip 10.0.1.1 sip-mask 255.255.255.224 dip 192.168.0.1 dip-mask 255.255.255.0
#
access-list bind 1000 interface gigabitEthernet 1/0/1-8
access-list bind 1001 interface gigabitEthernet 1/0/1-8
access-list bind 1002 interface gigabitEthernet 1/0/1-8
access-list bind 1003 interface gigabitEthernet 1/0/1-8
access-list bind 1004 interface gigabitEthernet 1/0/1-8
access-list bind 1005 interface gigabitEthernet 1/0/1-8
access-list bind 1006 interface gigabitEthernet 1/0/1-8
access-list bind 1007 interface gigabitEthernet 1/0/1-8
access-list bind 1008 interface gigabitEthernet 1/0/1-8
access-list bind 1009 interface gigabitEthernet 1/0/1-8
access-list bind 1010 interface gigabitEthernet 1/0/1-8
#
#
#
Press any key to continue (Q to quit)#
no boot autoinstall auto-save
no boot autoinstall auto-reboot
#
auto-voip
#
#
#
no controller cloud-based
no controller cloud-based privacy-policy
interface vlan 1
ip address-alloc dhcp
no ipv6 enable
#
interface vlan 10
ip address 192.168.0.5 255.255.255.0 gateway 192.168.0.1
no ipv6 enable
#
interface gigabitEthernet 1/0/1
switchport general allowed vlan 10 untagged
switchport general allowed vlan 20,30 tagged
switchport pvid 10
no switchport general allowed vlan 1
dot1x port-control authorized-force
Press any key to continue (Q to quit)
lldp med-status
loopback-detection config process-mode port-based recovery-mode auto
loopback-detection
#
interface gigabitEthernet 1/0/2
switchport general allowed vlan 10 untagged
switchport general allowed vlan 20,30 tagged
switchport pvid 10
no switchport general allowed vlan 1
dot1x port-control authorized-force
lldp med-status
loopback-detection config process-mode port-based recovery-mode auto
loopback-detection
#
interface gigabitEthernet 1/0/3
switchport general allowed vlan 10 untagged
switchport general allowed vlan 20,30 tagged
switchport pvid 10
no switchport general allowed vlan 1
dot1x port-control authorized-force
lldp med-status
Press any key to continue (Q to quit) loopback-detection config process-mode port-based recovery-mode auto
loopback-detection
#
interface gigabitEthernet 1/0/4
switchport general allowed vlan 10,20 untagged
switchport pvid 10
no switchport general allowed vlan 1
lldp med-status
#
interface gigabitEthernet 1/0/5
switchport general allowed vlan 10 untagged
switchport general allowed vlan 20,30 tagged
switchport pvid 10
no switchport general allowed vlan 1
dot1x port-control authorized-force
lldp med-status
loopback-detection config process-mode port-based recovery-mode auto
loopback-detection
#
interface gigabitEthernet 1/0/6
switchport general allowed vlan 10 untagged
switchport general allowed vlan 20,30 tagged
Press any key to continue (Q to quit) switchport pvid 10
no switchport general allowed vlan 1
dot1x port-control authorized-force
lldp med-status
loopback-detection config process-mode port-based recovery-mode auto
loopback-detection
#
interface gigabitEthernet 1/0/7
switchport general allowed vlan 10 untagged
switchport general allowed vlan 20,30 tagged
switchport pvid 10
no switchport general allowed vlan 1
dot1x port-control authorized-force
lldp med-status
loopback-detection config process-mode port-based recovery-mode auto
loopback-detection
#
interface gigabitEthernet 1/0/8
switchport general allowed vlan 10 untagged
switchport general allowed vlan 20,30 tagged
switchport pvid 10
no switchport general allowed vlan 1
Press any key to continue (Q to quit) dot1x port-control authorized-force
lldp med-status
loopback-detection config process-mode port-based recovery-mode auto
loopback-detection
#
end
TL-SG2008P#
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 378
Replies: 4
Voters 0
No one has voted for it yet.