Vlan restrictions
Vlan restrictions
(OP)
Hi
I have recently installed an 5412ZL switch and for some reason no matter what your port's tagging is set to you can still ping across the vlan's to devices that your tagging is set to no. So a pc is untagged for the workstation VLAN and tagged for voice and Servers, all other vlans are set to no but they can ping devices in all other vlans. It's almost as if the port does not follow it's tagging. I have done this setup many times before and have not had this issue.
The switch is set as the gateway for their respective VLAN's and IP routing is enabled. Please see the inserted config:
module 1 type J9535A
module 2 type J9534A
module 3 type J9534A
module 4 type J9534A
module 5 type J9534A
module 6 type J9534A
module 7 type J9534A
module 8 type J9534A
module 9 type J9534A
trunk A1-A2 Trk1 LACP
trunk A3-A4 Trk2 LACP
trunk A5-A6 Trk3 LACP
trunk A7-A8 Trk4 LACP
trunk A9-A10 Trk5 LACP
ip routing
vlan 1
name "Servers"
untagged A11-A24,H11,Trk1-Trk5
ip address 192.168.0.1 255.255.255.0
tagged B1-B13,D1-D6,D8-D12,D21-D24,E1-E24,F1-F11,F13-F24,G1-G24,H1-H10,H12-H24,I1-I24
exit
vlan 20
name "Workstations"
untagged E1-E24,F1-F24,G1-G24,H1-H10,H12-H24,I1-I24
ip helper-address 192.168.0.27
ip address 192.168.100.1 255.255.255.0
tagged A11-A24,B1-B13,D1-D6,D8-D12,D21-D24,H11,Trk1-Trk5
exit
vlan 30
name "Voice"
untagged C20-C24
ip address 10.200.0.1 255.255.255.0
tagged A11-A24,B1-B12,D21-D24,E1-E24,F1-F11,F13-F24,G1-G24,H1-H24,I1-I24,Trk1-Trk5
voice
exit
vlan 40
name "CRCS"
untagged D1-D12
ip address 192.168.1.1 255.255.255.0
tagged I19-I24,Trk1-Trk5
exit
vlan 50
name "Bur"
untagged B1-B12,D21-D24
ip helper-address 192.168.0.27
ip address 192.168.66.1 255.255.255.0
tagged I19-I24,Trk1-Trk5
exit
vlan 70
name "AX"
untagged B13,C1
ip address 172.16.0.1 255.255.255.0
tagged I19-I24,Trk1-Trk5
exit
vlan 80
name "Guest"
ip address 10.0.0.1 255.255.255.0
tagged I19-I24,Trk1-Trk5
exit
vlan 90
name "Sec"
untagged B14-B24,C2-C19
ip helper-address 192.168.0.27
ip address 10.254.0.1 255.255.255.0
tagged A11-A24,I19-I24,Trk1-Trk5
exit
console inactivity-timer 30
ip route 0.0.0.0 0.0.0.0 192.168.0.254
snmp-server community "public"
no snmp-server enable
spanning-tree Trk1 priority 4
spanning-tree Trk2 priority 4
spanning-tree Trk3 priority 4
spanning-tree Trk4 priority 4
spanning-tree Trk5 priority 4
loop-protect B1-B24,C1-C24,D1-D24,E1-E24,F1-F24,G1-G24,H1-H24,I1-I24
loop-protect disable-timer 600
no autorun
no dhcp config-file-update
no dhcp image-file-update
password manager
password operator
I have recently installed an 5412ZL switch and for some reason no matter what your port's tagging is set to you can still ping across the vlan's to devices that your tagging is set to no. So a pc is untagged for the workstation VLAN and tagged for voice and Servers, all other vlans are set to no but they can ping devices in all other vlans. It's almost as if the port does not follow it's tagging. I have done this setup many times before and have not had this issue.
The switch is set as the gateway for their respective VLAN's and IP routing is enabled. Please see the inserted config:
module 1 type J9535A
module 2 type J9534A
module 3 type J9534A
module 4 type J9534A
module 5 type J9534A
module 6 type J9534A
module 7 type J9534A
module 8 type J9534A
module 9 type J9534A
trunk A1-A2 Trk1 LACP
trunk A3-A4 Trk2 LACP
trunk A5-A6 Trk3 LACP
trunk A7-A8 Trk4 LACP
trunk A9-A10 Trk5 LACP
ip routing
vlan 1
name "Servers"
untagged A11-A24,H11,Trk1-Trk5
ip address 192.168.0.1 255.255.255.0
tagged B1-B13,D1-D6,D8-D12,D21-D24,E1-E24,F1-F11,F13-F24,G1-G24,H1-H10,H12-H24,I1-I24
exit
vlan 20
name "Workstations"
untagged E1-E24,F1-F24,G1-G24,H1-H10,H12-H24,I1-I24
ip helper-address 192.168.0.27
ip address 192.168.100.1 255.255.255.0
tagged A11-A24,B1-B13,D1-D6,D8-D12,D21-D24,H11,Trk1-Trk5
exit
vlan 30
name "Voice"
untagged C20-C24
ip address 10.200.0.1 255.255.255.0
tagged A11-A24,B1-B12,D21-D24,E1-E24,F1-F11,F13-F24,G1-G24,H1-H24,I1-I24,Trk1-Trk5
voice
exit
vlan 40
name "CRCS"
untagged D1-D12
ip address 192.168.1.1 255.255.255.0
tagged I19-I24,Trk1-Trk5
exit
vlan 50
name "Bur"
untagged B1-B12,D21-D24
ip helper-address 192.168.0.27
ip address 192.168.66.1 255.255.255.0
tagged I19-I24,Trk1-Trk5
exit
vlan 70
name "AX"
untagged B13,C1
ip address 172.16.0.1 255.255.255.0
tagged I19-I24,Trk1-Trk5
exit
vlan 80
name "Guest"
ip address 10.0.0.1 255.255.255.0
tagged I19-I24,Trk1-Trk5
exit
vlan 90
name "Sec"
untagged B14-B24,C2-C19
ip helper-address 192.168.0.27
ip address 10.254.0.1 255.255.255.0
tagged A11-A24,I19-I24,Trk1-Trk5
exit
console inactivity-timer 30
ip route 0.0.0.0 0.0.0.0 192.168.0.254
snmp-server community "public"
no snmp-server enable
spanning-tree Trk1 priority 4
spanning-tree Trk2 priority 4
spanning-tree Trk3 priority 4
spanning-tree Trk4 priority 4
spanning-tree Trk5 priority 4
loop-protect B1-B24,C1-C24,D1-D24,E1-E24,F1-F24,G1-G24,H1-H24,I1-I24
loop-protect disable-timer 600
no autorun
no dhcp config-file-update
no dhcp image-file-update
password manager
password operator
Talk To Other Members
RE: Vlan restrictions
Is that the problem?
If IP routing is enabled would you expect this to behave any differently?
What is the purpose of having multiple tagged VLANs trunked out to PCs, anyway?