• August 04, 2020, 04:21:01 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: Unrelated port causing me losing management access after changing VLAN settings  (Read 2352 times)

titusc

  • Level 1 Member
  • *
  • Posts: 13

Need some help in understanding the behavior of VLAN on a DGS-1210-10 (8 UTP + 2 SFP) switch and I'm connected via Port 6 to the switch.
The physical setup is as follow.
Internet <> DGS-1210-52 <> Port 8 DGS-1210-10  Port 6 <> PC

I'm on the VLAN -> 802.1Q VLAN page.
1) Set Port 6 to Not Member of VLAN 1 and hit Apply.  Web UI is still responsive.
2) Set all ports to Not Member of VLAN 1, except Ports 8 - 10, and hit Apply.  Web UI is still responsive.
3) Set Port 8 to Not Member of VLAN 1, and hit Apply.  Web UI is no long responsive.

The above doesn't make any sense to me because Port 8 on the DGS-1210-10 is only connected to the DGS-1210-52 but I'm on the other side connecting to Port 6 of the DGS-1210-10.  So I did the following experiment and confirmed there is something special Port 8!


1) Reset switch.  VLAN -> 802.1Q VLAN page, put all ports as Not Member of VLAN 1, and leave Port 1 as Untagged, and hit Apply.  Web UI is no long responsive.
2) Reset switch.  VLAN -> 802.1Q VLAN page, put all ports as Not Member of VLAN 1, and leave Port 2 as Untagged, and hit Apply.  Web UI is no long responsive.
3) Reset switch.  VLAN -> 802.1Q VLAN page, put all ports as Not Member of VLAN 1, and leave Port 3 as Untagged, and hit Apply.  Web UI is no long responsive.
4) Reset switch.  VLAN -> 802.1Q VLAN page, put all ports as Not Member of VLAN 1, and leave Port 4 as Untagged, and hit Apply.  Web UI is no long responsive.
5) Reset switch.  VLAN -> 802.1Q VLAN page, put all ports as Not Member of VLAN 1, and leave Port 5 as Untagged, and hit Apply.  Web UI is no long responsive.
6) Reset switch.  VLAN -> 802.1Q VLAN page, put all ports as Not Member of VLAN 1, and leave Port 6 as Untagged, and hit Apply.  Web UI is no long responsive.
7) Reset switch.  VLAN -> 802.1Q VLAN page, put all ports as Not Member of VLAN 1, and leave Port 7 as Untagged, and hit Apply.  Web UI is no long responsive.
8) Reset switch.  VLAN -> 802.1Q VLAN page, put all ports as Not Member of VLAN 1, and leave Port 8 as Untagged, and hit Apply.  Web UI is still responsive.
9) Reset switch.  VLAN -> 802.1Q VLAN page, put all ports as Not Member of VLAN 1, and leave Port 9 as Untagged, and hit Apply.  Web UI is no long responsive.
10) Reset switch.  VLAN -> 802.1Q VLAN page, put all ports as Not Member of VLAN 1, and leave Port 10 as Untagged, and hit Apply.  Web UI is no long responsive.

Any ideas?
Logged

PacketTracer

  • Level 4 Member
  • ****
  • Posts: 435

Hi,

as I said in your second post about changing the management VLAN, the same holds true here: I don't think it is a good idea to change the settings of the switch port your admin laptop is connected to. Keep this port to be an untagged member of VLAN 1 and to have set PVID=1 because otherwise you will lose the connection to the switch's management interface residing at VLAN 1 per default (which may not happen immediately but delayed to the point in time when the new settings become effective). Or to say it in a different way: Don't bite the hand that feeds you.

And if you want to change the management VLAN from 1 to a different one, say X, first create some other port (not the one, your admin laptop is connected to) to be an access port for VLAN X (that is untagged member of VLAN X and PVID set to X), which allows you to reach the management interface again after you changed the management VLAN to X.

PT
« Last Edit: December 03, 2017, 08:41:32 AM by PacketTracer »
Logged

titusc

  • Level 1 Member
  • *
  • Posts: 13

Hi PT thanks for the reply.  Okay I can't do that because all ports are fully occupied.
But I'm also seeing the following now.  Can you let me know if this makes sense to you?

Internet <> Port 39 [DGS-1210-52] Port 40 <> Port 8 [DGS-1210-10] Port 6 <> PC 3
In addition there are some other PCs on Ports 1 - 2 on [DGS-1210-10] I wish to put on the same VLAN 200 as my PC.

So the logical thing to do is the following.  Note I have set my PC to be on VLAN 200 with the following but recall as long as Port 8 has untag VLAN 1 then I'll still have management access.

Untag VLAN 200 + PVID 200
[DGS-1210-10] Port 1 <-- --> PC 1
[DGS-1210-10] Port 2 <-- --> PC 2
[DGS-1210-10] Port 6 <-- --> PC 3 (This is the PC I'm using)
[DGS-1210-52] Port 39 <-- --> Internet

Tag VLAN 200 + Untag VLAN 1 + PVID 1 (VLAN 1 is the native VLAN on this trunk link between the two switches)
[DGS-1210-10] Port 8 <-- --> [DGS-1210-52] Port 40

But the interesting thing is I am able to reach to the Internet with DGS-1210-52 in factory reset setting, which is all ports have Untag VLAN 1 and PVID 1.
This does not make sense to me for the following reasons:
1) The trunk link between the two switches require the [DGS-1210-52] Port 40 to set Tag VLAN 200 in order to be able to accept the VLAN 200 tagged packets sent out from [DGS-1210-10] Port 8.
2) The [DGS-1210-52] Port 39 needs to be in the same VLAN 200 as the PC in order to see the packet coming from the PC to the Internet.

Do you see anything I did wrong or this is just plain Dlink bug?
Logged

PacketTracer

  • Level 4 Member
  • ****
  • Posts: 435

Hi again,

Quote
So the logical thing to do is the following.  Note I have set my PC to be on VLAN 200 with the following but recall as long as Port 8 has untag VLAN 1 then I'll still have management access.

Untag VLAN 200 + PVID 200
[DGS-1210-10] Port 1 <-- --> PC 1
[DGS-1210-10] Port 2 <-- --> PC 2
[DGS-1210-10] Port 6 <-- --> PC 3 (This is the PC I'm using)
[DGS-1210-52] Port 39 <-- --> Internet

Tag VLAN 200 + Untag VLAN 1 + PVID 1 (VLAN 1 is the native VLAN on this trunk link between the two switches)
[DGS-1210-10] Port 8 <-- --> [DGS-1210-52] Port 40

Looks okay.

Quote
But the interesting thing is I am able to reach to the Internet with DGS-1210-52 in factory reset setting, which is all ports have Untag VLAN 1 and PVID 1.
This does not make sense to me for the following reasons:
1) The trunk link between the two switches require the [DGS-1210-52] Port 40 to set Tag VLAN 200 in order to be able to accept the VLAN 200 tagged packets sent out from [DGS-1210-10] Port 8.
2) The [DGS-1210-52] Port 39 needs to be in the same VLAN 200 as the PC in order to see the packet coming from the PC to the Internet.

... I assume (you didn't tell it), that the DGS-1210-10 is still in the state with VLAN 200 configured as described above?

If so, you are right - Looks like the Internet packets you generate at PC 3 travel along the VLAN 1 path through the DGS1210-10 switch instead of following the VLAN 200 path as they should do according to the configuration of ports 6 an 8 of that switch (if they did, they wouldn't reach port 40 of the DGS-1210-52 switch).

PT
Logged

titusc

  • Level 1 Member
  • *
  • Posts: 13

Quote
I assume (you didn't tell it), that the DGS-1210-10 is still in the state with VLAN 200 configured as described above?

If so, you are right - Looks like the Internet packets you generate at PC 3 travel along the VLAN 1 path through the DGS1210-10 switch instead of following the VLAN 200 path as they should do according to the configuration of ports 6 an 8 of that switch (if they did, they wouldn't reach port 40 of the DGS-1210-52 switch).
Sorry you are asking if I have set Port 6 which is the port my PC is connected to as VLAN 200?  If by setting the following effectively put Port 6 into VLAN 200 then yes.
VLAN 1 Not A Member
VLAN 200 Untag
PVID 200

So if it's a bug how can we fix this?  I didn't imagine something like VLAN wouldn't be working.  It's not expensive with these switches but if I dump them and get Catalyst 2k just to do VLAN it'd be a rather wasteful and expensive thing to do.
Logged

titusc

  • Level 1 Member
  • *
  • Posts: 13

Okay I found the problem and now everything is working in order.  Basically I have the following setup and last thing I would have imagined is my PC jumping between connecting to both Wireless Router and the Wifi AP behind the scene without me knowing.  Anytime when I set Ports 6 and 8 to be Not A Member of VLAN 1 I lose access to the DGS-1210-10.
Internet <> Wireless Router <> DGS-1210-52 <> Port 8 DGS-1210-10  Port 6 <> Wifi AP <> PC

The following will fit the criteria of having Ports 6 and 8 so it makes sense for me to lose access to the Web UI.
  • Reset switch.  VLAN -> 802.1Q VLAN page, put all ports as Not Member of VLAN 1, and leave Port 1 as Untagged, and hit Apply.  Web UI is no long responsive.
  • Reset switch.  VLAN -> 802.1Q VLAN page, put all ports as Not Member of VLAN 1, and leave Port 2 as Untagged, and hit Apply.  Web UI is no long responsive.
  • Reset switch.  VLAN -> 802.1Q VLAN page, put all ports as Not Member of VLAN 1, and leave Port 3 as Untagged, and hit Apply.  Web UI is no long responsive.
  • Reset switch.  VLAN -> 802.1Q VLAN page, put all ports as Not Member of VLAN 1, and leave Port 4 as Untagged, and hit Apply.  Web UI is no long responsive.
  • Reset switch.  VLAN -> 802.1Q VLAN page, put all ports as Not Member of VLAN 1, and leave Port 5 as Untagged, and hit Apply.  Web UI is no long responsive.
  • Reset switch.  VLAN -> 802.1Q VLAN page, put all ports as Not Member of VLAN 1, and leave Port 7 as Untagged, and hit Apply.  Web UI is no long responsive.
  • Reset switch.  VLAN -> 802.1Q VLAN page, put all ports as Not Member of VLAN 1, and leave Port 9 as Untagged, and hit Apply.  Web UI is no long responsive.
  • Reset switch.  VLAN -> 802.1Q VLAN page, put all ports as Not Member of VLAN 1, and leave Port 10 as Untagged, and hit Apply.  Web UI is no long responsive.

What happened with the following was I lost management connectivity to the Web UI via Port 6 because Port 6 is no longer in VLAN 1 but due to unknown reasons whenever the Wifi AP lose connection to the Wireless Router which is the GW, they shut down the SSID so the PC reconnected to the SSID broadcast by the Wireless Router.  At this point the connection is PC <> Wireless Router <> DGS-1210-52 <> Port 8 of DGS-1210-10.
Reset switch.  VLAN -> 802.1Q VLAN page, put all ports as Not Member of VLAN 1, and leave Port 8 as Untagged, and hit Apply.  Web UI is still responsive.

With this I should have been able to connect via PC <> Wifi AP <> Port 6 of DGS-1210-10.  But there is a quirk with the Wifi AP.  There is more than one and AP and they are connected to multiple ports on the DGS-1210-10 (Port 6 is just the connection for one of the APs).  Whenever not all the APs have connection to the Wireless Router which is the GW, they again shut down and forces me to connect to the Wireless Router.  But because the Port 8 on the DGS-1210-10 facing the Wireless Router is not in VLAN 1 with the following action, I don't have access to the Web UI.
Reset switch.  VLAN -> 802.1Q VLAN page, put all ports as Not Member of VLAN 1, and leave Port 6 as Untagged, and hit Apply.  Web UI is no long responsive.

It is all working now.
Logged

PacketTracer

  • Level 4 Member
  • ****
  • Posts: 435

Reminds me of that. Enjoy.
And this one is always great again.
« Last Edit: December 04, 2017, 02:48:24 PM by PacketTracer »
Logged