• March 28, 2024, 03:27:20 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: VLAN and associated questions  (Read 10018 times)

tropolite

  • Level 1 Member
  • *
  • Posts: 4
VLAN and associated questions
« on: June 06, 2014, 10:47:03 AM »

Hi

I'm still learning about VLANing and network architecture in general. Below is a scenario I've run into that I'm having trouble with and hope someone much more capable than I can lead me in the right direction.

I have established 3 VLANs on DGS-1210-10 pair of switches.
(default VID #1) untagged 1-10
LAN VID #20          tagged 1-5 and 9
WLAN VID #30       tagged 1-5 and 9
OPS VID #50          tagged 6-9
I have Single Mode fibre (port 9) linking these two switches together.
My trouble seems to be with the equipment I'm attempting to connect on VLAN#50. There are two ports being used for this equipment 192.168.50.132 and 135 (ports 6 and 7). However when I connect both to the switch the connection fails, and brings down the switch. (these two patch leads come from an unmanaged switch which is not a DLink device). If I just connect one patch lead all is fine. (I have not enabled asymmetric VLAN - not too sure what it is).

I've just finished watching a couple hours of VLAN Tuts on YouTube (they were specifically on Cisco gear), but they were specifically focussing on port VLANs and didn't talk about tagging, I'm presuming they are one in the same? Then they discussed trunking, but DLink's trunking seems completely different.

My question is am I using the tagging of ports correctly and assuming tagging is similar to Cisco's trunking methods (i.e. placing multiple VLAN tags on the one port), and if I have an error in my structure I'd appreciate pointing it out.

Appreciate any guidance
Cheers
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: VLAN and associated questions
« Reply #1 on: June 06, 2014, 11:07:04 AM »

I'd review the user manual as see if there is any information regarding this, if not, I recommend that you phone contact your regional D-Link support office and ask for help and information regarding this. We find that phone contact has better immediate results over using email.
Let us know how it goes please.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

PacketTracer

  • Level 4 Member
  • ****
  • Posts: 441
Re: VLAN and associated questions
« Reply #2 on: June 06, 2014, 05:36:26 PM »

Hi,

your configuration looks a bit strange to me. For example for a device you connect to one of the ports 1-5, you would have several choices:

  • If the device is unaware of VLANs it can only send and receive untagged frames which are assigned to VLAN 1 inside the switch.
  • If the device is VLAN aware you can configure its interface to use either VLAN 20 or 30 or no VLAN at all. Hence the device would send and receive frames tagged either 20 or 30 or untagged frames which are assigned to VLAN 1 inside the switch.
  • If the device is able to define several logical interfaces sharing the same physical interface you could configure up to three logical interfaces, where the first interface uses no VLAN (sending and receiving untagged frames being assigned to VLAN 1 inside the switch), the second interface uses VLAN 20 and the third interface uses VLAN 30. This way you could for example build a router that connects all VLANs although having only one physical interface.

But as I don't know what type of devices you want to connect, its hard to judge your configuration. If the devices you want to connect to ports 1-8 are not VLAN capable they would all find themselves in default VLAN 1 and your VLAN configuration would be quite useless.

Devices not being VLAN aware can only be separated into groups belonging to different VLANs, if for the port a device is connected to a single untagged VLAN is defined. For example you could subdivide ports 1-8 into three groups using VLANs 20, 30 and 50 (and not using VLAN 1) as follows:

LAN VID #20          untagged 1-3 and tagged 9
WLAN VID #30       untagged 4-6 and tagged 9
OPS VID #50          untagged 7-8 and tagged 9

Only port 9 uses tagged frames for all three VLANs because it is used to connect your two switches.

Cisco uses different terms for the same things which is quite confusing. For example, taking the last configuration, ports 1-8 would be called "access ports" in Cisco's world, where port 9 is called a "trunk port".

In contrast with D-Link a trunk is an aggregation of two or more physical ports which logically work like one physical port with a bandwidth that is the sum of the bandwiths of all ports the trunk consists of. In Cisco's world this is named a "port channel".

PT
« Last Edit: June 06, 2014, 05:40:50 PM by PacketTracer »
Logged

tropolite

  • Level 1 Member
  • *
  • Posts: 4
Re: VLAN and associated questions
« Reply #3 on: June 06, 2014, 10:35:07 PM »

Hi PT
Appreciate your input because as I say I'm attempting to learn VLAN design/utilization on the go as I'm not a networking tech at all, but as with most of us IT guys we need to have some knowledge of everything it seems.

LAN#20 and WLAN#30 are only using half of the switch as I need general LAN and WLAN traffic using these switches (for VLAN capable Security Cameras 10.0.20.xx and Access Points 10.0.30.xx).
Port #1 default untagged data traffic, P#2, 3 Security Cameras, P#4,5 Access Points. (I wasn't too sure which ports I would use for these devices so I didn't think it would hurt to assign these 5 ports to be capable of any of these devices.

OPS #50 is specifically for a SCADA link between geological locations. There are two ports that are used (Bus#1 and #2 using 192.168.50.xx that are coming from an unmanaged switch. I found that if I attempted to connect both these buses to port 6 and 7 for instance either the switch would hang or only one bus would work, and I would lose remote connection to reconfigure. I am assured the SCADA equipment is VLAN capable but I'm not so certain as this equipment is quite old.

Clearly I'm out of my depths, and now that you have confirmed Cisco uses different terminology PT that helps. I'm presuming tagging port#9 as I have is what I needed to use here for connecting the two switches together?

Your recommendation to subdivide the ports separately is the best way to go even if the devices are VLAN capable too?

The OPS VLAN#50 for the SCADA system is the area that I'm concerned with, why is adding both links (bus 1 and 2), knocking out the switch or connectivity and what would a solution to this be?

I will definitely try out your initial recommendation when I get back to work Tuesday. Once again thank you for your time and recommendations PT.
Cheers

Logged

PacketTracer

  • Level 4 Member
  • ****
  • Posts: 441
Re: VLAN and associated questions
« Reply #4 on: June 07, 2014, 05:43:41 AM »

Hi tropolite,

taking
 
Quote
LAN#20 and WLAN#30 are only using half of the switch as I need general LAN and WLAN traffic using these switches (for VLAN capable Security Cameras 10.0.20.xx and Access Points 10.0.30.xx).
Port #1 default untagged data traffic, P#2, 3 Security Cameras, P#4,5 Access Points. (I wasn't too sure which ports I would use for these devices so I didn't think it would hurt to assign these 5 ports to be capable of any of these devices.

and

Quote
Your recommendation to subdivide the ports separately is the best way to go even if the devices are VLAN capable too?

together, the answer is: As all devices you connect to ports 2-5 are VLAN capable you can leave your present configuration as is. Also be careful to keep at least one port available for untagged frames (assigned to VLAN 1 inside the switch), because I presume that the management interface of the switch is attached to VLAN 1. Hence you would lose management access, if VLAN 1 is removed from all switch ports. Maybe the switch has the capability to define additional management interfaces reachable via VLANs other than VLAN 1 (see the manual). I guess your intention is to use port 1 for management access?

Quote
OPS #50 is specifically for a SCADA link between geological locations. There are two ports that are used (Bus#1 and #2 using 192.168.50.xx that are coming from an unmanaged switch. I found that if I attempted to connect both these buses to port 6 and 7 for instance either the switch would hang or only one bus would work, and I would lose remote connection to reconfigure. I am assured the SCADA equipment is VLAN capable but I'm not so certain as this equipment is quite old.

and

Quote
The OPS VLAN#50 for the SCADA system is the area that I'm concerned with, why is adding both links (bus 1 and 2), knocking out the switch or connectivity and what would a solution to this be?

Unfortunately I have never heard of "SCADA" and have problems to understand this scenario. Do these two "buses" (whatever this means in the context of SCADA) come from a single unmanaged switch? So you are connecting two ports of an unmanaged switch to two ports of your managed DGS-1216T? As your unmanaged switch as such is VLAN unaware (if not manageable how will you configure VLANs to use with this unmanaged switch?) it can only send and receive untagged frames and it is VLAN 1 that these frames are assigned to inside DGS-1216T, due to your present configuration. In addition plugging both busses to the same switch causes a loop where the spanning tree protocol operating for VLAN 1 has to block one of both ports in order to break the loop. This is what you observed when saying "only one bus would work".

Maybe both buses of your SCADA system are meant to be combined as a trunk (in D-Links terms as defined in my last posting or a port channel in Cisco's terminology). So you would first have to configure ports 6 and 7 as a trunk (static or LACP, depending on the capabilities of your unmanaged SCADA switch). And if you want to use VLAN 50 for the SCADA network you would have to configure your ports as

(default VID #1)      untagged 1-5,8-10
OPS VID #50          untagged 6-7 and tagged 9

But okay, quite speculative, because I don't know anything about your SCADA system.

Another matter of concern might be PoE. If possible you might test to switch off PoE for ports 6-7.

Quote
I'm presuming tagging port#9 as I have is what I needed to use here for connecting the two switches together?

Correct. And you must configure the port of the other switch exactly the same as port 9 to make this interswitch link work.

PT



« Last Edit: June 07, 2014, 08:15:38 AM by PacketTracer »
Logged

tropolite

  • Level 1 Member
  • *
  • Posts: 4
Re: VLAN and associated questions
« Reply #5 on: June 07, 2014, 07:17:15 PM »

Hi PT

Extremely helpful mate! I really appreciate the time you took to assist, and assist you did.

I believe you've hit the nail on the head. Something that I completely overlooked. Looking deeper at my problem these IPs that come from the SCADA system to each bus is not true VLAN but that is how the SCADA system describes. The unmanaged switch states in the specs that VLANs flow through the switch. But basically the main system is using two IP addresses eg 192.168.50.130, 192,168,50,132 just in case one link or IP breaks. These IPs are manually added to the SCADA.

So a trunk (DLink definition), would suffice, or I could create two individual untagged VLAN ports for each of these IPs coming from the unmanaged switch, then they shouldn't interfere with each other.

I will definitely test each of these scenarios Tuesday on a couple other switches I have spare.  

Again PT I do appreciate the help you've provided.
Can I buy you a couple beers? Please send me your email address via private message and I would be more than happy to PayPal you some $$ toward a couple ales (or whatever you wish).
 
PS I've checked the PoE and disabled for these ports already just in case they were disrupting somehow.

FYI... SCADA is 'Supervisory Control and Data Acquisition', and it's commonly used in mining or industry to automate machinery in its basic sense. http://en.wikipedia.org/wiki/SCADA


« Last Edit: June 07, 2014, 07:21:42 PM by tropolite »
Logged

PacketTracer

  • Level 4 Member
  • ****
  • Posts: 441
Re: VLAN and associated questions
« Reply #6 on: June 08, 2014, 04:22:58 AM »

Hi tropolite,

glad to hear that I could bring you a bit closer to a solution of your problem.

Quote
... or I could create two individual untagged VLAN ports for each of these IPs coming from the unmanaged switch, then they shouldn't interfere with each other.

On the one hand this is true but on the other hand in this case the unmanaged SCADA switch would form a bridge bridging those two individual VLANs which results in a SCADA network 192.168.50.0/24 distributed over two VLANs outside the SCADA environment. Not sure if this is a good idea, but might work.

In general the nature of this unmanaged SCADA switch is a bit mysterious. Is it a general purpose switch offering free ports besides the two bus ports? Or is it a device specialized to the SCADA system where besides SCADA internally used ports there are only two external ports for the buses and where each of those ports is fixed to be bus 1 and bus 2 respectively? Only for the second case I can imagine a scenario where the SCADA main system using the two IP addresses may also define VLANs to be used with these addresses and then send and receive tagged frames that may pass through the unmanaged SCADA switch (as you said: "The unmanaged switch states in the specs that VLANs flow through the switch").

And the most redundant solution would then look like this: For the SCADA main system define two addresses using different IP networks (e.g. 192.168.50.130/24 and 192.168.60.130/24) and assign different VLANs (e.g. 50 and 60 respectively) to those addresses. The SCADA main system then would send/receive tagged frames namely tagged 50 when using 192.168.50.130 for bus 1 and tagged 60 when using 192.168.60.130 for bus 2. The specialized unmanaged SCADA switch assures that those tagged frames either pass through to bus port 1 (when tagged 50) or bus port 2 (when tagged 60). Those bus ports then should be connected to different switches configured for using tagged ports (tagged 50 and 60 respectively).

But ok, again speculative, depending on the (not well known) features of the SCADA system.

Quote
FYI... SCADA is 'Supervisory Control and Data Acquisition', and it's commonly used in mining or industry to automate machinery in its basic sense. http://en.wikipedia.org/wiki/SCADA

Yes, I already had looked at it.

Quote
Can I buy you a couple beers? Please send me your email address via private message and I would be more than happy to PayPal you some $$ toward a couple ales (or whatever you wish).

Thank you, but help is free.

PT
« Last Edit: June 08, 2014, 04:24:39 AM by PacketTracer »
Logged

tropolite

  • Level 1 Member
  • *
  • Posts: 4
Re: VLAN and associated questions
« Reply #7 on: June 09, 2014, 08:41:24 PM »

Hi PT

Actually I was trying to keep the problem as simple as possible PT. In fact the 192.168 ports are only half of the SCADA system link. On a separate DGS-1210's (being fed from another separate Moxa unmanaged switch), is another IP address (172.16) range. The two for 192.168 and two ports on separate switches for 172.16 is a double redundancy. Normally this SCADA system is isolated from the rest of the LAN.

My need is to get standard LAN up the line to areas that currently don't have LAN so I can run security cameras and WiFi and rather than use a separate fiber I thought it easier to use one of the 'channels' (192.168 pair), to piggyback on a link already in place.

The SCADA equipment is old, and that is why I think they only just loosely call it a VLAN (and it doesn't follow any tagging protocols as such). Which would explain why my first solutions weren't working when I tagged VLAN#50 and would only work using the ports as untagged. There isn't a ton of traffic on these links either so it isn't like the link would be put under undue stress.

So again, I appreciate your valuable help PT. I've learnt quite a bit from this thread and you. I am still more than willing to forward you a token of appreciation if you reconsider sending your address via PM.

Cheers
Logged