D-Link Enterprise > DGS-1210-Series
Unrelated port causing me losing management access after changing VLAN settings
titusc:
Need some help in understanding the behavior of VLAN on a DGS-1210-10 (8 UTP + 2 SFP) switch and I'm connected via Port 6 to the switch.
The physical setup is as follow.
Internet <> DGS-1210-52 <> Port 8 DGS-1210-10 Port 6 <> PC
I'm on the VLAN -> 802.1Q VLAN page.
1) Set Port 6 to Not Member of VLAN 1 and hit Apply. Web UI is still responsive.
2) Set all ports to Not Member of VLAN 1, except Ports 8 - 10, and hit Apply. Web UI is still responsive.
3) Set Port 8 to Not Member of VLAN 1, and hit Apply. Web UI is no long responsive.
The above doesn't make any sense to me because Port 8 on the DGS-1210-10 is only connected to the DGS-1210-52 but I'm on the other side connecting to Port 6 of the DGS-1210-10. So I did the following experiment and confirmed there is something special Port 8!
1) Reset switch. VLAN -> 802.1Q VLAN page, put all ports as Not Member of VLAN 1, and leave Port 1 as Untagged, and hit Apply. Web UI is no long responsive.
2) Reset switch. VLAN -> 802.1Q VLAN page, put all ports as Not Member of VLAN 1, and leave Port 2 as Untagged, and hit Apply. Web UI is no long responsive.
3) Reset switch. VLAN -> 802.1Q VLAN page, put all ports as Not Member of VLAN 1, and leave Port 3 as Untagged, and hit Apply. Web UI is no long responsive.
4) Reset switch. VLAN -> 802.1Q VLAN page, put all ports as Not Member of VLAN 1, and leave Port 4 as Untagged, and hit Apply. Web UI is no long responsive.
5) Reset switch. VLAN -> 802.1Q VLAN page, put all ports as Not Member of VLAN 1, and leave Port 5 as Untagged, and hit Apply. Web UI is no long responsive.
6) Reset switch. VLAN -> 802.1Q VLAN page, put all ports as Not Member of VLAN 1, and leave Port 6 as Untagged, and hit Apply. Web UI is no long responsive.
7) Reset switch. VLAN -> 802.1Q VLAN page, put all ports as Not Member of VLAN 1, and leave Port 7 as Untagged, and hit Apply. Web UI is no long responsive.
8) Reset switch. VLAN -> 802.1Q VLAN page, put all ports as Not Member of VLAN 1, and leave Port 8 as Untagged, and hit Apply. Web UI is still responsive.
9) Reset switch. VLAN -> 802.1Q VLAN page, put all ports as Not Member of VLAN 1, and leave Port 9 as Untagged, and hit Apply. Web UI is no long responsive.
10) Reset switch. VLAN -> 802.1Q VLAN page, put all ports as Not Member of VLAN 1, and leave Port 10 as Untagged, and hit Apply. Web UI is no long responsive.
Any ideas?
PacketTracer:
Hi,
as I said in your second post about changing the management VLAN, the same holds true here: I don't think it is a good idea to change the settings of the switch port your admin laptop is connected to. Keep this port to be an untagged member of VLAN 1 and to have set PVID=1 because otherwise you will lose the connection to the switch's management interface residing at VLAN 1 per default (which may not happen immediately but delayed to the point in time when the new settings become effective). Or to say it in a different way: Don't bite the hand that feeds you.
And if you want to change the management VLAN from 1 to a different one, say X, first create some other port (not the one, your admin laptop is connected to) to be an access port for VLAN X (that is untagged member of VLAN X and PVID set to X), which allows you to reach the management interface again after you changed the management VLAN to X.
PT
titusc:
Hi PT thanks for the reply. Okay I can't do that because all ports are fully occupied.
But I'm also seeing the following now. Can you let me know if this makes sense to you?
Internet <> Port 39 [DGS-1210-52] Port 40 <> Port 8 [DGS-1210-10] Port 6 <> PC 3
In addition there are some other PCs on Ports 1 - 2 on [DGS-1210-10] I wish to put on the same VLAN 200 as my PC.
So the logical thing to do is the following. Note I have set my PC to be on VLAN 200 with the following but recall as long as Port 8 has untag VLAN 1 then I'll still have management access.
Untag VLAN 200 + PVID 200
[DGS-1210-10] Port 1 <-- --> PC 1
[DGS-1210-10] Port 2 <-- --> PC 2
[DGS-1210-10] Port 6 <-- --> PC 3 (This is the PC I'm using)
[DGS-1210-52] Port 39 <-- --> Internet
Tag VLAN 200 + Untag VLAN 1 + PVID 1 (VLAN 1 is the native VLAN on this trunk link between the two switches)
[DGS-1210-10] Port 8 <-- --> [DGS-1210-52] Port 40
But the interesting thing is I am able to reach to the Internet with DGS-1210-52 in factory reset setting, which is all ports have Untag VLAN 1 and PVID 1.
This does not make sense to me for the following reasons:
1) The trunk link between the two switches require the [DGS-1210-52] Port 40 to set Tag VLAN 200 in order to be able to accept the VLAN 200 tagged packets sent out from [DGS-1210-10] Port 8.
2) The [DGS-1210-52] Port 39 needs to be in the same VLAN 200 as the PC in order to see the packet coming from the PC to the Internet.
Do you see anything I did wrong or this is just plain Dlink bug?
PacketTracer:
Hi again,
--- Quote ---So the logical thing to do is the following. Note I have set my PC to be on VLAN 200 with the following but recall as long as Port 8 has untag VLAN 1 then I'll still have management access.
Untag VLAN 200 + PVID 200
[DGS-1210-10] Port 1 <-- --> PC 1
[DGS-1210-10] Port 2 <-- --> PC 2
[DGS-1210-10] Port 6 <-- --> PC 3 (This is the PC I'm using)
[DGS-1210-52] Port 39 <-- --> Internet
Tag VLAN 200 + Untag VLAN 1 + PVID 1 (VLAN 1 is the native VLAN on this trunk link between the two switches)
[DGS-1210-10] Port 8 <-- --> [DGS-1210-52] Port 40
--- End quote ---
Looks okay.
--- Quote ---But the interesting thing is I am able to reach to the Internet with DGS-1210-52 in factory reset setting, which is all ports have Untag VLAN 1 and PVID 1.
This does not make sense to me for the following reasons:
1) The trunk link between the two switches require the [DGS-1210-52] Port 40 to set Tag VLAN 200 in order to be able to accept the VLAN 200 tagged packets sent out from [DGS-1210-10] Port 8.
2) The [DGS-1210-52] Port 39 needs to be in the same VLAN 200 as the PC in order to see the packet coming from the PC to the Internet.
--- End quote ---
... I assume (you didn't tell it), that the DGS-1210-10 is still in the state with VLAN 200 configured as described above?
If so, you are right - Looks like the Internet packets you generate at PC 3 travel along the VLAN 1 path through the DGS1210-10 switch instead of following the VLAN 200 path as they should do according to the configuration of ports 6 an 8 of that switch (if they did, they wouldn't reach port 40 of the DGS-1210-52 switch).
PT
titusc:
--- Quote --- I assume (you didn't tell it), that the DGS-1210-10 is still in the state with VLAN 200 configured as described above?
If so, you are right - Looks like the Internet packets you generate at PC 3 travel along the VLAN 1 path through the DGS1210-10 switch instead of following the VLAN 200 path as they should do according to the configuration of ports 6 an 8 of that switch (if they did, they wouldn't reach port 40 of the DGS-1210-52 switch).
--- End quote ---
Sorry you are asking if I have set Port 6 which is the port my PC is connected to as VLAN 200? If by setting the following effectively put Port 6 into VLAN 200 then yes.
VLAN 1 Not A Member
VLAN 200 Untag
PVID 200
So if it's a bug how can we fix this? I didn't imagine something like VLAN wouldn't be working. It's not expensive with these switches but if I dump them and get Catalyst 2k just to do VLAN it'd be a rather wasteful and expensive thing to do.
Navigation
[0] Message Index
[#] Next page
Go to full version